|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "X-Gold 608 Unlock"
| Line 1: | Line 1: | ||
| − | Until recenlty, the 3G software [[unlock]] was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked by the bootrom. [[The dev team]] has successfully unlocked all baseband versions, by overriding carrier locks on-the-fly in RAM, therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband. The unlock, code-name [[yellowsn0w]], was released to the public on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w] |
+ | Until recenlty, the 3G software [[unlock]] was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked by the bootrom. [[The dev team]] has successfully unlocked all baseband versions, by overriding carrier locks on-the-fly in RAM, therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband. The unlock, code-name [[yellowsn0w]], was released to the public on 01/01/09 for baseband 02.28.00 only. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w] |
==Possible Methods== |
==Possible Methods== |
||
Revision as of 17:58, 5 January 2009
Until recenlty, the 3G software unlock was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the baseband bootloader is signature checked by the bootrom. The dev team has successfully unlocked all baseband versions, by overriding carrier locks on-the-fly in RAM, therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband. The unlock, code-name yellowsn0w, was released to the public on 01/01/09 for baseband 02.28.00 only. [1]
Possible Methods
Class 1
- Find an exploit in the bootrom to break the chain of trust. A method has not yet been found to dump the bootrom, so that would obviously be needed before this becomes an option.
- Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
- Find the theorized algorithm of NCK generation
Class 2
- Use a SIM hack such as the TurboSIM Unlock
- Find a way to patch running memory to "unlock" the phone on every bootup. This is how yellowsn0w works.
Resources
- Read about the X-Gold 608
- Read geohot's blog post
- 25C3 presentation "Hacking the iPhone" video here
