A mobile phone forum. Mobile-Forum

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Mobile-Forum forum » Airtime providers » Cingular
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

deep geek speak - how to unlock the iphone



 
 
Thread Tools Display Modes
  #1  
Old July 18th 07, 04:56 PM posted to alt.cellular.cingular
none
external usenet poster
 
Posts: 262
Default deep geek speak - how to unlock the iphone

as everyone knows, the whole goal of the iphone is to UNLOCK it, make it
work with any carrier, or even better, get skype into it and get rid of
ATT entirely. so below is some very deep geek speak, and please help
this project if you can!

-----

iPhone Partially Unlocked, Calls Without AT&T Contract

All problems with unlocking lie in the baseband, the radio chipset for
the iPhone. The chipset is an S-Gold2, and don't come in the chat and
give us links to PapaUtils, we can't use them. Now the iPhone only has
one lock, a network personalization lock. This lock means the
MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the
SIM cards IMSI. This check is done in the baseband firmware itself. I'm
not really sure where yet, but that isn't really relevant. The only
thing standing in the way of an unlock is the baseband. All the other
sim checks are known and can be patched out. We even know the AT command
to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck
finding those x's. They are called the NCK, or Network Control Key, and
are believed to be unique in everyones phone. Forget brute force(time
impractical) and the obvious entries. If you still think bruteforce is a
good idea, read this. Further, there is a limit of 3-10 unlock attempts
per phone, after which the firmware will "hard-lock" itself to AT&T. So
why can't we just patch the firmware? The firmware, located in the
ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed.
See here for what is known about the file. The sig is checked in the
baseband bootloader. The updater program, bbupdater, only checks a
checksum, which can be changed. The update will take, but then the phone
won't boot because the sigs don't match.

We worked two solid days on disasseming the radio fw. There are a few
backdoors, but none that would lead to an unlock. If you are *good* with
disassembling ARM, PM geohot for the idb. We've documented a lot of
functions pretty well. Although, this firmware is very difficult to work
through. I'm 90% sure the password check happens in the function called
pwdcheck, but I haven't found it yet. For all we know there could be a
simple algorithm to generate the NCKs that we've missed.

more he

http://gizmodo.com/gadgets/breaking/...ed-calls-witho
ut-att-contract-279606.php
  #2  
Old July 18th 07, 10:02 PM posted to alt.cellular.cingular
[email protected]
external usenet poster
 
Posts: 99
Default deep geek speak - how to unlock the iphone

none wrote:
as everyone knows, the whole goal of the iphone is to UNLOCK it, make it
work with any carrier, or even better, get skype into it and get rid of
ATT entirely. so below is some very deep geek speak, and please help
this project if you can!

-----

iPhone Partially Unlocked, Calls Without AT&T Contract

All problems with unlocking lie in the baseband, the radio chipset for
the iPhone. The chipset is an S-Gold2, and don't come in the chat and
give us links to PapaUtils, we can't use them. Now the iPhone only has
one lock, a network personalization lock. This lock means the
MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the
SIM cards IMSI. This check is done in the baseband firmware itself. I'm
not really sure where yet, but that isn't really relevant. The only
thing standing in the way of an unlock is the baseband. All the other
sim checks are known and can be patched out. We even know the AT command
to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck
finding those x's. They are called the NCK, or Network Control Key, and
are believed to be unique in everyones phone. Forget brute force(time
impractical) and the obvious entries. If you still think bruteforce is a
good idea, read this. Further, there is a limit of 3-10 unlock attempts
per phone, after which the firmware will "hard-lock" itself to AT&T. So
why can't we just patch the firmware? The firmware, located in the
ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed.
See here for what is known about the file. The sig is checked in the
baseband bootloader. The updater program, bbupdater, only checks a
checksum, which can be changed. The update will take, but then the phone
won't boot because the sigs don't match.

We worked two solid days on disasseming the radio fw. There are a few
backdoors, but none that would lead to an unlock. If you are *good* with
disassembling ARM, PM geohot for the idb. We've documented a lot of
functions pretty well. Although, this firmware is very difficult to work
through. I'm 90% sure the password check happens in the function called
pwdcheck, but I haven't found it yet. For all we know there could be a
simple algorithm to generate the NCKs that we've missed.

more he

http://gizmodo.com/gadgets/breaking/...ed-calls-witho
ut-att-contract-279606.php


Why not just buy a unit thats more 'open', for less money? Why spend
hundreds/thousands of hours hacking a device from a manufacturer that
will just change the design enough to ruin all your work as soon as you
work it out?

The hardware isn't that cool, really. Its got a few physical design
defects (the screen-pad-not-really-a-digitizer-thingie will be more fun
than the battery) which would make me avoid.

