Difference between revisions of "Talk:NCK Brute Force"

From The iPhone Wiki
Jump to: navigation, search
(Mirror)
(Missing signatures. x_x)
 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
  +
== Permanent unlock? ==
 
Is this method usable to permanently unlock the iPhone (like IPSF) aka upgrade resistant and not needing a software like signal.app (and being able to use SIM PIN Code)?
 
Is this method usable to permanently unlock the iPhone (like IPSF) aka upgrade resistant and not needing a software like signal.app (and being able to use SIM PIN Code)?
This would allowed to have the "official" unlock (except activation)?
+
This would allowed to have the "official" unlock (except activation)? {{unsigned|Dranfi|23:10, July 28, 2008 (UTC)}}
   
== Time? ==
+
== Time calculations ==
   
How long would it take to search the 15 digit one?
+
How long would it take to search the 15 digit one? {{unsigned|Yanson|11:11, August 17, 2008 (UTC)}}
   
Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years.
+
:Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years, or complete a search in 317 years.
   
To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PSP3 or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn't help much. - Deco
+
:To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PSP3 or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn't help much. - Deco
   
  +
I assume in the article there's something wrong regarding time calculation. It states that for 8 bit you need 5 mins and we have 15 bit. That would mean 128 fold more or only 11 hours with a PC two years old. That must be wrong. -- [[User:Http|http]] 08:26, 24 July 2010 (UTC)
   
  +
It's clear now. We are talking about decimal digits, not bits! So it takes 10<sup>(15-8)</sup> times longer, or about 95 years. -- [[User:Http|http]] 21:53, 5 August 2010 (UTC)
----
 
   
  +
I read somewhere that the phone perminatley locks to a carrier after 5 incorrect NCK entries...is that true?
  +
  +
== Cloud project ==
   
 
Using a system like BOINC ( known for seti @ home) would not help to distribute the load ?
 
Using a system like BOINC ( known for seti @ home) would not help to distribute the load ?
Line 21: Line 26:
 
Now we would just need someone to create a modified client, manage the calculated packages and provide the packages which would need to be calculated/crunched.
 
Now we would just need someone to create a modified client, manage the calculated packages and provide the packages which would need to be calculated/crunched.
   
Just an idea.
+
Just an idea. {{unsigned|Ripskee|04:16, August 18, 2008 (UTC)}}
 
Chris
 
   
 
And you'll end up with exactly ''one'' unlocked iPhone. Better off selling the machine hours. ~geohot
 
And you'll end up with exactly ''one'' unlocked iPhone. Better off selling the machine hours. ~geohot
   
  +
But with such a project you could compare the results of every calculation not only with one iPhone, but with a list of all iPhones that have registered in the project. That's the advantage of brute force attack. So it would still be possible I think - assuming we could create such a network. But it could also arise legal problems. -- [[User:Http|http]] 08:33, 24 July 2010 (UTC)
   
  +
== Brute force master key ==
----
 
   
  +
Is it not possible to brute force the key that apple uses and then use that to unlock all iPhones? {{unsigned|Yanson|11:01, August 19, 2008 (UTC)}}
   
  +
if we get say 1 million computers then how long would it theoretically take to generate one key? 1 million isn't that impossible given that 3 million iPhone 3Gs have been sold of most geeks have more than one computer. Assuming that on average everyone contributes 2 computers then we only need 500000 people to reach 1 million. subtract the speed of networking and the fact that some people will turn their computers off every so often and we should be able to generate 5 or 6 keys a day? this is kinda pathetic for just a proof of concept but just proving that we can generate code and can harness this much power would be a massive psychological blow to apple. also i would assume that we would need some main server to control all the computers which probably doesn't exist :P {{unsigned|Sammypwns|14:28, August 19, 2008 (UTC)}}
Is it not possible to brute force the key that apple uses and then use that to unlock all iPhones?
 
 
if we get say 1 million computers then how long would it theoretically take to generate one key? 1 million isn't that impossible given that 3 million iPhone 3Gs have been sold of most geeks have more than one computer. Assuming that on average everyone contributes 2 computers then we only need 500000 people to reach 1 million. subtract the speed of networking and the fact that some people will turn their computers off every so often and we should be able to generate 5 or 6 keys a day? this is kinda pathetic for just a proof of concept but just proving that we can generate code and can harness this much power would be a massive psychological blow to apple. also i would assume that we would need some main server to control all the computers which probably doesn't exist :P
 
 
blog.iphone-dev.org had 276,688 unique visitors on July 20th (PwnageTool release 2.0/2.0.1), so I would assume that number is the sort of participants we would get. I think 2 computers from each person is also optimistic, it would probably be less than 1 on average as most people won't run it 24/7.
 
