Results 1 to 3 of 3
  1. #1
    none
    Guest
    as everyone knows, the whole goal of the iphone is to UNLOCK it, make it
    work with any carrier, or even better, get skype into it and get rid of
    ATT entirely. so below is some very deep geek speak, and please help
    this project if you can!

    -----

    iPhone Partially Unlocked, Calls Without AT&T Contract

    All problems with unlocking lie in the baseband, the radio chipset for
    the iPhone. The chipset is an S-Gold2, and don't come in the chat and
    give us links to PapaUtils, we can't use them. Now the iPhone only has
    one lock, a network personalization lock. This lock means the
    MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the
    SIM cards IMSI. This check is done in the baseband firmware itself. I'm
    not really sure where yet, but that isn't really relevant. The only
    thing standing in the way of an unlock is the baseband. All the other
    sim checks are known and can be patched out. We even know the AT command
    to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck
    finding those x's. They are called the NCK, or Network Control Key, and
    are believed to be unique in everyones phone. Forget brute force(time
    impractical) and the obvious entries. If you still think bruteforce is a
    good idea, read this. Further, there is a limit of 3-10 unlock attempts
    per phone, after which the firmware will "hard-lock" itself to AT&T. So
    why can't we just patch the firmware? The firmware, located in the
    ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed.
    See here for what is known about the file. The sig is checked in the
    baseband bootloader. The updater program, bbupdater, only checks a
    checksum, which can be changed. The update will take, but then the phone
    won't boot because the sigs don't match.

    We worked two solid days on disasseming the radio fw. There are a few
    backdoors, but none that would lead to an unlock. If you are *good* with
    disassembling ARM, PM geohot for the idb. We've documented a lot of
    functions pretty well. Although, this firmware is very difficult to work
    through. I'm 90% sure the password check happens in the function called
    pwdcheck, but I haven't found it yet. For all we know there could be a
    simple algorithm to generate the NCKs that we've missed.

    more here:

    http://gizmodo.com/gadgets/breaking/...ed-calls-witho
    ut-att-contract-279606.php



    See More: deep geek speak - how to unlock the iphone




  2. #2

    Re: deep geek speak - how to unlock the iphone

    none wrote:
    > as everyone knows, the whole goal of the iphone is to UNLOCK it, make it
    > work with any carrier, or even better, get skype into it and get rid of
    > ATT entirely. so below is some very deep geek speak, and please help
    > this project if you can!
    >
    > -----
    >
    > iPhone Partially Unlocked, Calls Without AT&T Contract
    >
    > All problems with unlocking lie in the baseband, the radio chipset for
    > the iPhone. The chipset is an S-Gold2, and don't come in the chat and
    > give us links to PapaUtils, we can't use them. Now the iPhone only has
    > one lock, a network personalization lock. This lock means the
    > MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the
    > SIM cards IMSI. This check is done in the baseband firmware itself. I'm
    > not really sure where yet, but that isn't really relevant. The only
    > thing standing in the way of an unlock is the baseband. All the other
    > sim checks are known and can be patched out. We even know the AT command
    > to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck
    > finding those x's. They are called the NCK, or Network Control Key, and
    > are believed to be unique in everyones phone. Forget brute force(time
    > impractical) and the obvious entries. If you still think bruteforce is a
    > good idea, read this. Further, there is a limit of 3-10 unlock attempts
    > per phone, after which the firmware will "hard-lock" itself to AT&T. So
    > why can't we just patch the firmware? The firmware, located in the
    > ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed.
    > See here for what is known about the file. The sig is checked in the
    > baseband bootloader. The updater program, bbupdater, only checks a
    > checksum, which can be changed. The update will take, but then the phone
    > won't boot because the sigs don't match.
    >
    > We worked two solid days on disasseming the radio fw. There are a few
    > backdoors, but none that would lead to an unlock. If you are *good* with
    > disassembling ARM, PM geohot for the idb. We've documented a lot of
    > functions pretty well. Although, this firmware is very difficult to work
    > through. I'm 90% sure the password check happens in the function called
    > pwdcheck, but I haven't found it yet. For all we know there could be a
    > simple algorithm to generate the NCKs that we've missed.
    >
    > more here:
    >
    > http://gizmodo.com/gadgets/breaking/...ed-calls-witho
    > ut-att-contract-279606.php


    Why not just buy a unit thats more 'open', for less money? Why spend
    hundreds/thousands of hours hacking a device from a manufacturer that
    will just change the design enough to ruin all your work as soon as you
    work it out?

    The hardware isn't that cool, really. Its got a few physical design
    defects (the screen-pad-not-really-a-digitizer-thingie will be more fun
    than the battery) which would make me avoid.

    According to my own apple support insider the actual support quality, in
    the end, ends up being about the same as you'd get when dealing with a
    'roaming' provider. Basically Apple knows nothing about the network,
    and Cingular knows nothing about the phone... This is an asstastic
    situation for everyone involved.

    If you're not too busy, try fixing this iphone software bug...

    http://www.theinquirer.net/default.aspx?article=41032

    <720 degree eye roll>




  3. #3
    none
    Guest

    Re: deep geek speak - how to unlock the iphone

    "[email protected]" <[email protected]> wrote:

    > > more here:
    > >
    > > http://gizmodo.com/gadgets/breaking/...ed-calls-witho
    > > ut-att-contract-279606.php

    >
    > Why not just buy a unit thats more 'open', for less money? Why spend
    > hundreds/thousands of hours hacking a device from a manufacturer that
    > will just change the design enough to ruin all your work as soon as you
    > work it out?
    >
    > The hardware isn't that cool, really. Its got a few physical design
    > defects (the screen-pad-not-really-a-digitizer-thingie will be more fun
    > than the battery) which would make me avoid.
    >
    > According to my own apple support insider the actual support quality, in
    > the end, ends up being about the same as you'd get when dealing with a
    > 'roaming' provider. Basically Apple knows nothing about the network,
    > and Cingular knows nothing about the phone... This is an asstastic
    > situation for everyone involved.
    >
    > If you're not too busy, try fixing this iphone software bug...
    >
    > http://www.theinquirer.net/default.aspx?article=41032
    >
    > <720 degree eye roll>


    well, the iPhone is enough of a modern marvel to do whatever it takes to
    make it work on every carrier. It's easily the most popular cell phone
    now, so we'll see how it develops. The Duke thing is a Duke problem, not
    related to the iPhone.



  • Similar Threads