Difference between revisions of "X-Gold 618 Unlock"

From The iPhone Wiki
Jump to: navigation, search
Line 7: Line 7:
   
 
Find an exploit in the bootrom to break the chain of trust.
 
Find an exploit in the bootrom to break the chain of trust.
  +
 
Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
 
Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
  +
 
Find the theorized algorithm of NCK generation
 
Find the theorized algorithm of NCK generation
  +
  +
  +
----
   
 
'''Class 2'''
 
'''Class 2'''
Line 14: Line 19:
 
Use a SIM hack such as the TurboSIM Unlock
 
Use a SIM hack such as the TurboSIM Unlock
 
Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
 
Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
  +
Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8.
 
  +
  +
----Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8.

Revision as of 15:12, 23 June 2010

iPhone 4 unlock breakdown. similar X-Gold 608 :D

Possible Methods

Class 1

Find an exploit in the bootrom to break the chain of trust.

Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID

Find the theorized algorithm of NCK generation



Class 2

Use a SIM hack such as the TurboSIM Unlock Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.



Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8.