https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=FrequentCeThe iPhone Wiki - User contributions [en]2026-06-16T06:25:07ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=X-Gold_618_Unlock&diff=7063X-Gold 618 Unlock2010-07-15T23:04:21Z<p>FrequentCe: </p>
<hr />
<div>The [[N90ap|iPhone 4]] now uses the [[X-Gold 618]]. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.<br />
<br />
Unsigned code execution has been achieved by [[MuscleNerd]] on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped. <br />
<br />
On July 13, 2010, planetbeing demonstrated a primitive but functional unlock on YouTube.[http://www.youtube.com/watch?v=41rm8MCdoh8] Currently, the unlock is being optimized and streamlined for a general release.<br />
<br />
<br />
==Possible Methods==<br />
<br />
===Class 1===<br />
<br />
* Find an exploit in the bootrom to break the chain of trust.<br />
* Improve by several orders of magnitude the [[NCK Brute Force]]r, and find a way to extract the [[CHIPID]] and [[NORID]] <br />
* Find the theorized algorithm of NCK generation<br />
<br />
===Class 2===<br />
<br />
* Use a SIM hack such as the TurboSIM Unlock <br />
* Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works. <br />
* Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.</div>FrequentCe