Difference between revisions of "X-Gold 618 Unlock"

From The iPhone Wiki
Jump to: navigation, search
m
 
(19 intermediate revisions by 11 users not shown)
Line 1: Line 1:
  +
The [[N90AP|iPhone 4]] and the new iPad 2 uses the [[X-Gold 618]]. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's [[SHSH]] blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.
iPhone 4 unlock breakdown.
 
similar X-Gold 608 :D
 
   
  +
Unsigned code execution has been achieved by [[MuscleNerd]] on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.
Possible Methods
 
   
  +
On {{date|2018|07|13}}, planetbeing demonstrated a primitive but functional unlock on [http://www.youtube.com/watch?v=41rm8MCdoh8 YouTube]. The unlock was made ready for release and on {{date|2010|08|03}}, it was made available in Cydia via [[ultrasn0w]].
'''Class 1'''
 
   
  +
Find an exploit in the bootrom to break the chain of trust.
 
  +
==Possible Methods==
   
  +
===Class 1===
Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID
 
   
  +
* Find an exploit in the bootrom to break the chain of trust.
Find the theorized algorithm of NCK generation
 
  +
* Improve by several orders of magnitude the [[NCK Brute Force]]r, and find a way to extract the [[CHIPID]] and [[NORID]]
  +
* Find the theorized algorithm of NCK generation
   
  +
===Class 2===
   
  +
* Use a SIM hack such as the TurboSIM Unlock
----
 
  +
* Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works.
  +
* Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.
   
  +
[[Category:Unlocking Methods]]
'''Class 2'''
 
 
Use a SIM hack such as the TurboSIM Unlock
 
Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
 
 
 
Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.
 

Latest revision as of 13:46, 17 September 2021

The iPhone 4 and the new iPad 2 uses the X-Gold 618. Unlike the X-Gold 608, the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.

Unsigned code execution has been achieved by MuscleNerd on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.

On 13 July 2018, planetbeing demonstrated a primitive but functional unlock on YouTube. The unlock was made ready for release and on 3 August 2010, it was made available in Cydia via ultrasn0w.


Possible Methods

Class 1

  • Find an exploit in the bootrom to break the chain of trust.
  • Improve by several orders of magnitude the NCK Brute Forcer, and find a way to extract the CHIPID and NORID
  • Find the theorized algorithm of NCK generation

Class 2

  • Use a SIM hack such as the TurboSIM Unlock
  • Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
  • Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.