Difference between revisions of "NCK Brute Force"

From The iPhone Wiki
Jump to: navigation, search
(New page: This is a theoretical exploit which involves brute forcing the NCK from the seczone the CHIPID and the NORID ==Credit== gray, geohot ==Feasibility== Given that NCKs are 15 digits...)
(No difference)

Revision as of 22:14, 27 July 2008

This is a theoretical exploit which involves brute forcing the NCK from the seczone the CHIPID and the NORID

Credit

gray, geohot

Feasibility

Given that NCKs are 15 digits long, the keyspace is log(10^15)/log(2)~=2^50 This would be searchable if all the cryptography used was symmetric. But the algo is TEA(RSA(token), NCK+CHIPID+NORID). So that inside RSA has to be done. A modern machine can search the 8 digit keyspace in about 5 minutes, which means we need a couple orders of magnitude speed increase to consider 15 digit.

Implementation

[[http://lpahome.com/nckbf/nckbf.rar Multithreaded NCK Brute Forcer.