The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "X-Gold 618 Unlock"
Line 7: | Line 7: | ||
Find an exploit in the bootrom to break the chain of trust. |
Find an exploit in the bootrom to break the chain of trust. |
||
+ | |||
Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID |
Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID |
||
+ | |||
Find the theorized algorithm of NCK generation |
Find the theorized algorithm of NCK generation |
||
+ | |||
+ | |||
+ | ---- |
||
'''Class 2''' |
'''Class 2''' |
||
Line 14: | Line 19: | ||
Use a SIM hack such as the TurboSIM Unlock |
Use a SIM hack such as the TurboSIM Unlock |
||
Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works. |
Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works. |
||
+ | |||
− | Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8. |
||
+ | |||
+ | ----Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8. |
Revision as of 15:12, 23 June 2010
iPhone 4 unlock breakdown. similar X-Gold 608 :D
Possible Methods
Class 1
Find an exploit in the bootrom to break the chain of trust.
Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
Find the theorized algorithm of NCK generation
Class 2
Use a SIM hack such as the TurboSIM Unlock Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8.