iPhone 4S unlock theoritically till now and low working .....

iPhone 4s had the ios 5 both the ios 5.0 and 5.0.1 both use activation directly from the cellular data .

First use the original sim of iphone and then make a call and end as thus the iphone gets the tmsi from the network and also it gets the use the carrier setting which it gets from its server or it had itself such as apn etc accordingly to the imsi .
When the airplane mode toggled (airplane mode is used otherwise baseband gets reset)with the replaced sim it does not use that tmsi to get the signals (the tmsi is issued by the network at the time of emergency call is dumped on the instance it is ended otherwise it would just die by the simple gevey) and get the imsi from the sim
Accordingly from the imsi it sets the apn number for that and tries to get signal from that sim although it is blocked (use the locked phone and insert other carrier sim and call on it you will hear the ring but phone will not tell you) as the iphone knows that it had the net connectivity of net and can activate the phone via cellular data network (your bad luck if your  imsi does not have the apn).

When we click  "use cellular data" the baseband got crashed
the baseband only accept the tmsi(still waiting for @musclenerd confirmation )which comes in the menu activation connect to wifi networks or itunes or on cellular data network and show the signal of the carrier but the activation screen still comes up and show the activation menu again as baseband and activation are different from each other
but after some of the tries the activation screen too also does not come up you have successfully unlocked iphone 4s

And thus when the sim is put back it gets unlocked automatically.....

Hence at last and least the trick is that "you need to create condition such as activation screen and same time the cellular connection option  with no valid connectivity when we tap it it tries and than it crashes and signal comes up"
@ raikikon

GEVEY TRUTH AND HOW DOES APPLE FIXED THAT !!!!!!!

TMSI is the identity published to by the operator of your mobile network having particular imei and contains the location where the phone is located.
IMSI is the identity which is present in the sim card and used by the phone to register on the perticular network (it help it to find the network on which it has to be register )also to lock it to perticular operator.

how does the GEVEY WORKS?
the gevey is a device which could manipulate the imsi which could thus match to which the iphone is locked its actually a devices which uses test imsi like 001016xxxxxxx called more truly as inter-poser(@Musclenerd).
hey !!! gevey has got that imsi but why the network does not come?
the reason is that such the tmsi and imsi the network register tmsi when the imsi(in card) matches to is own, but here the card imsi is changed by the gevey so therefore when (here 2 things can be done)
1.when iphone itself tries to find the signal does not get as it cannot find the network corresponding to that imsi .
2.i forcefully goes to the network setting select manual operator thus does not get it as when i click on suppose example i click on orange but the imsi is of at&t (find by gevey and my phone has the now sim card with the at&t imsi ) thus network will not register as it find that imsi does not match ..(but there are some stupid operator which can gives you signal but are very few was earlier)

why it used 112?
they used 112 as iphone baseband is an stupid..not foolish
as when 112 is called (we call its first when we insert the sim with gevey ,the imsi of the sim is same ie of the original sim and iphone will not accept it )  thus iphone is bounded to connect to the call thus the original imsi of the sim card is used and tmsi is issued by the operator hence its an easy job.
now the airplane mode (as when the call is disconnected and airplane mode is called the iphone baseband is so stupid that it keep remember the last data of the operator thus having tmsi at the network thus when gevey knows that the airplane mode is called its thus changes the imsi and iphone thus accept it and finds the carrier using last tmsi of that network got using the 112 call )

apple fix it lets see how?
1.it can fix it by the matching imsi in the phone and tmsi issued by the network its impossible as on roaming the other network with totally different tmsi gives us service (thus therefore to use data on gevey we use the data roaming on) hence this fails.

2.the network on second registration after a particular disconnect recheck the imsi (not possible machines and loads on them are out of standard apple does not have enough money to change all the operator's machine and standards  )

3.the basebands should forgets its history on airplane mode on and off and re ask  for tmsi from network it works on ios 5 baseband 4.01.08(theoretically for now) .

4.make the ios such that gevey could not detect the state of phone such as it gets imsi from phone and it came to know that phone is now in airplane mode.

real fix : apple bans the test imsi on the phone hence now the test imsi will not be accepted by the locked phone but the sim interposer would be working if it uses the real imsi of the phone ,here a preview

@raikikon