Page 1 of 2 12 LastLast
Results 1 to 10 of 13
Discuss [2.0][3G - Advice] Cant the Dev Team Replicate "Official Unlock"? at the iPhone "2G" (Rev. 1) - Hackint0sh.org; As you may be aware, the 3G iPhone is sold "Officially unlocked" in Italy and ...
  1. #1
    Senior Professional Array

    Join Date
    Nov 2007
    Posts
    201
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    17

    Default [2.0][3G - Advice] Cant the Dev Team Replicate "Official Unlock"?

    As you may be aware, the 3G iPhone is sold "Officially unlocked" in Italy and HongKong.

    http://www.hackint0sh.org/forum/showthread.php?t=45363

    If our beloved Development Team got their hands on one of these 'officially unlocked' units, could they not 'replicate' the way that the unlock is done, to either create a new unlock for the rest of us or a component for PWNAGE?

    Maybe worth a try...
    iPhone 4.0, Vodafone Greece.



  2. #2
    Professional Array lovemygti's Avatar

    Join Date
    Mar 2008
    Posts
    61
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    Quote Originally Posted by fuzzy View Post
    As you may be aware, the 3G iPhone is sold "Officially unlocked" in Italy and HongKong.

    http://www.hackint0sh.org/forum/showthread.php?t=45363

    If our beloved Development Team got their hands on one of these 'officially unlocked' units, could they not 'replicate' the way that the unlock is done, to either create a new unlock for the rest of us or a component for PWNAGE?

    Maybe worth a try...

    It's a good idea.. Maybe someone who knows what they're doing should pm one of the guys who responded in the other thread and ask them to upload the BB files over via instant messenger or something (not via the forum because of the rules)... who knows maybe it is a simple as replacing our files with theirs?

  3. #3
    Rookie Array

    Join Date
    Sep 2007
    Posts
    23
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Wont work, the "official unlock" involves iTunes reading some data from the iPhone and sending it to an apple server. The apple server then checks to see if the phone is in its database as a phone that is allowed to be unlocked. If it is, the server does some calculations and math and en/decryption and stuff (likely using apple's private RSA key) and returns the results to iTunes which then hands it to the phone (who then unlocks it).

    Without the apple algorithim and the apple private key, the only way to unlock is to use holes in the baseband (assuming such holes exist in the new 3G baseband software) to modify it so it thinks its unlocked.

  4. #4
    Rookie Array

    Join Date
    Jul 2008
    Posts
    22
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Has anyone tried to spoof the iTunes server to return results that would tell iTunes that the phone can be activated?

  5. #5
    Jedi Admin Array

    Join Date
    Sep 2007
    Location
    sao paulo, brasil
    Posts
    1,242
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Quote Originally Posted by CaptainCode View Post
    Has anyone tried to spoof the iTunes server to return results that would tell iTunes that the phone can be activated?
    Not possible and highly unlikely. Not to mention borderline illegal.

    N41
    MSN/AIM? PM me
    If you want to become a Hackint0sh supporter click here.
    I DO READ PM's

    "Just because I'm losing
    Doesn't mean I'm lost
    Doesn't mean I'll stop
    Doesn't mean I will cross

    Just because I'm hurting
    Doesn't mean I'm hurt
    Doesn't mean I didn't get what I deserve
    No better and no worse "


  6. #6
    Rookie Array

    Join Date
    Jul 2008
    Posts
    22
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by Number_41 View Post
    Not possible and highly unlikely. Not to mention borderline illegal.

    N41
    It's not at all illegal to do on your own computer to imitate the iTunes activation server.

  7. #7
    Newbie Array

    Join Date
    Mar 2008
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    And how will you get the private encryption key? Qualified guessing, or simply studying tea leaves? Perhaps the same method as Mr Bush uses for finding WMDs?

  8. #8
    Rookie Array

    Join Date
    Jul 2008
    Posts
    22
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I asked if anyone has tried. Since you seem to know how the whole thing works I assume you tried or are you just guessing at how it works?

  9. #9
    Senior Professional Array

    Join Date
    Jul 2007
    Posts
    315
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    25

    Default

    the formula is known.
    This is my multithreaded NCK brute forcer.
    Thanks to gray for his initial work with the algorithm.

    ltoken_test is a seczone I encoded with the NCK "123456"
    It unlocked the phone with AT+CLCK="PN",0,"123456"

    ltoken is the ltoken off my phone
    rsa_key2 is the bootloader RSA key

    A Quick Note on the Algo:
    The token is stored encrypted at +0x400 in the seczone
    The NCK Check prodecure is as follows:
    Create a TEA key by combining the NCK, NORID, and CHIPID
    Decrypt the token with the TEA key
    One NCK will output a valid RSA message
    This message contains the PKCS header and the NORID/CHIPID key

    To summarize:
    RSA(TEA(&seczone[0x400], SHA(NCK+NORID+CHIPID)),rsa_key2)=valid message

    ~geohot

  10. #10
    Developer Array cosmoLV's Avatar

    Join Date
    Dec 2007
    Location
    Latvia
    Posts
    320
    Post Thanks / Like
    Downloads
    1
    Uploads
    0
    Rep Power
    23

    Default

    Quote Originally Posted by fuzzy View Post
    As you may be aware, the 3G iPhone is sold "Officially unlocked" in Italy and HongKong.

    http://www.hackint0sh.org/forum/showthread.php?t=45363

    If our beloved Development Team got their hands on one of these 'officially unlocked' units, could they not 'replicate' the way that the unlock is done, to either create a new unlock for the rest of us or a component for PWNAGE?

    Maybe worth a try...
    It's not like that if be, then this will be easy
    All key is carrier (accepted carrier from apple) if Italy and HongKong iPhones are Unlocked, That Means Unlocked by they carriers.

    maybe i'm wrong, but seems like that
    [SIZE=2]Location: Latvia

    ---


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. unlock "3.1.3" "bootloader 05.09" baseband "05.12.01"
    By rush in forum Blacksn0w (3G(S) unlock)
    Replies: 1
    Last Post: 06-09-2010, 08:35 PM
  2. Replies: 4
    Last Post: 07-01-2008, 04:53 AM
  3. "Unlock.app" can fix "no service","no wifi","IMEI 049.."
    By max9241 in forum iPhone "2G" (Rev. 1)
    Replies: 17
    Last Post: 11-11-2007, 04:12 PM
  4. Replies: 5
    Last Post: 09-16-2007, 01:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 02:34 PM.
twitter, follow us!