According to my own apple support insider the actual support quality, in
the end, ends up being about the same as you'd get when dealing with a
'roaming' provider. Basically Apple knows nothing about the network,
and Cingular knows nothing about the phone... This is an asstastic
situation for everyone involved.

If you're not too busy, try fixing this iphone software bug...

http://www.theinquirer.net/default.aspx?article=41032

720 degree eye roll

  #3  
Old July 20th 07, 04:34 AM posted to alt.cellular.cingular
none
external usenet poster
 
Posts: 262
Default deep geek speak - how to unlock the iphone

" wrote:

more he

http://gizmodo.com/gadgets/breaking/...ed-calls-witho
ut-att-contract-279606.php


Why not just buy a unit thats more 'open', for less money? Why spend
hundreds/thousands of hours hacking a device from a manufacturer that
will just change the design enough to ruin all your work as soon as you
work it out?

The hardware isn't that cool, really. Its got a few physical design
defects (the screen-pad-not-really-a-digitizer-thingie will be more fun
than the battery) which would make me avoid.

According to my own apple support insider the actual support quality, in
the end, ends up being about the same as you'd get when dealing with a
'roaming' provider. Basically Apple knows nothing about the network,
and Cingular knows nothing about the phone... This is an asstastic
situation for everyone involved.

If you're not too busy, try fixing this iphone software bug...

http://www.theinquirer.net/default.aspx?article=41032

720 degree eye roll


well, the iPhone is enough of a modern marvel to do whatever it takes to
make it work on every carrier. It's easily the most popular cell phone
now, so we'll see how it develops. The Duke thing is a Duke problem, not
related to the iPhone.
  #4  
Old February 5th 15, 08:48 AM
Lolitaa Lolitaa is offline
Member
 
First recorded activity by MobileForum: Jun 2011
Posts: 44
Default

Quote:
Originally Posted by none View Post
as everyone knows, the whole goal of the iphone is to UNLOCK it, make it
work with any carrier, or even better, get skype into it and get rid of
ATT entirely. so below is some very deep geek speak, and please help
this project if you can!

-----

iPhone Partially Unlocked, Calls Without AT&T Contract

All problems with unlocking lie in the baseband, the radio chipset for
the iPhone. The chipset is an S-Gold2, and don't come in the chat and
give us links to PapaUtils, we can't use them. Now the iPhone only has
one lock, a network personalization lock. This lock means the
MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the
SIM cards IMSI. This check is done in the baseband firmware itself. I'm
not really sure where yet, but that isn't really relevant. The only
thing standing in the way of an unlock is the baseband. All the other
sim checks are known and can be patched out. We even know the AT command
to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck
finding those x's. They are called the NCK, or Network Control Key, and
are believed to be unique in everyones phone. Forget brute force(time
impractical) and the obvious entries. If you still think bruteforce is a
good idea, read this. Further, there is a limit of 3-10 unlock attempts
per phone, after which the firmware will "hard-lock" itself to AT&T. So
why can't we just patch the firmware? The firmware, located in the
ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed.
See here for what is known about the file. The sig is checked in the
baseband bootloader. The updater program, bbupdater, only checks a
checksum, which can be changed. The update will take, but then the phone
won't boot because the sigs don't match.

We worked two solid days on disasseming the radio fw. There are a few
backdoors, but none that would lead to an unlock. If you are *good* with
disassembling ARM, PM geohot for the idb. We've documented a lot of
functions pretty well. Although, this firmware is very difficult to work
through. I'm 90% sure the password check happens in the function called
pwdcheck, but I haven't found it yet. For all we know there could be a
simple algorithm to generate the NCKs that we've missed.

more he

http://gizmodo.com/gadgets/breaking/...ed-calls-witho
ut-att-contract-279606.php
Very informative.I have unlocked my Iphone by getting unlock code here http://www.superunlockcodes.com/apple/rs12wp8/ they were highly recommended in the Mobile forums and they are accredited with the good rating in google checkout
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Best Verizon phone for a geek? Kevin Porter Verizon 2 March 15th 06 04:54 PM
Modest tech Geek TechGeek Sprint 1 April 15th 04 01:18 PM
Anyone with a Nokia 6100 want to play deep pocket chess via text?? Ian Nokia 0 January 14th 04 11:22 PM
Deep Pocket Chess for Nokia 6100 ??? Paolo Casaschi Nokia 1 December 25th 03 07:16 PM
I am SUCH a geek! CAR-100 Bluetooth Car Review Lenny Ericsson 2 November 28th 03 08:09 PM


All times are GMT +1. The time now is 01:33 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2004-2017 Mobile-Forum.
The comments are property of their posters.