Archive for March, 2011

Dear Customers,

Today we have released our web based SL3 unlock for all new HASH BB5 phones. We have set up a dedicated server park for these models. The current wait time is approximately 5 minutes for these unlocks.

Lets see how it works:

You can use Advance Box, Cyclone Box, MX-Key (Dejan’s format going to be added tonight) to read SL3 log of your phone and then login at Under ‘SL3 queue’ menu you can browse your SL3 log file and upload to the server with a single click. Our servers will do the rest.

More info about the Update , Please Check this Out,
SL3 new HASH unlock

Best Regards,
UniversalBox Team.

Hi to all,
This is the latest Update for PolarBox2 customers :

PolarSuite Update – Version v2.5.8

HTC PHONES ( Android and Windows platform )

* DoCoMo Pro HT-01A
* Dopod 310
* Dopod A3288
* Dopod C500
* Dopod C720
* Dopod C720W
* Dopod C730
* Dopod C750
* Dopod C800
* Dopod C858
* Dopod D600
* Dopod D600 Action
* Dopod Magic A6188
* Dopod P660
* Dopod P800
* Dopod P800W
* Dopod S1
* Dopod S900
* Dopod Touch Viva
* Emobile Emonster S11HT
* HTC ADR6200
* HTC ADR6275
* HTC Arte100
* HTC Arte110
* HTC Bravo
* HTC Citrine
* HTC Click
* HTC Desire
* HTC Desire US A8183
* HTC Diam100
* HTC Diam400
* HTC Elf100
* HTC Elfin
* HTC Excalibur
* HTC Fuze
* HTC Hernan
* HTC Kaiser
* HTC Kaiser 100
* HTC Imagio
* HTC Juno
* HTC Niki
* HTC Nova
* HTC Oxygen
* HTC P3300
* HTC P3301
* HTC P3400
* HTC P3400i
* HTC P3401
* HTC P3450
* HTC P3470
* HTC P3700
* HTC P3701
* HTC P3702
* HTC P4350
* HTC P4351
* HTC P4550
* HTC P4600
* HTC P5500
* HTC Phoe100
* HTC Pure
* HTC Rhodium
* HTC S310
* HTC S320
* HTC S620
* HTC S621
* HTC S710
* HTC S711
* HTC S730
* HTC Saga
* HTC T222X
* HTC T535X
* HTC T727X
* HTC T737X
* HTC Tattoo
* HTC Tilt2
* HTC Touch
* HTC Touch Diamond
* HTC Touch Diamond2
* HTC Touch Plus
* HTC Touch Pro
* HTC Touch Pro2
* HTC Touch Viva
* HTC Triumph
* HTC Victor
* HTC WhiteStone
* HTC XV6975
* HTC XV6175
* O2 Xda Atmos
* O2 Xda Cosmo
* O2 Xda Ignito
* O2 Xda Terra
* Orange & HTC Touch Diamond
* Orange SPV C100
* Orange SPV E650
* Qtek G200
* Rogers & HTC S621
* SFR S710
* SoftBank X03HT
* SoftBank X05HT
* SoftBank X06HT Desire
* SoftBank X06HT II Desire
* SPV E600
* SPV M650
* Swisscom & HTC Touch Diamond
* Swisscom XPA v1415
* T-Mobile Dash
* T-Mobile MDA Basic
* T-Mobile MDA Compact III
* T-Mobile MDA Compact IV
* T-Mobile MDA Compact V
* T-Mobile MDA Mail
* T-Mobile MDA Touch
* T-Mobile MDA Vario III
* T-Mobile MDA Vario IV
* T-Mobile MDA Vario V
* T-Mobile Shadow
* T-Mobile Wing
* T-Mobile Wing II
* Ted Baker Needle
* Verizon Ozone
* Verizon XV6850
* Verizon XV6875
* Verizon XV6950
* Virgin Lobster 700TV
* Vodafone v1415
* Vodafone v1615
* Vodafone v7505
* Vodafone VDA V
* Vodafone VPA Compact V
* VPA Compact IV
* VPA Touch
* Xda Diamond Pro
* Xda Diamond2
* Xda Orbit
* Xda Serra

– Unlock (via ReadCodes)
– Process totally safe
– More updates will come in the next days …

Other info :

– New communication process for all supported HTCs
– Goldcard calculator under progress, soon will be added
– This first release for testing purposes, please report problems in forum (as usual)

Modems USB ( Qualcomm platform )

* Huawei E1750
* ZTE MF190

– Direct Unlock (huawei via read codes)
– More models compatible will be added in the next updates


