Unlock iPhone 3GS running iOS 6.1 and Downgrade Baseband 6.15.00

OK, the 3GS is a bit dated, but I recently inherited this device from my brother, who I [unsuccessfully] tried to convert to Android with a shiny new Nexus 4. He had been complaining that his 3GS was very slow and wanted the ability to tether to his laptop. He’s on my business plan with T-Mobile, and had been suffering with EDGE-only speeds thus far.

I told him that the best phone available for T-Mobile right now was the Nexus 4, and I went to some great lengths to get him (and myself!) one on launch day. When I got them I promptly rooted them, flashed a custom ROM, and sent it off to him.

After about a month using the Nexus, he aborted and hit the Apple store and bought an unlocked iPhone 5. He’s happy again, and since the iPhone 5 supports DC-HSPA (aka HSPA+ 42), he’s getting the best speeds currently possible on the T-Mobile network.

Anyway, he’s now sent me back the Nexus 4 and his old 3GS to sell off for him. Unfortunately, he unthinkingly tapped the update button on his 3GS and updated to iOS 6.1 and baseband 06.15.00, re-locking his iPhone in the process (he was previously unlocked with the now closed SAM method).

If anyone has ever tinkered with iPhone unlocking and jailbreaking, you know how much of a pain this sort of thing is to deal with. There’s a lot of crap information out there and it’s hard to sort through it all. Well, I’m happy to say that I’ve done the hard work for you and was able to get his 3GS unlocked and activated again. Here’s how:

Initial configuration:

  • iPhone 3GS (old bootrom)
  • iOS 6.1
  • locked to ATT
  • unactivated
  • firmware 06.15.00

Final configuration:

  • iOS 6.1
  • Unlocked to any GSM carrier
  • Activated
  • firmware 5.16.04 (5.13.04)

Step 1: Buy the IMEI Unlock service for $2

First, go to eBay and buy the IMEI unlock for the iPhone. It costs about $2 as of the time of this post. The seller is unlock_fusion. I would link to the actual auction, but it will undoubtedly expire at some point and then the link will be broken anyway. Just use the link above to go to his Store and find it.

Once you buy the service, you will get an email with a link to input your phones IMEI number. Once submitted, it takes anywhere from 2 -12 hours to get the confirmation that your phone has been unlocked.

Step 2: Download the tools and firmware

Download the latest version of Redsn0w:

http://www.iphonehacks.com/download-redsn0w

Download iOS 6.0 firmware for the 3GS:

http://appldnld.apple.com/iOS6/Restore/041-7173.20120919.sDDMh/iPhone2,1_6.0_10A403_Restore.ipsw

Step 3: Downgrade the baseband from 6.15.00 to 5.13.04:

Watch this YouTube video to see how it’s done:

Note: The trick is to use the 6.0 firmware and not the 5.1.1 firmware that most of the tutorials mention (including this video). Using the 5.1.1 firmware will result in an error every time.

Step 4: Unlock and Activate that bastard

Now that your baseband has been downgraded to 5.13.04, the IMEI Unlock will now work (it’s not compatible with the 06.15.00 baseband).

The instructions provided by unlock_fusion had worked fine for my wife’s iPhone 4 several months ago, but I just wasn’t getting the confirmation message in iTunes that the iPhone had been unlocked with the 3GS for some reason. I tried it multiple times and never got it, nor was my T-Mobile SIM recognized.

But on unlock_fusion’s retail website, there are a few other methods to get the unlock confirmation. I’m not sure why they don’t include them all in their eBay instructions, but here’s the method that worked for me. You have to do a FULL restore, meaning restore from iTunes and install the latest iOS, not a restore of your iPhone backup.

This means it will wipe your whole phone. Everything. And when you’re done you will have to reinstall everything again. No big deal to me, since I’m starting from scratch to begin with.

The Restore Method

  1. Eject the SIM tray so it’s not readable by the iPhone
  2. Make sure your iTunes is updated to the latest version
  3. Plug your iPhone into your computer and wait until your iPhone is fully recognized in iTunes.
  4. Click the “Restore” button (not "Restore from backup") and accept the Terms agreement.
  5. Once the restore process has started, insert your non-ATT SIM card into the iPhone.
  6. Wait for the restore process to complete and iPhone to reboot.
  7. Once your iPhone has rebooted, iTunes will Activate your iPhone with your unlock ticket using your non-ATT SIM Card.
  8. You should see a message displayed in iTunes, “Congratulations, your iPhone has been unlocked!” 
  9. Your iPhone is now factory unlocked permanently and you can update freely in the future for newer iOS updates.

Yay! Got the confirmation in iTunes finally! And my T-Mobile SIM works perfectly.

You’ll notice that the baseband was updated to the latest 05.16.04 for the 3GS. Who cares, it’s unlocked now!

Leave a comment

Your email address will not be published. Required fields are marked *