Bootloader 4.6 hacked - SW Unlock 1.1.2OTB

Corvillus

EDIT: I apologize...this is a dupe of the thread here

Its Done. 1.1.2 Is Unlocked.

George Hotz aka geohot, the kid who released the first ever unlock for the iPhone back in August, has just today released a software unlock tool for BL 4.6 iPhones. So for all those people that have a SIM proxied or locked iPhone, now is the time to unlock.

I also read from various places that the 1.1.3OTB phones are also unlockable with this method, but I haven't tried it, so do at your own risk.

On the iPhone: 11246unlock, good enough for the prize

EDIT: I can verify that this works for 1.1.2, since I just unlocked my mom's 1.1.2OS/4.6BL iPhone using it...probably the fastest of the unlocking tools I used, took about 3 minutes to run compared to the 10 minutes anySIM seems to take. The following are the steps I took.

Downgraded to and jailbroke 1.1.1
Installed BSD Subsystem, OpenSSH, and OktoPrep, and vt-100 terminal
sftp'd gunlock and secpack from geohot's package, and also a copy of the ICE04.02.13_G.fls to /usr/bin
sshed into the phone (terminal will work here too, and you may need it to fix wifi)

# cd /usr/bin
# chmod 755 gunlock
# chmod 755 secpack
# launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
# gunlock secpack ICE04.02.13_G.fls

Waited a few minutes while the screen froze, then got this

geohot's 112 otb unlocker...
Waiting for data...
Attempt...
Attempt...
Got Header: 77 0b cc
Bootloader version: 4.6_M3S2
Increasing baud rate...
02 00 82 00 04 00 00 10 0E 00 A4 00 03 00
CFI Stage 1
CFI Stage 2
Sending secpack... 02 00 04 02 06 00 01 00 00 00 00 00 0B 02 03 00
Erasing: 0xA0020000-0xA03BFFFE 02 00 05 08 02 00 00 00 07 08 03 00
Waiting for erase to finish...
02 00 06 08 06 00 01 00 00 31 A0 00 DE 08 03 00
Address to 0xA0000000 02 00 02 08 06 00 01 00 01 31 A0 00 DB 08 03 00
Wrote: 0x800 0x0
Wrote: 0x800 0x10000
Wrote: 0x800 0x20000
Wrote: 0x800 0x30000
Wrote: 0x800 0x40000
Wrote: 0x800 0x50000
Wrote: 0x800 0x60000
Wrote: 0x800 0x70000
Wrote: 0x800 0x80000
Wrote: 0x800 0x90000
Wrote: 0x800 0xa0000
Wrote: 0x800 0xb0000
Wrote: 0x800 0xc0000
Wrote: 0x800 0xd0000
Wrote: 0x800 0xe0000
Wrote: 0x800 0xf0000
Wrote: 0x800 0x100000
Wrote: 0x800 0x110000
Wrote: 0x800 0x120000
Wrote: 0x800 0x130000
Wrote: 0x800 0x140000
Wrote: 0x800 0x150000
Wrote: 0x800 0x160000
Wrote: 0x800 0x170000
Wrote: 0x800 0x180000
Wrote: 0x800 0x190000
Wrote: 0x800 0x1a0000
Wrote: 0x800 0x1b0000
Wrote: 0x800 0x1c0000
Wrote: 0x800 0x1d0000
Wrote: 0x800 0x1e0000
Wrote: 0x800 0x1f0000
Wrote: 0x800 0x200000
Wrote: 0x800 0x210000
Wrote: 0x800 0x220000
Wrote: 0x800 0x230000
Patching...
Wrote: 0x800 0x240000
Wrote: 0x800 0x250000
Wrote: 0x800 0x260000
Wrote: 0x800 0x270000
Wrote: 0x800 0x280000
Wrote: 0x800 0x290000
Wrote: 0x800 0x2a0000
Wrote: 0x800 0x2b0000
Wrote: 0x800 0x2c0000
Wrote: 0x800 0x2d0000
Wrote: 0x800 0x2e0000
Wrote: 0x800 0x2f0000
Wrote: 0x800 0x300000
Wrote: 0x400 0x302000
Wrote: 0x0 0x302400
Sending secpack... 02 00 04 02 06 00 01 00 00 00 00 08 13 02 03 00
End Secpack 02 00 05 02 02 00 00 00 07 02 03 00
Erasing: 0xA03D0000-0xA03F0000 02 00 05 08 02 00 00 00 07 08 03 00
Waiting for erase to finish...
02 00 06 08 06 00 01 00 00 3F A0 00 EC 08 03 00
Enjoy your unlocked iPhone...

Then I updated to 1.1.2 and used TouchFree jailbreak. Boom. "Rogers Wireless" scrolling in the top left corner

geoffnhb

I did make a thread on this already, but this is more detailed.
I can also confirm that it works.
But you dont have to downgrade. You can do it on a jailbroken 1.1.2 OTB by the same method.
Just download BSD, Vt-100 Terminal, and soo on. And then type into terminal what the OP put.

__________________
miMac:
2.2 GHz Macbook Pro
30GB iPod Video
16GB iPhone3G