hi everyone

The new comments about the nck are very interesting!
What about something that will brute force the nck while
charging overnight? 12 hours a day should crack it in
less than 2 months. Maybe 3 months given nck processing
time. Once programs can be to run on OSx something
could even run inthe background during the day.

One concern is traditionally the ncks have a limited
number of attempts. Does anyone know if this is
implemented inthe sim or the phone

Typed on my iPhone ;)

yeah, i was thinking the same thing.

If the dev team's efforts fail at unlocking, bruting the NCK might be the only unlocking solution for us overseas iPhoners'......well off course this would be impossible if there is a max limit on nck tires...anyone know if it is ?

I put my faith in the brilliant minds of the dev team ! :cool:

This is a new thing to me. Can somebody teach me?
i just bought a SIMCard RW as well, just in case... (you know what I mean :P ).
Can I make my local SIMCard recognized as AT&T SIM, while I still can use my local provider?

i really salute the guys in Wiki. Real close now. Don't give up. i am sure someone from the Apple development team would leak out a clue or two. I heard those guys (Apple) manufactured it in China .. not sure if the firmware was also done in China. If it is anytime now.... maybe worth a lot of $$$. BUT someone will come out with it. Else we will all boycott Apple. This is ridiculous 5 years just to sell via AT&T no one else. No freedom of choice. WTF! you notice even the headset they use sunken jack ONLY use apple earphones. This is really pissing us off!!!

Im past my 14 days already but ill cancel with at&t
before 30 days is up. I use the wifi and ipod features mainly.
no sense in getting tied down for two years.

I'll be happy to let it brute force every night for 2-3 months.
its not just trying to get tmobile on the phone but mainly the 2 year
contract.

lets doing it on force :D - brute force !

Put 50 PCs ( or Macs) together and let them run one Week, thats it :)

Besides getting the PW it could be checked wether the PW is realy the way to crack it or not.

Would be in if we start a bruteforce attack :)

I was wondering, when some phones will be "brute forced" maybe we could be able to find an algorythim to find a correspondance between IMEI and the unlocking numbers... they have been generated someway...

:confused: Let's do it please.

This is ridiculous 5 years just to sell via AT&T no one else.!

From the AT&T website
"*All plans require a 2-year AT&T service agreement"

http://www.wireless.att.com/cell-phone-service/legal/plan-terms.jsp#iPhone

Not 5 years.

Well... If they need a Super computer... My self and some friends i know will be willing to join an @home team and put every thing we have for this. The combined load of all of us is about 30PS3s, 90+ windows machines, and 40+ Macs. Not to mention the other misc machines we have lying around.

Drop Me a PM if you need it.

I was wondering, when some phones will be "brute forced" maybe we could be able to find an algorythim to find a correspondance between IMEI and the unlocking numbers... they have been generated someway...


<My10Cents>
First off, it would be stupid not to implement a limit of times a unlock code could be entered. I had a network locked Sony Ericsson phone that I after one year legaly could onlock. My network provider (Telenor) has a nice web interface where you enter the IMEI and unlocking instructions along with the unlock code are shown. There was however a warning that I only had 5 tries. Get it wrong and I had to send in the phone.

But even though the IMEI number was used as a key for looking up the code in their database I would be surpised if the IMEI itself was used to generate the code using some stupid algorithm. Much better to generate random codes and only using the IMEI as a lookup in the database.

I assume locking a phone is as easy as unlocking it, but again I assume the big companies either have special software and cables for locking a large amount of phones or they order the phones pre-locked and get a nice cvs or xml file too, with the IMEI and unlocking codes from the phone producer.

Anything other would be stupid, and lets face it. Sony Ericsson, Nokia or Apple for that matter has not gotten to where they are by beeing stupid.

To summarise:
1. I bet you cannot brute force, because after a small number of guesses the phone is turned into an expensive letter weight.

2. The unlocking codes are not derived from the IMEI number

</My10Cents>

I was thinking the same, that the IMEI number has a relation with the unlock code

I know the brute force method is long but I would definitely used it if its guaranteed to work.

Doesn't cost you anything, just the annoying time frame.

Once it is possible to write custom applications it might be smart to create an application for the iphone that tries to hack the code by itself - running on the iphone.

It would just be a matter of time until the phone has found the code by itself. If one is lucky, its just one day. If not, it could last some years depending on the speed of the phone.

I can already see some guys having 100 iphones scanning themselves all the time, and everytime one unlocks it is put on ebay instantly...

