Difference between revisions of "Talk:NCK Brute Force"

From The iPhone Wiki
Jump to: navigation, search
m (Possible (minor) speedup for the brute force: new section)
m (Possible (minor) speedup for the brute force: Delete - does not help speed up after some testing)
Line 56: Line 56:
 
Could that be useful in this NCK attack?
 
Could that be useful in this NCK attack?
 
--[[User:Zuezuo|Zuezuo]] 10:32, 9 March 2010 (UTC)
 
--[[User:Zuezuo|Zuezuo]] 10:32, 9 March 2010 (UTC)
 
== Possible (minor) speedup for the brute force ==
 
 
Geohot's bf calculates (f(nck)^3 mod n) for every candidate nck and compares the result to a known valid msg.
 
 
The underlying implementation for x^3 mod n step is openssl or gmp. Typically it involves some precalculation with regard to the modulus "n", some init step with regard to input, do the real exponentiation, then some finalizing step to get the result mod n.
 
 
I wonder if you can speed this up slightly (maybe by 50%~100%) if you move the precalculation and init steps out of the main brute force loop. In theory checking the x^3 mod n against a known msg should only involve 2 montgomery multiplication.
 

Revision as of 21:51, 14 March 2011

Permanent unlock?

Is this method usable to permanently unlock the iPhone (like IPSF) aka upgrade resistant and not needing a software like signal.app (and being able to use SIM PIN Code)? This would allowed to have the "official" unlock (except activation)?

Time calculations

How long would it take to search the 15 digit one?

Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years, or complete a search in 317 years.

To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PSP3 or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn't help much. - Deco

I assume in the article there's something wrong regarding time calculation. It states that for 8 bit you need 5 mins and we have 15 bit. That would mean 128 fold more or only 11 hours with a PC two years old. That must be wrong. -- http 08:26, 24 July 2010 (UTC)

It's clear now. We are talking about decimal digits, not bits! So it takes 10(15-8) times longer, or about 95 years. -- http 21:53, 5 August 2010 (UTC)

Cloud project

Using a system like BOINC ( known for seti @ home) would not help to distribute the load ?

If Apple sold 10 Million devices, and lets say maybe 10k to 100k people participated, we should be able to reduce that time from, lets say 200 years to a maximum of 2 weeks to 2 months.

Now we would just need someone to create a modified client, manage the calculated packages and provide the packages which would need to be calculated/crunched.

Just an idea.

Chris

And you'll end up with exactly one unlocked iPhone. Better off selling the machine hours. ~geohot

But with such a project you could compare the results of every calculation not only with one iPhone, but with a list of all iPhones that have registered in the project. That's the advantage of brute force attack. So it would still be possible I think - assuming we could create such a network. But it could also arise legal problems. -- http 08:33, 24 July 2010 (UTC)

Brute force master key

Is it not possible to brute force the key that apple uses and then use that to unlock all iPhones?

if we get say 1 million computers then how long would it theoretically take to generate one key? 1 million isn't that impossible given that 3 million iPhone 3Gs have been sold of most geeks have more than one computer. Assuming that on average everyone contributes 2 computers then we only need 500000 people to reach 1 million. subtract the speed of networking and the fact that some people will turn their computers off every so often and we should be able to generate 5 or 6 keys a day? this is kinda pathetic for just a proof of concept but just proving that we can generate code and can harness this much power would be a massive psychological blow to apple. also i would assume that we would need some main server to control all the computers which probably doesn't exist :P

blog.iphone-dev.org had 276,688 unique visitors on July 20th (PwnageTool release 2.0/2.0.1), so I would assume that number is the sort of participants we would get. I think 2 computers from each person is also optimistic, it would probably be less than 1 on average as most people won't run it 24/7.

Mirror

Does anyone have a mirror for the Multithreaded NCK Brute Forcer I think the link is down.--Bob 14:49, 22 August 2008 (UTC)

Reply: done --Zuezuo 10:32, 9 March 2010 (UTC)

The link doesn't appear to be active anymore. I have an interest in this code, and maybe porting it to some faster machines. Does it still exist, or did someone erase it/stop hosting it? ---Unrstuart 15:10, 24 July 2010 (PDT)

I have updated the page with a valid link to a blog discussing geohot's Multithreaded NCK Brute Forcer. This page contains a link to the source code and a Windows binary. --Jmh9072 Feb 4, 2011, 23:52 (EST)

RSA attack

Some researches recently published this paper: "Fault-Based Attack of RSA Authentication" - http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf

Could that be useful in this NCK attack? --Zuezuo 10:32, 9 March 2010 (UTC)