This is a neat hack - basically, Apple's SIM activation server doesn't validate that the ICCID sent to it matches the asserted carrier - only that the carrier matches the phone identification and that the phone isn't blacklisted.
The SAM tool lets you fool iOS into sending a valid carrier to the activation server, and the activation server happily sends back the material necessary for the OS to associate the baseband with the SIM.
To make things even better, the material sent back from Apple's servers isn't time-sensitive and hence the attack can be replayed forever - once you have the "baseband ticket" for a given phone and SIM, it can be unlocked forever across all current known versions.
The SAM tool lets you fool iOS into sending a valid carrier to the activation server, and the activation server happily sends back the material necessary for the OS to associate the baseband with the SIM.
To make things even better, the material sent back from Apple's servers isn't time-sensitive and hence the attack can be replayed forever - once you have the "baseband ticket" for a given phone and SIM, it can be unlocked forever across all current known versions.