I'm quite sure that there is no such thing as a maximum amount of tries. There might be a forced delay, but no overall maximum. And if there is one, there must be a memory segment that you can set back to zero.

lets doing it on force :D - brute force !

Put 50 PCs ( or Macs) together and let them run one Week, thats it :)

Besides getting the PW it could be checked wether the PW is realy the way to crack it or not.

Would be in if we start a bruteforce attack :)
Hey guys, the speed limitation is not due to computing power. If you guys read on
the wiki - the limit is due to the serial link speed. They calculated 30 days
just from communication over a 9600 baud link. Thats assuming the AT
commands came right back after trying the NCK.

I was thinking the same, that the IMEI number has a relation with the unlock code

I know the brute force method is long but I would definitely used it if its guaranteed to work.

Doesn't cost you anything, just the annoying time frame.

I don't agree that IMEI is not related to the NCK. They may have implemented
some kind of look up list for the iphone but I doubt it. There are people offering
unlock codes for nokias that is formula based off the IMEI. If the iphone
bases the the NCK off the IMEI, then it could work. But typically, the hackers
that figure out the formula need a few NCK/IMEI pairs to break the hash.
Since no NCK's have been released, that way won't work either.

can the number of failed tries be reset through software? Or by resetting the iPhone, restoring the firmware?

If so, a brute force approach is something to consider indeed...

From the AT&T website
"*All plans require a 2-year AT&T service agreement"

http://www.wireless.att.com/cell-phone-service/legal/plan-terms.jsp#iPhone

Not 5 years.

Uhh... the 5 years they were referring to, is the agreement Apple signed with AT&T saying that they have EXCLUSIVE rights to be the ONLY wireless network in the US to sell and provide wireless service to the iPhone. They didn't say that it was a 5 year contract.

With the firmware and restore images would it be feasible to emulate an individual phone and brute force it on a PC, then use that unlock code on the real phone? That way you don't use up your limited tries on the actual phone...

perhaps just emulate the lookup algorythm? Presumably it's a one-way algorythm with a known encrypted code?

Just an idea, maybe its obvious, if so, apologies, I don't know much about this stuff, but I'm a strong supporter!

IF the iPhone does not have a set number of maximum tries for NCK unlock, OR it is possible to reset this "counter" THEN unlock by brute force is quite possible, it could take a long time, but definately possible.
the baseband interface @9600 baud seems like the bottleneck in this, as a "normal modern" cpu could easily generate the possible combinations at a much higher speed than the interface can handle....

AND IF we get some IMEI <-> NCK pairs from brute force, then some smart folks might be able to find the alogrithm used to generate the NCK, if there indeed is a correlation between IMEI and NCK.

me thinks that if there is a max number of tries, it also has to be a way to reset this....

Keep up the good work team !! :cool:

IOR it is possible to reset this "counter" THEN unlock by brute force is quite possible

That's what I was thinking. However the radio chip, if smart, would store the number of unlock tries somewhere in internal memory that was not within the reflashable firmware. So even if you reload a "virgin" firmware after every time you try to unlock it, the counter would be preserved. :(

I was wondering, when some phones will be "brute forced" maybe we could be able to find an algorythim to find a correspondance between IMEI and the unlocking numbers... they have been generated someway...

:confused: Let's do it please.

Well, algorithm is konwn at present I think. The real problem is that you need correct key for it. And there is a way to find it: Just split some big number in two. However this task requires way too much time. Go read about public key cryptography.

What I wanted to say is why all of you are proposing such an inefficient way to bruteforce? The dev team know what CPU this thing run, they even can code soft for it. So they must be able to reverse engeener it or, in human language, port it to PC. Then you only need to grab some information from the phone which is used to check unlock code (might not be easy), and bruteforce. If apple isn't using some cumbersome checking ruotines, then bruteforce should take seconds. What is preventing such deal?

well I'm canceling AT&T tomorrow before 30 days is up. But I will keep iPhone since its past the 14 days.

If someone can get past the 5 try limit on nck I'd be willing to volunteer my iphone for running a brute force proggie for months until it gets through.

If it can run as a daemon that's even better since I can still use my iPhone while it is trying. Though I'd assume battery life would be affected since it will be running all the time in the background.

Once the nck is found I'd be happy to publish my imei nck pair.
perhaps its a simple hash and the more pairs in the open may reveal the secrets of the relationship between imei and the nck if indeed its calculated.

:)