|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "X-Gold 618 Unlock"
| Line 1: | Line 1: | ||
| + | The [[N90ap|iPhone 4]] now uses the X-Gold 618. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher. |
||
| − | iPhone 4 unlock breakdown. |
||
| − | similar X-Gold 608 :D |
||
| − | Possible Methods |
+ | ==Possible Methods== |
| − | + | ===Class 1=== |
|
| − | Find an exploit in the bootrom to break the chain of trust. |
+ | * Find an exploit in the bootrom to break the chain of trust. |
| + | * Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID |
||
| + | * Find the theorized algorithm of NCK generation |
||
| + | ===Class 2=== |
||
| − | Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID |
||
| + | * Use a SIM hack such as the TurboSIM Unlock |
||
| − | Find the theorized algorithm of NCK generation |
||
| + | * Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works. |
||
| − | |||
| + | * Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w. |
||
| − | |||
| − | ---- |
||
| − | |||
| − | '''Class 2''' |
||
| − | |||
| − | Use a SIM hack such as the TurboSIM Unlock |
||
| − | Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works. |
||
| − | |||
| − | |||
| − | Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w. |
||
| − | |||
| − | |||
| − | |||
| − | |||
| − | ---Leobruh |
||
Revision as of 15:19, 24 June 2010
The iPhone 4 now uses the X-Gold 618. Unlike the X-Gold 608, the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.
Possible Methods
Class 1
- Find an exploit in the bootrom to break the chain of trust.
- Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
- Find the theorized algorithm of NCK generation
Class 2
- Use a SIM hack such as the TurboSIM Unlock
- Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
- Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.
