Difference between revisions of "X-Gold 608 Unlock"

From The iPhone Wiki
Jump to: navigation, search
(Class 1)
Line 1: Line 1:
Currently, the 3G (software) [[unlock]] which is not baseband-dependent is the biggest missing piece of the iPhone community. It is more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked. [[The dev team]] has successfully unlocked all baseband versions, by a somehow patching the baseband on-the-fly (in RAM), therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband, and not until after the boot up will it be patched. The unlock (called [[yellowsn0w]]) was released on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]
+
Until recenlty, the 3G (software) [[unlock]] was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the [[Baseband_Bootloader | baseband bootloader]] is signature checked by the bootrom. [[The dev team]] has successfully unlocked all baseband versions, by overriding carrier locks on-the-fly (in RAM), therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband. The unlock, code-name [[yellowsn0w]]), was released to the public on 01/01/09. [http://blog.iphone-dev.org/post/67797811/dont-eat-yellowsn0w]
   
 
==Possible Methods==
 
==Possible Methods==

Revision as of 17:55, 5 January 2009

Until recenlty, the 3G (software) unlock was the biggest missing piece of the iPhone community. It proved more difficult than the previous unlocks due to the fact that the baseband bootloader is signature checked by the bootrom. The dev team has successfully unlocked all baseband versions, by overriding carrier locks on-the-fly (in RAM), therefore at boot the baseband bootrom can validate the bootloader, the bootloader can validate the baseband. The unlock, code-name yellowsn0w), was released to the public on 01/01/09. [1]

Possible Methods

Class 1

  • Find an exploit in the bootrom to break the chain of trust. A method has not yet been found to dump the bootrom, so that would obviously be needed before this becomes an option.
  • Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
  • Find the theorized algorithm of NCK generation

Class 2

Resources