The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "X-Gold 618 Unlock"
m |
|||
(19 intermediate revisions by 11 users not shown) | |||
Line 1: | Line 1: | ||
+ | The [[N90AP|iPhone 4]] and the new iPad 2 uses the [[X-Gold 618]]. Unlike the [[X-Gold 608]], the baseband now requires a signature akin to Apple's [[SHSH]] blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher. |
||
− | iPhone 4 unlock breakdown. |
||
− | similar X-Gold 608 :D |
||
+ | Unsigned code execution has been achieved by [[MuscleNerd]] on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped. |
||
− | Possible Methods |
||
+ | On {{date|2018|07|13}}, planetbeing demonstrated a primitive but functional unlock on [http://www.youtube.com/watch?v=41rm8MCdoh8 YouTube]. The unlock was made ready for release and on {{date|2010|08|03}}, it was made available in Cydia via [[ultrasn0w]]. |
||
− | '''Class 1''' |
||
+ | |||
− | Find an exploit in the bootrom to break the chain of trust. |
||
+ | ==Possible Methods== |
||
+ | ===Class 1=== |
||
− | Improve by several orders of magnitude the NCK brute forcer, and find a way to extract the CHIPID and NORID |
||
+ | * Find an exploit in the bootrom to break the chain of trust. |
||
− | Find the theorized algorithm of NCK generation |
||
+ | * Improve by several orders of magnitude the [[NCK Brute Force]]r, and find a way to extract the [[CHIPID]] and [[NORID]] |
||
+ | * Find the theorized algorithm of NCK generation |
||
+ | ===Class 2=== |
||
+ | * Use a SIM hack such as the TurboSIM Unlock |
||
− | ---- |
||
+ | * Find a way to patch running memory to "unlock" the phone on every bootup. This is how [[ultrasn0w]] works. |
||
+ | * Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w. |
||
+ | [[Category:Unlocking Methods]] |
||
− | '''Class 2''' |
||
− | |||
− | Use a SIM hack such as the TurboSIM Unlock |
||
− | Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works. |
||
− | |||
− | |||
− | Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w. |
Latest revision as of 13:46, 17 September 2021
The iPhone 4 and the new iPad 2 uses the X-Gold 618. Unlike the X-Gold 608, the baseband now requires a signature akin to Apple's SHSH blobs for firmware files, so downgrading an updated baseband, provided there is a bootloader exploit, will be tougher.
Unsigned code execution has been achieved by MuscleNerd on the device and the ability to insert a custom AT command has been demonstrated. Shortly after, a persistent/background task was inserted. Also, the bootrom has been successfully dumped.
On 13 July 2018, planetbeing demonstrated a primitive but functional unlock on YouTube. The unlock was made ready for release and on 3 August 2010, it was made available in Cydia via ultrasn0w.
Possible Methods
Class 1
- Find an exploit in the bootrom to break the chain of trust.
- Improve by several orders of magnitude the NCK Brute Forcer, and find a way to extract the CHIPID and NORID
- Find the theorized algorithm of NCK generation
Class 2
- Use a SIM hack such as the TurboSIM Unlock
- Find a way to patch running memory to "unlock" the phone on every bootup. This is how ultrasn0w works.
- Find an exploit in the Baseband Bootloader so you can downgrade the baseband, then use an unlocking payload, similar to ultrasn0w.