14 July 2019

Unlock iPad Apple ID Guide - How to unlock iPad Pro Cellular


First of all, if you found any lost device, please return to the owner.

If for some reason, you need help, but Apple doesn't help you.
Then you can find us to do a factory unlock.

If you want a cheap or bypass method, it's not in here. Here we talk about how to factory unlock it and without any side-effect.



iPad Pro 12.9 4G
NOTE: Cellular version of iPad and WiFi Version iPad are NOT unlock the same method.

Now this is about a real case of "How to unlock an iPad Pro 12.9 Cellular version".

First of all, you need to know how the Apple ID lock works.

How the activation server works

The device locked status is not stored inside the memory or the hard disk. This is mean no matter how you reformat or erase the software, it's still unable to activate because the Apple server requires you to sign in the previous Apple ID that logged into the device. 

So the lock status is based on the Apple Server. 

We need to know what kind of information the server is reading from our device

For sure the Apple Server is recognizing our device through unique info that is programmed on our devices.

So the expert like us will do the experiment by editing the device info to fool the server. Below is what we found out so far...

If the device is a Cellular version (SIM card), the server will check the IMEI, Serial Number, Wifi Mac address, and Bluetooth Mac address. 

If the device has no SIM function, the server only checks Serial Number, Wifi Mac address, and Bluetooth Mac Address.

This all must be the same set, no mixing, or randomly typed in. This means the whole set of info must exactly from a device that matches what they sold.

Else their server won't be allowed the device to activate and saying there is a problem in your device as the screenshot below.





Methods to unlock Apple ID / Bypass Activation available so far...


  1. Hack their server - If you are a pro hacker, then hack their server, but I don't think a super hacker will bother to do a small job like this. 

  2. Jailbreak - Use a third-party app to bypass the activation page. But this method is available for certain iOS version only. Usually this option is not supported for the latest iOS and it will be locked if you update the iOS.

  3. Apple Center Unlock for you - Yes, as long you have the receipt of the purchase to prove you're the owner.
    Don't expect you can pay someone in Apple and they for you. There will be a trace of the technician who try to log out the ID.
    Apple already fired a bunch of technicians because the customers reported their lost device is not in iCloud anymore. 

  4. Reprogram the device to fool the server - Yes, this is today's topic. 

We can edit the IMEI and Serial Number to fool the server?

Yes. But as I said before, the server will compare the info of your device with their server.

But to reprogram the IMEI is NOT possible. Because the IMEI is stored inside the Baseband CPU and it's designed to be unprogrammable.
 
"Baseband CPU is a long story to explain, I might write another article for it"

But the info such as Serial Number, WiFi Address and Bluetooth Address can be edited through a hard disk programer machine. It's the same method that I wrote an article about upgrading storage before. 

Because the SN is stored on the hard disk, technically it's called NAND flash.

Why we have the tool to reprogram the NAND? 

Because Apple doesn't own any factory to produce the NAND flash. All the iPhone and iPad are using NAND flash memory.
The NAND they using are supplying from Samsung, Hynix, Toshiba, and Sandisk.

This is why we can easily get the NAND programming tools. 



Back to today's topic - Unlocking a cellular of iPad 

If we just changed SN, but the IMEI is still there, the server will still be blocking us to activate. 
Remember, the devices that have IMEI are those devices that supported the SIM cards (
iPad Cellular version and the iPhone).

So if a device doesn't have IMEI (iPad WiFi Version), they are all can be unlocked easily. Here is the video of how to unlock the iPad WiFi version.



What about the iPads Cellular version? Can it still be unlocked?

Yes, but we need to disable the IMEI. (SIM cellular function / Baseband). So the iPad Cellular will become an iPad WiFi version. But we still need to change the SN, Wifi, and BT.

If so, then the iPhone can unlock?

No. It's because if you disable the IMEI (Baseband) on the iPhone, then Apple Server recognizes it's a brick and having a problem. Keep showing there is a problem in your device message and telling you to send it to Apple Center. 


Let's continue to read how to unlock the Cellular of the iPads.

How to Unlock the Cellular version iPad Pro 12.9 


The first step is we need to disable the IMEI of the iPad. 
By just removing a specific resistor on the motherboard and then the iPad will become a WiFi version.
Literally we are converting a Cellular iPad to a Wifi iPad.
How to convert iPad Pro 12.9 4G to WiFi

After the step above, the iPad will be stuck into DFU mode. But DO NOT restore it yet.


iPad Pro 12.9 4G logicboard
Take the whole board out of the housing.
Because some models need to take out the NAND to program it. 
This NAND removal process can only be done by "hot air soldering station".
So you need to be well trained in micro-soldering and heat control, else you're be killing the board.


iPad PRO NAND
Tips: Be careful when removing the NAND IC, you sure don't want overheat and affected RAM or CPU. It can end up unable to power on or 4014 error.  If you got that kind of problem, only a trained professional like us can do the re-ball CPU and RAM to help you.

If you're a newcomer who wants to learn this, I advise you to cut the shield that will absorb the heat away. The shield will be causing you to take a long time to remove it.
DO NOT PUT any thermal tape or coin. Those shit will only cause you more time to take it out.
Long time heating = High Risk
Come to my school and I'll teach you how to master the heat station. You won't be fear in any job, especially the iPhone.

After you removed the NAND, put it into the NAND into a programming tool to write a new SN, WiFi, and BT address.
The Apple Activation Server will check this info, make sure the info is from a legit Apple iPad and it has no Apple ID lock.

If one of the info is mistyped or incorrect then it will be unable to activate.

In programming tool we need to click unbind the WiFi also.

Then the NAND is ready to be solder back into the logic board. 

You think you're done?
No, not yet.

Because once you activated,  you notice the iPad WiFI isn't working!

Yes, it's because we also need to replace the correct WiFi chipset for it. 

Because of the Cellular model and WiFi model's WiFi chipset is NOT the same. 
So the WiFi won't be working at all. The WiFi button will be grey out and unable to turn on.

But this problem only happens on the iPad that is A9 CPU and newer. Older iPads don't have this kind of problem.

So the last step of this unlocking, we need to replace a correct version of the WiFi chipset. 



iPad Pro 12.9 WiFi IC code
We need to buy the WiFi model's WiFI IC to replace it.
Tips: the WiFi chipset of this iPad code is ended with 0045.

iPad PRO WIFI IC
Remove the WiFI IC is straightforward. You can heat this area by using a very high temp and it won't get a problem.

Tips:
When you install the new WiFi IC, be sure to use a lower temp. Normally the new chipset easily to get damaged by high temp.
Final step - Assemble everything.
Connect it into iTunes and click Restore.
It will download an iPad WIFI version firmware to restore.

Finally, it's done!
Tips: Always censored the SN. Because experts like me that have similar skills can steal your SN. You'll be screw if you haven't log in the Apple ID on it.


iPad remove iCloud
DONE !!


FAQs:
Q: Can I still update the iOS in the future?
A: Yes

Q: Can I use a new Apple ID after that?
A: Yes

Q: Will the "ex-owner" able to track it by GPS?
A: No. The whole device becomes a new device.

Q: Why they didn't block this kind of unlocking?
A: So far they won't. Because this method is very extreme and only a trained person with the tools can do it.