Well geohot has made his NCK brute force tool public (he was the reliable source I referred to previously that has attempted the BF before).

You can download the toolkit from geohot site:

http://lpahome.com/nckbf/nckbf.rar

I just did and am looking into it, it would be nice if this thread would be for those of us attempting to look at the BF side of things and any useful comments.

PS! has anyone (including geohot) got a valid combination of the ltoken+norid+chipid+NCK+RSA message to validate that this indeed works e.g. if one gives the correct NCK that it spits out woohoo, key found

How do you extract the information necessary from the phone in order to tinker with this?

Are we looking at an unlock method for our 4.6 BL? What did you find out so far? Thanks

Wow...I'll be watching this thread. Thanks.

Originally Posted by macke

How do you extract the information necessary from the phone in order to tinker with this?

The closest what I know is this:

http://c_ode.google.com/p/iphone-elite/wiki/TEASecZone

remove the _ ... However as I have understood this will not work with 4.6BL. As I have read from various places and latest claimed by MuscleNerd in another thread is that there is a way to read data still in 4.6BL and gray has a way. This is still warm stuff (the link to BF code wasn't on the link yesterday), so it's all quite new and takes some time...

Originally Posted by asher_ungar

Are we looking at an unlock method for our 4.6 BL? What did you find out so far? Thanks

Again, relax Even if this proves to be an unlock way, it'll first take a lot of time to make sure and then it'll take still huge effort per phone. So I wouldn't go out and buy 500 iPhones like some do

I've just download and compiled this nckbf from geohot... Some people might have problems compiling it because it needs libGMP, and compiling this on windows isn't so easy...

If someone wants the already compilte libgmp.a and gmp.h, I've uploaded them to: http://**********.com/files/77125401...2-compiled.rar
(So with those 2 files it's easy to compile nckbf with dev-cpp)

Also, if you doesn't want to compile anything at all, just download the already compiled .exe, i've also uploaded it to:
http://**********.com/files/77125702/nckbf-binary.rar

both are r-a-p-i-d-s-h-a-r-e links

Well, It's POSSIBLE, but I really don't think this unlock method would be practical... Yes, of course we SURELY will find a solution before the end of the entire 15-digit range, but... even them, it woudl take a while (or a lot of computers) to do it...

Geohot provided a very good brute-force program, it already accepts the first 7 digits manually, so we can easly code something with boinc or something to distribute the effort, but... the question remains, would that be practical or just a curiosity ?

toruonu or anyeone else, can you guys really provide lot of computer power ? Would the entire community want to join this effort ? (remember, this time would be to break only ONE iphone, for every iphone we need to do this AGAIN, so... we can do it as a curiosity or just to have a proof that it works, but...)

So this means if we had these keys: ltoken+norid+chipid+NCK+RSA we shouldve been able to open the bootloader? But what about the only 5 times rule of the iphone?

Okay, THIS IS NOT AN UNLOCK. Don't try to brute force your phones seczone, it won't succeed. This brute force needs to be optimized 100x before it can even be attempted on a *distributed* system.

Also if you want to see the program work, run it on ltoken_test included in the rar file. I encrypted that seczone with the nck "123456". It successfully unlocked the phone when I uploaded it so I know the tool works.

Someone should h/w dump a French/German phone then order the unlock for it. That'll really test the brute forcer with an Apple NCK.

WE STILL REALLY NEED THOSE PLISTS

You can do it geohot!! I know you can