14 July 2019

Unlock iPad Apple ID Guide - iPad Pro 12.9 Unlock ID iCloud

First of all, if you found any lost device, please return to the owner.

If for some reason, you need help, but Apple doesn't help you.
Then you can find us to do a factory unlock.

If you want a cheap or bypass method, it's not in here. Here we talk about how to factory unlock it and without any side-effect.

iPad Pro 12.9 4G
NOTE: Cellular version of iPad and WiFi Version iPad does not unlock the same way.

Now I make a real case of "How to unlock an iPad Pro 12.9 Cellular version".

First, you need to know how the Apple ID lock works, or we should say "how the activation server works".

The device locked status is not stored on memory or the hard disk inside. This means no matter how you reformat or to reset the software, it's still unable to activate.

The lock status is located on Apple Server. In order to activate, the server is going to check your device's IMEI and Serial Number. 

Methods to Unlock Apple ID / Bypass Activation

Method 1 - If you are a pro hacker, then hack their server, but I think the FBI will arrive at your doorstep.
By the way, a few years ago they fired many Apple insiders that offer unlock under the table.

Method 2 - We reprogram the IMEI and Serial Number to fool the server?
Yes. But as I said before, the server will compare the info of your device and their server. If anything does not match, then it can't be activated. So we need a valid IMEI or SN (Serial Number).  

So, what if we have a legit IMEI and SN which is from another device? Can we use that?
Yes, it will be working if that SN is not in locked status too.

But reprogram the IMEI is not possible. Because the IMEI is stored in Baseband CPU which it's impossible to have any tools to do it. Because it's designed is unprogrammable.  
(Baseband CPU is a long story to explain, I might write another article for it)

But the SN is we can reprogram. As I wrote an article before this.
Because the SN is stored on the hard disk, technically it's called NAND flash on the iPad.

Apple doesn't own any factory to produce the NAND flash. And the iPhone and iPad all are using NAND flash memory.
Normally the NAND came from Samsung, Hynix, Toshiba, and Sandisk.

This is why we can use NAND programming tools to reprogram the data inside. But only the SN can be changed.

If we just change SN, but the IMEI is still original, the server will still be blocking you to activate. The server will check both.

The device that has IMEI is iPads SIM card models 
(iPad cellular) or the iPhone.

So if device doesn't have IMEI, like the WiFi version of iPads, those all can unlock without any problem.

So if we just reprogram the SN on iPads WiFi models, it can be unlocked. 

What about the iPads Cellular version? Can still unlock?
Yes, but we need to disable the Baseband (SIM cellular). So the iPad Cellular becomes an iPad WiFi version. We still need to change the SN.

If so, then the iPhone can unlock?
No. It's because if you disable Baseband on the iPhone, then it's not a phone anymore. If the iPhone lost the SIM function means it's a broken iPhone. So they won't let you activate a brick.

So back to the topic...

How to Unlock the Cellular version iPad Pro 12.9 

The first step is we need to convert it to becomes an iPad WiFi model.
Remove a resistor on the motherboard and that will change the iPad become a WiFi version.
How to convert iPad Pro 12.9 4G to WiFi

After the step above, the iPad will be stuck into DFU mode. But DO NOT restore it yet.

iPad Pro 12.9 4G logicboard
Take the whole board out of the housing.
Because we need to remove the NAND to reprogram it.
The removal process can only be done by "hot air soldering".

Tips: Be careful when removing the NAND IC, you sure don't want overheat affected RAM or CPU and end up unable to power on or 4014 error.  If you got that kind of problem, only a trained professional who can re-ball the CPU and RAM can help you.

So I advise you cut the shield that will absorb the heat away. The shield will be causing you to take a long time remove it.
Long time heating = High Risk

After you removed the NAND, put into the NAND into a programming tool to write a new SN, WiFi, and BT address.
This 3 info will be verified by the Activation Server.
If one of it is incorrect then you will be still unable to activate too.
Remember, click unbind the WiFi too. 

Then solder the NAND back into the logic board. 

You think you're done?
No, not yet.

Because the Cellular model and WiFi model's WiFi chipset is not the same. 
So the WiFi won't be working at all. In the iOS, the button will be grey out and you cannot turn it on.

So we also need to replace a correct WiFi chipset for it. 

iPad Pro 12.9 WiFi IC code
We need to buy the WiFi model's WiFI IC to replace it.
Tips: the WiFi chipset of this IPad code is ended with 0045.

Remove the WiFI IC is straightforward. You can heat this area by using a very high temp and it won't get a problem.

But when you install the new WiFi IC, be sure to use lower temp. Normally the new chipset easily to get damaged by high temp.
Finally, assemble the board and everything.
Connect it into iTunes and click Restore.
It will download an iPad WIFI version firmware to restore.

Finally, it's done!
Tips: Always censored the SN. Because experts who have similar skills of mine can steal your SN. You'll be screw if you haven't log in Apple ID on it.

iPad remove iCloud

Q: Can I still update the iOS in the future?
A: Yes

Q: Can I use a new Apple ID after that?
A: Yes

Q: Will the "ex-owner" able to track it by GPS?
A: No. The whole device becomes a new device.

Q: Why they didn't block this kind of unlocking?
A: So far they won't. Because this method is very extreme and only the PRO with skills and tools can do it.