|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "NCK Brute Force"
(→Feasibility) |
(→Feasibility) |
||
| Line 5: | Line 5: | ||
==Feasibility== |
==Feasibility== |
||
| − | Given that [[NCK]]s are 15 digits long, the keyspace is log(10^15)/log(2)~=2^50 This would be searchable if all the cryptography used was symmetric. But the algo is TEA(RSA(token), NCK+CHIPID+NORID) [[http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm TEA]]. So that inside [[ |
+ | Given that [[NCK]]s are 15 digits long, the keyspace is log(10^15)/log(2)~=2^50 This would be searchable if all the cryptography used was symmetric. But the algo is TEA(RSA(token), NCK+CHIPID+NORID) [[http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm TEA]]. So that inside [[http://en.wikipedia.org/wiki/RSA RSA]] has to be done. A modern machine can search the 8 digit keyspace in about 5 minutes, which means we need a couple orders of magnitude speed increase to consider 15 digit. |
==Implementation== |
==Implementation== |
||
Revision as of 20:02, 31 July 2008
This is a theoretical exploit which involves brute forcing the NCK from the seczone the CHIPID and the NORID. So far no one has made public an instance of NCK discovery using this theortical approach.
Credit
gray, geohot
Feasibility
Given that NCKs are 15 digits long, the keyspace is log(10^15)/log(2)~=2^50 This would be searchable if all the cryptography used was symmetric. But the algo is TEA(RSA(token), NCK+CHIPID+NORID) [TEA]. So that inside [RSA] has to be done. A modern machine can search the 8 digit keyspace in about 5 minutes, which means we need a couple orders of magnitude speed increase to consider 15 digit.
