Difference between revisions of "X-Gold 618 Unlock"

The iPhone 4 now uses the X-Gold 618. Unlike the X-Gold 608, the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.

Unsigned code execution has been achieved by MuscleNerd on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.

On July 13, 2010, planetbeing demonstrated a primitive but functional unlock on YouTube.[1] Currently, the unlock is being optimized and streamlined for a general release.

Possible Methods

Class 1

• Find an exploit in the bootrom to break the chain of trust.
• Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
• Find the theorized algorithm of NCK generation

Class 2

• Use a SIM hack such as the TurboSIM Unlock
• Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
• Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.