The iPhone Wiki - User contributions [en]

X-Gold 608 Unlock

2009-11-04T02:01:05Z

Acwan:

Until recenlty, the 3G software [[unlock]] was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked by the bootrom. [[The dev team]] has successfully unlocked baseband 04.26.08, by overriding carrier locks on-the-fly in RAM, therefore at boot the baseband bootrom can validate the bootloader, and the bootloader can validate the baseband. The unlock, code-name [[ultrasn0w]], was released to the public on 23 June 2009 for baseband 04.26.08 only [http://blog.iphone-dev.org/post/128573459/ultras-now].

A new unlock named [[blacksn0w]], was released by [[geohot]] on 3 November 2009 for baseband 05.11.07.

==Possible Methods==
===Class 1===
* Find an exploit in the [[Baseband Bootrom|bootrom]] to break the chain of trust. The Dev-Team successfully dumped the bootrom, but they won't release it as it's copyrighted code.
* Improve by several orders of magnitude the [[NCK Brute Force|NCK brute forcer]], and find a way to extract the CHIPID and NORID
* Find the theorized algorithm of NCK generation

===Class 2===
* Use a [[SIM hacks|SIM hack]] such as the [[Unlock iPhone 3G with TurboSim|TurboSIM Unlock]]
* Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works.
* Find an exploit in the [[Baseband Bootloader]] so you can downgrade the baseband, then use ultrasn0w. [[User:Geohot|Geohot]] and the [[iPhone Dev Team]] found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8.

==Resources==
* Read about the [[X-Gold 608]]
* Read geohot's [http://iphonejtag.blogspot.com/2008/07/infineon-we-have-problem.html blog post]
* 25C3 presentation [http://events.ccc.de/congress/2008/Fahrplan/events/2976.en.html "Hacking the iPhone"] video [http://vimeo.com/2646755?pg=embed&sec=2646755 here]

X-Gold 608 Unlock

2009-11-04T02:00:25Z

Acwan:

Until recenlty, the 3G software [[unlock]] was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked by the bootrom. [[The dev team]] has successfully unlocked baseband 04.26.08, by overriding carrier locks on-the-fly in RAM, therefore at boot the baseband bootrom can validate the bootloader, and the bootloader can validate the baseband. The unlock, code-name [[ultrasn0w]], was released to the public on 23 June 2009 for baseband 04.26.08 only [http://blog.iphone-dev.org/post/128573459/ultras-now].

A new unlock named [[blacksn0w]], was released by Geohot on 3 November 2009 for baseband 05.11.07.

==Possible Methods==
===Class 1===
* Find an exploit in the [[Baseband Bootrom|bootrom]] to break the chain of trust. The Dev-Team successfully dumped the bootrom, but they won't release it as it's copyrighted code.
* Improve by several orders of magnitude the [[NCK Brute Force|NCK brute forcer]], and find a way to extract the CHIPID and NORID
* Find the theorized algorithm of NCK generation

===Class 2===
* Use a [[SIM hacks|SIM hack]] such as the [[Unlock iPhone 3G with TurboSim|TurboSIM Unlock]]
* Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works.
* Find an exploit in the [[Baseband Bootloader]] so you can downgrade the baseband, then use ultrasn0w. [[User:Geohot|Geohot]] and the [[iPhone Dev Team]] found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8.

==Resources==
* Read about the [[X-Gold 608]]
* Read geohot's [http://iphonejtag.blogspot.com/2008/07/infineon-we-have-problem.html blog post]
* 25C3 presentation [http://events.ccc.de/congress/2008/Fahrplan/events/2976.en.html "Hacking the iPhone"] video [http://vimeo.com/2646755?pg=embed&sec=2646755 here]