The Sherif Hashim’s exploit which he handed over to MuscleNerd for iPhone 4 unlock is SIM dependent but it do gives enough information which can help hackers to crack the unique NCK (Network Control Key) from the Seczone. NCK is a cryptographic key which is used by phone to access required cellular network and Seczone is the area of baseband where NCK is stored.
@toromand 40 bits brute force is trivial if you can get your NOR and SGOLD chip IDs via current vulnerabilities
Each iPhone has its own HWID, NORID and CHIPID. All of these IDs are embedded into internal hardware chips of an iPhone. When you connect a locked iPhone to iTunes, it send your unique HWID, NORID and CHIPID to Apple servers which then generates and sends a NCK to unlock your iPhone on official carrier. The length of NCK unlock code is 15 digits only; having said that, keyspace of size 10^15 is too large to enumerate and crack thorugh brute force methods.
According to recent tweet by MuscleNerd, the current known vulnerabilities can help them to know the NORID and CHIPID which leaves only 40-bits to crack the NCK key. Again, cracking the NCK though brute force method is just a theoretical exploit until now but if iPhone Dev-Team manages to crack the NCK with known NORID and CHIPID, this might lead to the unlock of all locked iPhone 4s for life.
Stay tuned while we update you with the latest news on iPhone 4 unlock!
Update#:1 Vincet, the admin of TheiPhoneWiki further clarifies the situation:
The exploit the got now gives you enough information to bruteforce crack your unique NCK key -> gives you an (official) permanent unlock.
Being able to capture NORID+CHIPID leaves (apparently) only 40-bits left to check/crack, which is might be pretty reasonable.
Update#:3 Vincent has just published a FAQ which answers the following questions:
- Why iPhone 4 iPhone 4 02.10.04, 03.10.01 baseband unlock got delayed?
- What is this NCK-key cracking? How does it work?
- Should I sell my locked iPhone 4?
- If the NCK method fails, how long do you think it will take for the Dev-Team to unlock the iPhone 4?