Unofficial expansion of the memory of the iPhone or the Chinese victory over American marketing

Once upon a time, when the iPhone was expensive in Russia, many people bought iPhones with ibei on AT & T, using a proxy-sim (geveiku) for unlock. At that time, the transition to the iPhone 4 began, where the modem upgrade to iPad (06.15.00) method did not work, the latest soft unlock was 01.59.00 (iOS 4.0), and the BaseBand update required the purchase of a new geveika. Up to iOS 5.0, where the new modem on 04.11.08 turned many devices into an iPod. From that moment on, this amazing Chinese business flourished.
Under the cut a small story from 2011 to the present day with pictures.


However, the locked "stumps" were bought all over the world, due to the fact that Apple did not sell officially unlocked devices in the first days of sales, forcing to draw the device into a contract. And the geography of sales of the first wave covered not too many countries and the novelty could have gone much longer than a parcel from the USA.
Initially, it was a service to replace the modem chip and flash memory of the modem with a new one, after which a new IMEI was recorded, then the serial number in the device chip was changed. The service cost $ 150.

Technical part:
At the Foxconn plant, where apple products are harvested, special diagnostic firmware is used. I have already talked about them here , and also preparing a sequel.

Pictured is a debug bootchain for iPhone 4
')

It is called from recovery (iboot) with the help of the diags command. After its performance, the device screen turns purple. But if you enter a special command, you can display this menu.


Cable for iPhone 5+
Communication with the diags program occurs only through the serial port, which is present in the 30 and 8 pin connectors.
There is an impressive list of her teams.

year 2014
Back in 2013, the Activation Lock function appeared, which allows the device to be turned into a “brick”, until AppleID and the device master password are entered. This method began to be used to unlock these (after all, changing IMEI + SN guaranteed to remove the lock), however, profits from sales of the iPhone 4 fell due to the obsolescence of the device. Out of desperation, hardware ipad unlock methods began to appear, allowing you to install a cellular wifi version of the firmware on the model, thus avoiding blocking. At that time, experiments were being actively conducted on recording empty blanks with a new serial number to unlock ipad wifi and ipod touch.

2015
The Chinese began to develop it back in 2012, however, they managed to complete it only now. A Foxconn employee brings the iPhone 6 motherboard to the factory and flashes the diagnostic firmware. A “carriage” is placed in the gap between the NAND and the board, which allows hot switching of bga NAND chips.
It happens like this: nand is installed with the firmware, then the devgs program is loaded into the RAM via the dev bootchain, after which the chip is hot-swapped and the serial number is changed to the specified one.
The device itself looks like this:

You can even buy them on aliexpress, just like the “blanks” of NAND.
In such a tricky way, it is possible to increase memory up to 128 and even up to 256 GB (although one chip will cost 800 yuan and is sold in limited quantities)
Lastly, the video of this process:


However, the story is not over yet. It is happening right now, but due to economic problems in the Russian Federation, this business has not yet taken root. By the way, the equipment costs ~ $ 800, which in terms of the "smoker" rate - 64k rubles + memory blanks.