   
  +
blog.iphone-dev.org had 276,688 unique visitors on July 20th (PwnageTool release 2.0/2.0.1), so I would assume that number is the sort of participants we would get. I think 2 computers from each person is also optimistic, it would probably be less than 1 on average as most people won't run it 24/7. {{unsigned|Yanson|20:00, August 19, 2008 (UTC)}}
   
 
== Mirror ==
 
== Mirror ==
Line 44: Line 46:
   
 
The link doesn't appear to be active anymore. I have an interest in this code, and maybe porting it to some faster machines. Does it still exist, or did someone erase it/stop hosting it? ---[[User:Unrstuart|Unrstuart]] 15:10, 24 July 2010 (PDT)
 
The link doesn't appear to be active anymore. I have an interest in this code, and maybe porting it to some faster machines. Does it still exist, or did someone erase it/stop hosting it? ---[[User:Unrstuart|Unrstuart]] 15:10, 24 July 2010 (PDT)
  +
  +
I have updated the page with a valid link to a blog discussing geohot's Multithreaded NCK Brute Forcer. This page contains a link to the source code and a Windows binary. --[[User:Jmh9072|Jmh9072]] Feb 4, 2011, 23:52 (EST)
   
 
== RSA attack ==
 
== RSA attack ==
Line 50: Line 54:
 
"Fault-Based Attack of RSA Authentication" - http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
 
"Fault-Based Attack of RSA Authentication" - http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
   
Could that be useful in this NCK attack?
+
Could that be useful in this NCK attack? --[[User:Zuezuo|Zuezuo]] 10:32, 9 March 2010 (UTC)
  +
:NO, just if you are in apple's server and shot-circuit one of the servers. {{unsigned|XiiiX|22:42, 14 March 2011 (UTC)}}
--[[User:Zuezuo|Zuezuo]] 10:32, 9 March 2010 (UTC)
 

Latest revision as of 05:57, 28 May 2011

Permanent unlock?

Is this method usable to permanently unlock the iPhone (like IPSF) aka upgrade resistant and not needing a software like signal.app (and being able to use SIM PIN Code)? This would allowed to have the "official" unlock (except activation)? --The preceding unsigned comment was added by Dranfi (talk) 23:10, July 28, 2008 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.

Time calculations

How long would it take to search the 15 digit one? --The preceding unsigned comment was added by Yanson (talk) 11:11, August 17, 2008 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.

Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years, or complete a search in 317 years.
To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PSP3 or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn't help much. - Deco

I assume in the article there's something wrong regarding time calculation. It states that for 8 bit you need 5 mins and we have 15 bit. That would mean 128 fold more or only 11 hours with a PC two years old. That must be wrong. -- http 08:26, 24 July 2010 (UTC)

It's clear now. We are talking about decimal digits, not bits! So it takes 10(15-8) times longer, or about 95 years. -- http 21:53, 5 August 2010 (UTC)

I read somewhere that the phone perminatley locks to a carrier after 5 incorrect NCK entries...is that true?

Cloud project

Using a system like BOINC ( known for seti @ home) would not help to distribute the load ?

If Apple sold 10 Million devices, and lets say maybe 10k to 100k people participated, we should be able to reduce that time from, lets say 200 years to a maximum of 2 weeks to 2 months.

Now we would just need someone to create a modified client, manage the calculated packages and provide the packages which would need to be calculated/crunched.

Just an idea. --The preceding unsigned comment was added by Ripskee (talk) 04:16, August 18, 2008 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.

And you'll end up with exactly one unlocked iPhone. Better off selling the machine hours. ~geohot

But with such a project you could compare the results of every calculation not only with one iPhone, but with a list of all iPhones that have registered in the project. That's the advantage of brute force attack. So it would still be possible I think - assuming we could create such a network. But it could also arise legal problems. -- http 08:33, 24 July 2010 (UTC)

Brute force master key

Is it not possible to brute force the key that apple uses and then use that to unlock all iPhones? --The preceding unsigned comment was added by Yanson (talk) 11:01, August 19, 2008 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.

if we get say 1 million computers then how long would it theoretically take to generate one key? 1 million isn't that impossible given that 3 million iPhone 3Gs have been sold of most geeks have more than one computer. Assuming that on average everyone contributes 2 computers then we only need 500000 people to reach 1 million. subtract the speed of networking and the fact that some people will turn their computers off every so often and we should be able to generate 5 or 6 keys a day? this is kinda pathetic for just a proof of concept but just proving that we can generate code and can harness this much power would be a massive psychological blow to apple. also i would assume that we would need some main server to control all the computers which probably doesn't exist :P --The preceding unsigned comment was added by Sammypwns (talk) 14:28, August 19, 2008 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.

blog.iphone-dev.org had 276,688 unique visitors on July 20th (PwnageTool release 2.0/2.0.1), so I would assume that number is the sort of participants we would get. I think 2 computers from each person is also optimistic, it would probably be less than 1 on average as most people won't run it 24/7. --The preceding unsigned comment was added by Yanson (talk) 20:00, August 19, 2008 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.

Mirror

Does anyone have a mirror for the Multithreaded NCK Brute Forcer I think the link is down.--Bob 14:49, 22 August 2008 (UTC)

Reply: done --Zuezuo 10:32, 9 March 2010 (UTC)

The link doesn't appear to be active anymore. I have an interest in this code, and maybe porting it to some faster machines. Does it still exist, or did someone erase it/stop hosting it? ---Unrstuart 15:10, 24 July 2010 (PDT)

I have updated the page with a valid link to a blog discussing geohot's Multithreaded NCK Brute Forcer. This page contains a link to the source code and a Windows binary. --Jmh9072 Feb 4, 2011, 23:52 (EST)

RSA attack

Some researches recently published this paper: "Fault-Based Attack of RSA Authentication" - http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf

Could that be useful in this NCK attack? --Zuezuo 10:32, 9 March 2010 (UTC)

NO, just if you are in apple's server and shot-circuit one of the servers. --The preceding unsigned comment was added by XiiiX (talk) 22:42, 14 March 2011 (UTC). Please consult this page for more info on how to sign pages, and how to fix this.