– Improved connection in Alcatel OT-606 (now shows complete data of phone)
– Fixed booting with some versions of Alcatel OT-710 and OT-710D
– Fixed problem in booting some Samsung E1360/E2210B (and similar platform)
– Fixed MSL calculation in direct unlock in Samsung S3110/S3310 models
– Fixed problem with Motorola WX295 flashing procedure
– Added window in Alcatel TI phones for MEP Repair (old and new method)

Thanks in advance for your attention.
With best regards,

[ Polar Team ]
[ Http:// ]
[ Http:// ]
[ Http:// ]
[ Http:// ]
[ Http:// ]




Gevey has released a SIM Interposer which can unlock the iPhone up to iOS 4.3 by force activating the baseband using the emergency dialer.

A blog post by Laforet explains that the SIM Interposer works by adding a EEPROM chip to your SIM card just like a TurboSIM. You then call 112, a number that can be called from any GSM phone, free of charge, with or without a SIM card on any compliant network. Once the call connects you hang up then toggle Airport mode on and off. When the network connection resumes you will be unlocked.

What does it mean to unlockers?
1. It works if A.your network handles 112 calls properly according to the GSM standard; B.they are tolerant to TSMI spoofing and does not actively validate your SIM again for incoming calls.

2. Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact precedure must be performed should the device restart, lose reception for an extended period of time or move to another PLMN. In all these situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes thing more convoluted.

3. It is, without question, unethical or downright illegal to use the technique anywhere 112 is a legitmate emergency number. Not a huge issue in China where the number is only used for informative purposes and the networks cannot be bothered to fix the issue.

4. All firmware/baseband combinations for the i4 up to iOS4.3 are vulnerable, however the exploit may be patched in any future software updates or via the carrier. If apple can influence providers to block Cydia it is not impossible for them to press them to fix the exploit. The only way to permanently unlock your baseband is NCK.

5. SIM interposer should not harm your phone hardware, however your network could request IMEI and identify your device during the emergency call. Your identity cannot be faked and it is possible that they will ban your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching contract.

6. Notwithstanding all the problems, SIM interposer does not cause any battery drain since it is only active transiently, nor would it cause signal loss because it does not change cellular transmission other than the initial validation step.

Laforet concludes by saying that the $50 mod can be unreliable and is legally questionable. If you are desperate for an unlock it may be worth a try. Otherwise Laforet suggests you wait for the 40-bit NCK hack by the iPhone Dev-Team.

Read More [via Singularity] [via MuscleNerd]

Sorry for the update. This is the last time you guys will need to update for this case. In the code, currently, I use an enum to determine the hardware and the associated ‘current’ iOS firmware for each hardware. Yes this is inefficient. I don’t need a reminder. Tonight is not the night to fix that as it is all bundled together in a much larger refactoring that I’m smack in the middle of. This update should help those of you having problems ‘saving’ 4.3 while Cydia is unchecked.


Orig Link

Added T959V Galaxy-S-4G Super Fast Read Codes, Direct Unlock/Unfreeze

Fixed minor bugs on different models.

For more info, check NsPro forum section: NsPro v6.0.6 released:

Note: There is NO unlock for iOS 4.3 yet. If your iPhone relies on a unlock, DO NOT update to stock iOS 4.3 yet. Creating Custom iOS 4.3 Firmware On Windows
Step 1: First up, download all the required tools and files to your Windows desktop:

* Download and install iTunes 10.2.1 for Windows.
* Download Sn0wbreeze 2.3 for Windows.
* Download iOS 4.3 (Final) for iPhone, iPad or iPod touch.

Step 2: Start Sn0wbreeze, click the next “blue” colored arrow to proceed.

Step 3: Select the required firmware .ipsw file for your iOS device by clicking on the “Browse” button.

Step 4: Sn0wbreeze will now identify the selected IPSW file. Once done, click the next “blue” colored arrow to proceed.

Step 5: Now select the “Expert Mode”, followed by “Build IPSW” option to start creating your custom firmware.

????: ************
Note: If your iPhone relies on a unlock, proceed only by selecting “Baseband Preservation Mode” option instead of “Expert Mode”.
Since building custom firmware may take some time, you can optionally play Pac-Man game to kill some time.

Step 6: Sn0wbreeze will greet you with the following “Done!” message when the custom firmware has been successfully created.

Step 7: Now follow the onscreen steps to enter DFU mode using Sn0wbreeze:

* Hold Power and Home buttons for 10 seconds
* Now release the Power button but continue holding the Home button for 10 more seconds
* You device should now be in DFU mode

If you have followed the steps correctly, you will get the following message from Snw0breeze

Restore iOS 4.3 Custom Firmware Using iTunes
Step 8: Start iTunes, click on your iOS device icon from the sidebar in iTunes. Now press and hold Left “Shift” button on the keyboard and then click on “Restore” (Not “Update” or “Check for Update”) button in iTunes and then release this button.

