Finally i have unlocked the iPhone 4s which Tinyan got it from her uncle about half a year ago. Thanks Steve for letting me know this solution. It unlocks a jailbroken iPhone 4 or iPhone 4s using SAM(Subscriber Artificial Module) which is written by Sam Bingner and it is confirmed by the MuscleNerd of iPhone Dev Team.
You can find the unlock procedures in the following 2 posts.
- iPhoneBlogr – Unlock any jailbroken iPhone with the Loktar_Sun SAM unlock method
- Singularity – How to: Unlock your iPhone with SAM
I tried a few times by following the above steps but no luck. Whenever i connect the iPhone 4s to iTunes in the final step, iTunes always returned that the phone cannot be activated.
Finally, i follow the screencast made by Jeff Benjamin from iDownloadBlog and suddenly the signal bar appears.
Here is the summary on the screencast procedures.
1. Jailbreak the iPhone 4s and you should have the SIM card of the locked carrier inserted.
2. Open Cydia and go to Manage -> Sources -> Edit -> Add and enter the repository url below.
3. Return to Cydia and select the newly added Bingner repository. Select SAM(version: 0.1.14-1 in my case) and the press Install then Confirm.
4. After the installation, reload the springboard and you should be able to find the SAMPrefs icon.
5. Open SAMPrefs which should have the following settings.
- SAMState -> Loaded OK
- Hactivate -> OFF
- Enabled -> OFF
- Method -> Auto Detect
6. Go to Utilities and press De-Activate iPhone (clear push).
7. After it is De-activated, return to SAMPrefs and go to More Information, the ActivationState should be Unactivated.
8. Copy the IMSI number under SIM Details.
9. Eject the SIM card tray and replace the locked carrier SIM card with the one you intended to use.
10. Return to SAMPrefs and go to Method. Select By Country and Carrier then go back to SAMPrefs.
11. Select the country, carrier of your locked carrier.
12. Go back to More Information and press Spoof Real SIM to SAM.
13. After the spoof, paste the copied IMSI number over the IMSI field under SAM Details.
14. Return to SAMPrefs, go to Utilities and press Attempt Activation, you will see a loading black screen and then return to the iPhone 4s homepage.
15. Open SAMPrefs and disable SAM by toggling the Enabled option.
16. Connect the iPhone 4s to iTunes and you will see the iTunes message “The iPhone XXX failed to activate. Please try again later.”. That is normal, unplug and plug again the cable a few times until you see your new carrier name and signal bar appears on your iPhone.
And as suggested by MuscleNerd, it’s better to save the unlocked ticket which maybe useful in the future if Apple fixes this loophole.
To save the ticket, install the OpenSSH by Cydia. You can following the instruction in Cydia. After you can SSH to the iPhone, copy the /var/root/Library/Lockdown folder and put it and a safe place. Remember to change the root password of your iPhone.