Page 7 of 18 FirstFirst 1234567891011121314151617 ... LastLast
Results 61 to 70 of 180
Discuss [1.1.2 OTB] IMPORTANT - Unlock Information - Please Read at the iPhone "2G" (Rev. 1) - Hackint0sh.org; so in a quick summary, if apple decides to include a new bootloader everytime they ...
  1. #61
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    260
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    20

    Default

    so in a quick summary, if apple decides to include a new bootloader everytime they release a new firmware we will never be able again to crack a phone with the latest firmware coming out of the box.(?) only the ones which has been unlocked under 1.1.1 and will be updated.

    am i right or did i miss the point?


  2. #62
    Advanced Array

    Join Date
    Sep 2007
    Posts
    43
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    @ vpr:

    if you read the entire post, you'll see he explains that we will be behind one update after this. they need to reflash baseband with patched firmware with new seczone. new seczone we don't have so that's why we need another update. i think that's kind of what pspsully meant, lol.

    btw thanks for the heads up and we'll stay tuned right here as always.

  3. #63
    Rookie Array

    Join Date
    Nov 2007
    Posts
    24
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by vpr View Post
    Doesn't make sense to me. Who told you this?
    Now that we have all that nasty stuff out of the way, i do have some good news!! Firstly, an exploit has been found in the new bootloader that should allow us to run anySIM, this is excellent news as many people where worried if there would be an exploit in this bootloader. So basically, When we get the next firmware update, once the secpack is retrieved, we should have no problem unlocking 1.1.2 with bootloader 4.6, however, after the next firmware comes out, we WILL NOT be able to update to it as we will then need the secpack from the one AFTER THAT to unlock it.

  4. #64
    Advanced Array

    Join Date
    Nov 2007
    Posts
    32
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by vpr View Post
    Doesn't make sense to me. Who told you this?
    http://iphonejtag.blogspot.com/

    geohot's blog

  5. #65
    vpr
    vpr is offline
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    107
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by darksun View Post
    Regarding sniffing the germany official unlock via iTunes.

    I don't think it is worth spending time on this. Likely, there is no direct relationsship or algorith to get the NCK (network control key) from the IMEI to unlock the phone. It is more likely that Apple has a database with all IMEI / Serials and the correponding NCK's. iTunes may send the IMEI and get the NCK back to unlock the phone. The official way. As the NCK is different for every phone this would not help. Likely, the NCK is only given back to iTunes when the IMEI is on the white list of the Apple server.
    A more reasonable approach to an official unlock would be this:
    It is already known how to get the RSA hash of the NCK from the seczone. This can not be decrypted without the private key. But if it is possible to reverse engineer the routine which encrypts the NCK to compare it with the RSA hash of the NCK, given the public key, it would be possible to create all RSA hashes of all NCK values XXXXXXXX in a database(10^8 possibilites). This would maybe take some time, a week?, I don't know, but afterwards it should be possible to get the NCK from there after extracting the RSA hack from the seczone. This would be pretty much like the official unlock.

    Maybe I am wrong but has there anything been posted why reverse engineering the hash routine is not possible? Does anyone know if this is sitting in the bootloader or the firmware? Any comments would be great.

    If the public key is known, is the RSA encryption used not known?
    You'll get a NCK for a given iPhone. Nothing else. What's the use of knowing NCK for an unlocked iPhone? You can't use it to unlock another one!


  6. #66
    vpr
    vpr is offline
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    107
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by jflc9 View Post
    @ vpr:

    if you read the entire post, you'll see he explains that we will be behind one update after this. they need to reflash baseband with patched firmware with new seczone. new seczone we don't have so that's why we need another update. i think that's kind of what pspsully meant, lol.

    btw thanks for the heads up and we'll stay tuned right here as always.
    Quote Originally Posted by pksh View Post
    Now that we have all that nasty stuff out of the way, i do have some good news!! Firstly, an exploit has been found in the new bootloader that should allow us to run anySIM, this is excellent news as many people where worried if there would be an exploit in this bootloader. So basically, When we get the next firmware update, once the secpack is retrieved, we should have no problem unlocking 1.1.2 with bootloader 4.6, however, after the next firmware comes out, we WILL NOT be able to update to it as we will then need the secpack from the one AFTER THAT to unlock it.
    Quote Originally Posted by isom3tric View Post
    Stop posting this sh*t. I know what I'm speaking about.

  7. #67
    Senior Professional Array stonefred's Avatar

    Join Date
    Nov 2007
    Posts
    326
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    25

    Default

    Quote Originally Posted by vpr View Post
    Stop posting this sh*t. I know what I'm speaking about.
    then please do not reply to this thread without facts!

  8. #68
    Newbie Array

    Join Date
    Nov 2007
    Posts
    9
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    vpr: that is exactly the point I meant by saying that to sniff the official unlock via iTunes does not make sense. Because you get only your NCK for you unlocked phone. This NCK is for no use for other users.

    But imagine this: If I knew the rsa hash encryption, I could create the RSA hashes for all possible NCK combinations, put this into a database (stores NCK and RSA hashes for each combination), and upload this db to a Webserver.
    You then would run an app on your phone to read out the RSA hash of the seczone, go to my webserver, put in the RSA hash and you get back the corresponding NCK for your phone/rsa hash out of the database. With this could could unlock the phone via AT command for example.

    Of course this would not work for OTB 1.1.2 with bootloader 4.6 at the moment as it is not possible to read out the hash from the seczone but it could work for phones with bootloader 3.9 and later on for 4.6 as soon as the new secpack is available to put a routine in the baseband to read from the seczone.
    Last edited by darksun; 11-27-2007 at 09:01 PM.

  9. #69
    vpr
    vpr is offline
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    107
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by darksun View Post
    vpr: that is exactly the point I meant by saying that to sniff the official unlock via iTunes does not make sense. Because you get only your NCK for you unlocked phone. This NCK is for no use for other users.

    But imagine this: If I knew the rsa hash encryption, I could create the RSA hashes for all possible NCK combinations, put this into a database (stores NCK and RSA hashes for each combination), and upload this db to a Webserver.
    You then would run an app on your phone to read out the RSA hash of the seczone, go to my webserver, put in the RSA hash and you get back the corresponding NCK for your phone/rsa hash out of the database. With this could could unlock the phone via AT command for example.

    Of course this would not work for OTB 1.1.2 with bootloader 4.6 at the moment as it is not possible to read out the hash from the seczone but it could work for phones with bootloader 3.9 and later on for 4.6 as soon as the new secpack is available to put a routine in the baseband to read from the seczone.
    You need apple's private key to make a hash of a given NCK+IMEI or whatever! Public is used only for validating!

  10. #70
    Newbie Array

    Join Date
    Nov 2007
    Posts
    9
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Ok, one last question. Do you know how the NCK is verified by the baseband if you do an unlock via AT command ?


 

 

Similar Threads

  1. Error 1011 Important Information
    By JSN1 in forum iPhone "2G" (Rev. 1)
    Replies: 35
    Last Post: 10-04-2008, 01:21 PM
  2. Replies: 15
    Last Post: 01-27-2008, 11:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 09:19 AM.
twitter, follow us!