The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "X-Gold 618 Unlock"
m |
|||
(22 intermediate revisions by 11 users not shown) | |||
Line 1: | Line 1: | ||
+ | The [[N90AP|iPhone 4]] and the new iPad 2 uses the [[X-Gold 618]]. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's [[SHSH]] blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher. |
||
− | iPhone 4 unlock breakdown. |
||
− | similar X-Gold 608 :D |
||
+ | Unsigned code execution has been achieved by [[MuscleNerd]] on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped. |
||
− | Possible Methods |
||
+ | On {{date|2018|07|13}}, planetbeing demonstrated a primitive but functional unlock on [http://www.youtube.com/watch?v=41rm8MCdoh8 YouTube]. The unlock was made ready for release and on {{date|2010|08|03}}, it was made available in Cydia via [[ultrasn0w]]. |
||
− | '''Class 1''' |
||
+ | |||
− | Find an exploit in the bootrom to break the chain of trust. |
||
+ | ==Possible Methods== |
||
− | Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID |
||
− | Find the theorized algorithm of NCK generation |
||
− | + | ===Class 1=== |
|
+ | * Find an exploit in the bootrom to break the chain of trust. |
||
− | Use a SIM hack such as the TurboSIM Unlock |
||
+ | * Improve by several orders of magnitude the [[NCK Brute Force]]r, and find a way to extract the [[CHIPID]] and [[NORID]] |
||
− | Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works. |
||
+ | * Find the theorized algorithm of NCK generation |
||
− | Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use ultrasn0w. Geohot and the iPhone Dev Team found (independently) an exploit in bootloader 5.8, but it isn't useful enough as only very-early (week<30) iPhone 3G units have bootloader 5.8. |
||
+ | |||
+ | ===Class 2=== |
||
+ | |||
+ | * Use a SIM hack such as the TurboSIM Unlock |
||
+ | * Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works. |
||
+ | * Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w. |
||
+ | |||
+ | [[Category:Unlocking Methods]] |
Latest revision as of 13:46, 17 September 2021
The iPhone 4 and the new iPad 2 uses the X-Gold 618. Unlike the X-Gold 608, the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.
Unsigned code execution has been achieved by MuscleNerd on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.
On 13 July 2018, planetbeing demonstrated a primitive but functional unlock on YouTube. The unlock was made ready for release and on 3 August 2010, it was made available in Cydia via ultrasn0w.
Possible Methods
Class 1
- Find an exploit in the bootrom to break the chain of trust.
- Improve by several orders of magnitude the NCK Brute Forcer, and find a way to extract the CHIPID and NORID
- Find the theorized algorithm of NCK generation
Class 2
- Use a SIM hack such as the TurboSIM Unlock
- Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
- Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.