Go and see new progress report released on dev website.

Where is the location Please share

iphone.fiveforty.net/wiki/index.php?title=Main_Page

New release: iASign

We are releasing a small tool called iASign (click for more details) to generate a valid activation PLIST file based on the Device ID, IMEI and CCID of your iPhone. You can upload the generated PLIST to the iPhone using our activation tool. Note that in order for the iPhone to accept this PLIST, you must first replace the iPhoneActivation.pem on your iPhone with the one provided. See the README file for further details. We have had it working for quite a while, but we wanted to release it with a Windows binary, which apparently seems to be a problem to get. So we're releasing the Mac OS X binary and the source. Hopefully somebody will get us a working Windows binary.

-- the dev team


Will we ever unlock the iPhone?

All problems with unlocking lie in the baseband, the radio chipset for the iPhone. The chipset is an S-Gold2, and don't come in the chat and give us links to PapaUtils, we can't use them.

Now the iPhone only has one lock, a network personalization lock. This lock means the MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the SIM cards IMSI. This check is done in the baseband firmware itself. I'm not really sure where yet, but that isn't really relevant.

The only thing standing in the way of an unlock is the baseband. All the other sim checks are known and can be patched out. We even know the AT command to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck finding those x's. They are called the NCK, or Network Control Key, and are believed to be unique in everyones phone. Forget brute force(time impractical) and the obvious entries. If you still think bruteforce is a good idea, read this. Further, there is a limit of 3-10 unlock attempts per phone, after which the firmware will "hard-lock" itself to AT&T.

So why can't we just patch the firmware? The firmware, located in the ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed. See here for what is known about the file. The sig is checked in the baseband bootloader. The updater program, bbupdater, only checks a checksum, which can be changed. The update will take, but then the phone won't boot because the sigs don't match.

We worked two solid days on disasseming the radio fw. There are a few backdoors, but none that would lead to an unlock. If you are *good* with disassembling ARM, PM geohot for the idb. We've documented a lot of functions pretty well. Although, this firmware is very difficult to work through. I'm 90% sure the password check happens in the function called pwdcheck, but I haven't found it yet. For all we know there could be a simple algorithm to generate the NCKs that we've missed.

Translation: they can't unlock it. Anyway, thanks to all trying to unlock the iphone, i really appreciate your efforts, i as many hope for the day we can use our iphones.

Ummm...no, that is *not* what they said at all. It is definitely not impossible to unlock the iPhone, it's just that it may or may not take longer than expected.

Translation: they can't unlock it. Anyway, thanks to all trying to unlock the iphone, i really appreciate your efforts, i as many hope for the day we can use our iphones.

No it means simply that the way to unlock is hard, thats all. Oh and that we give you another toy to play with at your phone while waitign for the unlock to finish. :cool:

Translation : Sigs is 1024 bits rsa encoded! A nice fair super computer cost around $1billion will sure hack it within mins...

But speaking of reality, without writing a special program that will run in say 1000 people's computer (not low ends though) will help crack the code probably in a week or so :) if the team considers writing a software that will be interacting with dev team's database that is devided in organized way that say 1000 people will use their share for the analysis for a possible crack :)

if you guys can write it i m sure i wil help with my 2 lappies :) running day an nite, and i m sure there are a lot of helpful friends out there as well :)

Very incredible work so far in such a short time. I'm sure it will happen, it always does.

Development Guys keep it up I believe in you man .;)

guys your work is greatly appreciated, i wished i had some notions in hacking to help you!!!

i pray you'll find a way to unlock it

big respect for what you've done already

rg

what about the distributed computing idea mentioned earlier. Is it possible for the dev team to write a simple brute force software that will try to find the key by assigning intervals of possible passwords to each client that connects to a main server.

There are software applications out there that use this approach or something similar for different goals. I am sure that iPhone owners will be eager to participate.

Translation : Sigs is 1024 bits rsa encoded! A nice fair super computer cost around $1billion will sure hack it within mins...

But speaking of reality, without writing a special program that will run in say 1000 people's computer (not low ends though) will help crack the code probably in a week or so :) if the team considers writing a software that will be interacting with dev team's database that is devided in organized way that say 1000 people will use their share for the analysis for a possible crack :)

if you guys can write it i m sure i wil help with my 2 lappies running day an nite, and i m sure there are a lot of helpful friends out there as well :)
And I will lend my 20 computers for this! So now we have 22