Discuss NCK brute force at the General - Hackint0sh.org; I was thinking the same, that the IMEI number has a relation with the unlock ...
I was thinking the same, that the IMEI number has a relation with the unlock code
I know the brute force method is long but I would definitely used it if its guaranteed to work.
Doesn't cost you anything, just the annoying time frame.
Once it is possible to write custom applications it might be smart to create an application for the iphone that tries to hack the code by itself - running on the iphone.
It would just be a matter of time until the phone has found the code by itself. If one is lucky, its just one day. If not, it could last some years depending on the speed of the phone.
I can already see some guys having 100 iphones scanning themselves all the time, and everytime one unlocks it is put on ebay instantly...
I'm quite sure that there is no such thing as a maximum amount of tries. There might be a forced delay, but no overall maximum. And if there is one, there must be a memory segment that you can set back to zero.
Hey guys, the speed limitation is not due to computing power. If you guys read on
Originally Posted by Floctiosus
the wiki - the limit is due to the serial link speed. They calculated 30 days
just from communication over a 9600 baud link. Thats assuming the AT
commands came right back after trying the NCK.
I don't agree that IMEI is not related to the NCK. They may have implemented
Originally Posted by macdonaldsd
some kind of look up list for the iphone but I doubt it. There are people offering
unlock codes for nokias that is formula based off the IMEI. If the iphone
bases the the NCK off the IMEI, then it could work. But typically, the hackers
that figure out the formula need a few NCK/IMEI pairs to break the hash.
Since no NCK's have been released, that way won't work either.
can the number of failed tries be reset through software? Or by resetting the iPhone, restoring the firmware?
If so, a brute force approach is something to consider indeed...
Uhh... the 5 years they were referring to, is the agreement Apple signed with AT&T saying that they have EXCLUSIVE rights to be the ONLY wireless network in the US to sell and provide wireless service to the iPhone. They didn't say that it was a 5 year contract.
Originally Posted by wombat
With the firmware and restore images would it be feasible to emulate an individual phone and brute force it on a PC, then use that unlock code on the real phone? That way you don't use up your limited tries on the actual phone...
perhaps just emulate the lookup algorythm? Presumably it's a one-way algorythm with a known encrypted code?
Just an idea, maybe its obvious, if so, apologies, I don't know much about this stuff, but I'm a strong supporter!
IF the iPhone does not have a set number of maximum tries for NCK unlock, OR it is possible to reset this "counter" THEN unlock by brute force is quite possible, it could take a long time, but definately possible.
the baseband interface @9600 baud seems like the bottleneck in this, as a "normal modern" cpu could easily generate the possible combinations at a much higher speed than the interface can handle....
AND IF we get some IMEI <-> NCK pairs from brute force, then some smart folks might be able to find the alogrithm used to generate the NCK, if there indeed is a correlation between IMEI and NCK.
me thinks that if there is a max number of tries, it also has to be a way to reset this....
Keep up the good work team !!
Well, algorithm is konwn at present I think. The real problem is that you need correct key for it. And there is a way to find it: Just split some big number in two. However this task requires way too much time. Go read about public key cryptography.
Originally Posted by smman
What I wanted to say is why all of you are proposing such an inefficient way to bruteforce? The dev team know what CPU this thing run, they even can code soft for it. So they must be able to reverse engeener it or, in human language, port it to PC. Then you only need to grab some information from the phone which is used to check unlock code (might not be easy), and bruteforce. If apple isn't using some cumbersome checking ruotines, then bruteforce should take seconds. What is preventing such deal?
well I'm canceling AT&T tomorrow before 30 days is up. But I will keep iPhone since its past the 14 days.
If someone can get past the 5 try limit on nck I'd be willing to volunteer my iphone for running a brute force proggie for months until it gets through.
If it can run as a daemon that's even better since I can still use my iPhone while it is trying. Though I'd assume battery life would be affected since it will be running all the time in the background.
Once the nck is found I'd be happy to publish my imei nck pair.
perhaps its a simple hash and the more pairs in the open may reveal the secrets of the relationship between imei and the nck if indeed its calculated.
By Grumps in forum iPhone OS 3.x
Last Post: 09-23-2009, 11:57 PM
By BASSPRO8 in forum Hardware
Last Post: 08-01-2008, 01:42 AM
By zenna in forum General
Last Post: 09-08-2007, 09:44 AM
By iMags in forum Turbo-, Supersim and Simcloning Solution
Last Post: 08-12-2007, 01:04 AM