Difference between revisions of "X-Gold 618 Unlock"

From The iPhone Wiki
Jump to: navigation, search
(added minor details)
m
 
(14 intermediate revisions by 9 users not shown)
Line 1: Line 1:
The [[N90ap|iPhone 4]] now uses the X-Gold 618. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.
+
The [[N90AP|iPhone 4]] and the new iPad 2 uses the [[X-Gold 618]]. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's [[SHSH]] blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.
   
Currently (as of July 5, 2010), unsigned code execution has been achieved by [[MuscleNerd]] on the device and the ability to insert a custom AT command has been demonstrated. The bootrom has also been dumped.
+
Unsigned code execution has been achieved by [[MuscleNerd]] on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.
   
  +
On {{date|2018|07|13}}, planetbeing demonstrated a primitive but functional unlock on [http://www.youtube.com/watch?v=41rm8MCdoh8 YouTube]. The unlock was made ready for release and on {{date|2010|08|03}}, it was made available in Cydia via [[ultrasn0w]].
  +
  +
 
==Possible Methods==
 
==Possible Methods==
   
Line 8: Line 11:
   
 
* Find an exploit in the bootrom to break the chain of trust.
 
* Find an exploit in the bootrom to break the chain of trust.
* Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
+
* Improve by several orders of magnitude the [[NCK Brute Force]]r, and find a way to extract the [[CHIPID]] and [[NORID]]
 
* Find the theorized algorithm of NCK generation
 
* Find the theorized algorithm of NCK generation
   
Line 16: Line 19:
 
* Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works.
 
* Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works.
 
* Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.
 
* Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.
  +
  +
[[Category:Unlocking Methods]]

Latest revision as of 13:46, 17 September 2021

The iPhone 4 and the new iPad 2 uses the X-Gold 618. Unlike the X-Gold 608, the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.

Unsigned code execution has been achieved by MuscleNerd on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.

On 13 July 2018, planetbeing demonstrated a primitive but functional unlock on YouTube. The unlock was made ready for release and on 3 August 2010, it was made available in Cydia via ultrasn0w.


Possible Methods

Class 1

  • Find an exploit in the bootrom to break the chain of trust.
  • Improve by several orders of magnitude the NCK Brute Forcer, and find a way to extract the CHIPID and NORID
  • Find the theorized algorithm of NCK generation

Class 2

  • Use a SIM hack such as the TurboSIM Unlock
  • Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
  • Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.