As we all know by now, the exploit which iPhone Dev Team, including MuscleNerd and Sherif Hashim, thought would work to unlock iPhone 4 on 2.10.04, 3.10.01 and 4.10.01 basebands unfortunately turned out to be a no-show in the end.
But all is not lost as the Dev-Team is now said to be working hard on a new exploit (originally made by Geohot three years ago) that could possibly unlock iPhone 4 forever.
The following FAQ (courtesy of Vincent) will help answer most of your questions related to this new permanent iPhone 4 unlock exploit.
Since there is a lot of confusion out there, and since I’m repeating myself all the time (which I do not really like), I made this little write up of questions that are continuously being asked (my personal FAQ). Please not that this is a global explanation. Don’t try to argue with me on specific details.
1. What happened?! I thought the unlock for basebands 02.10.01 & 03.10.01 would be released within the next 2 weeks?
As you know the Dev-Team (MuscleNerd) have been working on the unlock for quite a while now. They were making great progress on the unlock, but they found out that they (accidentally) unlocked "one particular SIM card" instead of the baseband itself. Which means that the unlock would only be an unlock you could use with MuscleNerd’s T-Mobile SIM. So, useless. If the unlock would unlock the baseband instead of "the SIM", it’d probably be out within 2 weeks (reasonable timeframe which they had hoped). But things turned out to be different. Basically these <2 weeks predictions were a lack of information.
2. What is this NCK-key cracking? How does it work?
The NCK-key is the key generated by Apple if you’d officially unlock you iPhone, and with officially I mean, via your carrier. This "NCK-unlock" method is known over a few years now, actually since geohot started working on unlocking the iPhone 2G. He developed a program that could "crack" this 15 digits long key and unique for every device. Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years, or complete a search in 317 years. To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PS3 (would we still want to use this??) or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn’t help much.
Now, luckily, with the exploits they have now, they can’t unlock your baseband, but they *can* capture more information from the baseband to speed up this cracking process. Since the NORID and CHIPID (unique for every device) are known, you’d apparently only have to check 40 more bits (5 digits). A 40 bits key is theoretically crackable on "home hardware" within a week (24/7). The downside of this approach is that you’ll have to keep your computer turned on, and your iPhone has to be connected. And that is the reason why they never tried it before. Please note that this method is completely theorical and has been NOT tried at all till this moment.
3. Now what? Should I sell my locked iPhone 4?
I’d wait for more information on this "NCK-unlock". Right now it’s pretty vague what timeframe we’re talking about. If the Dev-Team can pull this method off, it’d be very promising for those waiting for an unlock. If this method turns out to be not doable, I’d consider selling your iPhone 4 and save up for a factory unlocked iPhone 5.
4. Do you think there is every going to be an unlock?
Of course. But that’s unlikely to be any time soon (with soon being <1 month).
5. If the NCK method fails, how long do you think it will take for the Dev-Team to unlock the iPhone 4?
No ETA at all. Could be a few weeks, but it could easily be a few months as well.
------
Well it looks like the hacker behind the exploit is going to save it until Apple releases iOS 4.3.1.
i0n1c: With Apple already baking 4.3.1 the first one releasing an iOS 4.3 jailbreak will pretty much burn the exploit
i0n1c: Well Apple should release 4.3.1 very soon, because tomorrow everybody knows that @0xcharlie popped an iPhone 4 at #pwn2own through Safari.
Why you may ask? At Pwn2Own contest, iPhone 4 was hacked via vulnerability which was found in Mobile Safari running iOS 4.2.1. This vulnerability also exists in iOS 4.3 but all devices running the latest version of iOS are safe until hackers find a way to bypass the ASLR (Address Space Layout Randomization) which Apple has implemented for all supported devices starting from iOS 4.3.
In an interview, winners of Pwn2Own told ZDNet that bypassing ASLR security in iOS 4.3 is harder to do then what most think it is.
If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.
As of 4.3, because of the new ASLR, it will be much harder.
According to Charlie Miller, the winner of this years’ Pwn2Own contest, Apple has been informed about the vulnerability and they are going to fix it in the next update.
@0xcharlie: Me and @dionthegod won pwn2own for iPhone, yippee. Apple already has the vulnerability information and will patch soon.
So is iOS 4.3.1 release imminent? Not anytime soon I think. Since the exploit mentioned above in iOS 4.3 requires ASLR to be bypassed, I don’t think Apple will be worried too much. Or not until someone figures out a way to bypass ASLR and makes the technique public.
------
Sticking close to their purported iPhone 5 digitizer, showing a larger display and a thinner bezel, iDealsChina has now posted several “mold engineering drawings” for the fifth-generation iPhone.
We just got what appears to be mold engineering drawings for iPhone 5. These would be used by case designers to create plastic, TPU, aluminum, silicone and leather cases. A while back we hear rumors that iPhone 5 would have a curved back but these images show iPhone 5 with the same form factor as iPhone 4 but with an edge to edge screen.
nterestingly enough, these images depict an iPhone 4-like design – with the same wrap-around antenna – but with a larger display and a thinner bezel. This larger display and thinner bezel goes hand in hand with reports from Digitimes and the Wall Street Journal, respectively.
The images do not show much else but the interesting part from their description is that these images are said to be case mold drawings. The last case mold drawings we saw were for the iPad 2 and they seem to have been almost, if not, 100% accurate.
Apple’s iPhone 5 will also include a dual-core A5 processor, according to code in the latest iOS builds, in addition to enhanced voice control and iOS 5. The iPhone 5 is expected to be revealed at WWDC 2011 with a launch date in either June or July.
------
This post brought to you by a genuine MacBook Pro
