In this version, Apple has corrected a lot of vulnerabilities and changed the algorithm to check secpack. Secpack – contained in the pack area, which contains the digital signature to a specific version of the firmware of the GSM-phone. Necessary to modify the software GSM-modem. If the bootloader version 3.9 it was possible to perform operations with GSM-bearing part of secpack current or next version of the firmware in the bootloader (>=), 4.6 such operations are only possible with the next version of secpack firmware (>). Plus other matters recorded in the area in which the bootloader, after the initialization was not possible, making it a "rollback" impossible.
This small and nuance all messed up life. Why? Let's see what a program unlock. How the unlock? As part of the GSM firmware is checking for a SIM card belonging to a particular operator. To be precise, verified by a unique IMSI code of the card. This code consists of a MCC (Mobile Country Code, Country Code), MNC (Mobile Network Code, Network Code) and caller ID MSIN. In the GSM-modem is checked MCCMNC number if it is allowed in the table (this list is lockstate table), then the phone registered to a network operator, if not, the work of the GSM is blocked. Respectively to use the phone with any operator that checks should be avoided. The only method to find a place in the firmware of the GSM and modify it so that regardless of what the code is contained in MCCMNC ICCID, always check passed successfully.