This will make iTunes prompt you to select the location for your custom firmware 4.3 file. Select the required custom .ipsw file that you created above, and click on “Open”.
Step 9: Now sit back and enjoy as iTunes does the rest for you. This will involve a series of automated steps. Be patient at this stage and don’t do anything silly. Just wait while iTunes installs the new firmware 4.3 on your iOS device. Your iOS device screen at this point will be showing a progress bar indicating installation progress. After the installation is done, your iOS device will be jailbroken on iOS 4.3.

Booting in Tethered Mode
Last but not the least, since there is no untethered jailbreak for iOS 4.3 yet, we will have to boot it into a tethered jailbroken state. To do this, we will make use of a utility on Windows named “iBooty” as shown in the steps below.
Step 10: Run iBooty for Windows and select your iOS device from the dropdown menu.
Note: iBooty is extracted to the desktop (iBooty-for-4.3) after running Sn0wbreeze 2.3.

Step 11: Now hit the “Start” button and follow the instructions on screen to enter your device in DFU mode:

* Hold Power and Home buttons for 10 seconds
* Now release the Power button but continue holding the Home button for 10 more seconds
* You device should now be in DFU mode

Step 12: Once you are into DFU mode, iBooty will do its thing and after a short while, your iPhone, iPad or iPod touch will be booted in a jailbroken tethered mode !
Credits goes to Redmondpie

I0n1c has just demonstrated an untethered jailbreak for iOS 4.3 using his iPad.

As we mentioned yesterday, i0n1c was listed as one of the many possible sources for a 4.3 untether by MuscleNerd.

I0n1c posted the video below on YouTube saying, shows my alpha untethered jailbroken iPad on iOS 4.3. alpha because not all required kernel patches are in it, yet.

No word yet on when the untether will be available for public release. We’ll keep you updated as we learn more.

Take a look…



Sony has just pushed a new update for PlayStation 3 users, bumping the version number up to v3.60.

This new version adds the ability to boot saved games into the cloud for PlayStation Plus subscribers. Also added is the ability to change the wait time for the system before it senses the inactivity and shuts down DualShock 3 and Sixaxis controllers.


credit goes to Taimur Asad. Thanks sir! 🙂

Description :
ORT Plus V1.30

What’s new in ORT Plus V1.30 ?

  • STOP Function Handling Improved
  • INTEL NOR Flash ID [0x88670020]

Released Stuffs :

  • ORT Plus V1.30

Previous Update : AMOI S1 Repair / Full Flasher
ORT Team Blog : Videos and Manuals

Need a Hand ?
Contact me if you have ORT-JTAG and following dead phones in Hand

  • Samsung B7320
  • Samsung P1000

ORT is a Real JTAGger’s choice

What’s new?

– RAPU and RAP3GV4 SL3 Brute Force unlocking via JAF and UFS – added. To unlock phone, please run Fenix Key Flasher and Unlocker, go to Locks and Security tab and click NEW SL3 Unlock button. As soon as fenix reads phone data, SLAP will open. Click Resume BF button and your code calculation will start immediately. The solution is standalone and free for all Fenix Key users.
– Standalone Local SX4 R&D auth – added (new hashes are supported also).
– Repairing SD – new SL3 hashes added.
– Flashing via JAF (BB5 phones) – added. Notice: backuping certificates in JAF takes some time. We advice user to disable Backup certificates option if JAF interface is in use.
– Reading certificates via JAF – added.
– Changed default flashing timeout for fast flash phones.
– UFS flashing speed improved.
– Switching to local mode in NCK unlocking via JAF works better now.
– Decrased timeout in SL1\SL2 USB unlocking for more stability.

New SL3 supported phones:

Rapu Yama phones:

Supported ROOT_KEY_HASH:

E52-1 (RM-469)
E72-1 (RM-530)
E72-2 (RM-529)
E73 (RM-658)
6700c-1, 6700c (RM-470)
6700s (RM-576)
6710s navigator (RM-491)
6720c (RM-424)
6730c-1 (RM-547)

RAP3Gv4 phones:

Supported ROOT_KEY_HASH:

X3-00 (RM-540)
6303ci (RM-638)
7230 (RM-604)
3710a-1 (RM-509)

Public discussion about Fenix Key v1.0.4

Download link:…e/
Mediafire mirror:

Fenix Team