Unlocking iPhone secrets

There are two working methods for using the iPhone with networks other than AT&T.
Read more in the extended post..
The first was already covered pretty throughly on these forums.
Basically it involves cloning the SIM and changing the ICCID and the
IMSI while leaving all the carrier data intact.

Although this allows a standalone iPhone to connect to a foreign
network, it only allows outgoing calls/SMS because the AT&T ICCID
won’t register properly with the network. Also this method requires
reading of the Ki, which can only be done on COMP128 v1 SIM. Basically
any modern SIM cards won’t work.

The other method is using a SIM proxy to spoof the IMSI. The firmware
actually requests the IMSI three times from the SIM card. The PN check
is done in the first two, while the network registration is done with
the third. So the modem will register properly to the foreign network,
enabling incoming calls/sms no problem.

This method has been done and works, but requires expensive SIM proxy
hardware. Although since it is a SIM proxy and doesn’t require the Ki
to be read, any SIM card will work fine. A major downside is that the
SIM proxy has to be carried around with the phone, since I really
don’t see how this can all fit within the form factor of a SIM card.

Neither of these are true unlocks, and the reset of this will be
devoted to explaining how to achieve the true unlock, without any SIM
card tricks. First, you should understand what the lock actually is.

It is fully contained in the baseband, and I haven’t found any check
for AT&T in the user mode system. But if we unlock the baseband any
other locks will fall in a matter of hours. The only apparent lock in
the phone software itself checks that the Device ID, IMEI, and ICCID
match the ones stored in the activation token. This can easily be
defeated by making a token with this information, signing it with a
known private key, and uploading the corresponding public key over
iPhoneActivation.pem . The tools iAsign and iActivator already do
this.

So how is it locked?

The lock on the baseband is known as a PN(Network Personalization)
lock. That requires the first 6 digits MCCMNC of the stored IMSI to
match the first 6 digits of the IMSI from the SIM card. The command to
remove this lock is known ‘AT+CLCK=”PN”,0,”XXXXXXXX”‘. Those
X’s are known as the NCK, the network control key. The whole goal of
unlocking is to remove this lock.

A Final Word on Brute Force:

I wrote up a quick document earlier describing how impractical a
brute force is. This was mainly to squash the PM’s I was getting
suggesting brute force. This document wasn’t right, in fact the baud
rate the modem is capable of a much higher baud rate. The time
required to search an 8 digit keyspace isn’t really so farfetched.
But there are two other problems with a brute force attack. First, the
NCK may not be 8 digits. I have heard reports that the S-Gold2 uses an
8 digit NCK, but the firmware showed that it is capable of a 8-16
digit one. I believe that the provider, and not the chipset
manufacturer, is the one that sets it, so given AT&T’s fear that the
iPhone will be unlocked, they would set a 16 digit one. Also the much
feared attempt counter is definitely real. I am not sure of the number
of attempts required to lock it, or even if the number is what
matters, but I know that people who messed with the CLCK command,
including me, now have an AT&T locked iPhone. The state of the locked
flag can be read with the ‘AT+XSIMSTATE=1′ command, or by inserting
a SIM with minicom open. This returns:

+XSIM: SS

“PN”,X1,X2,”PU”,X1,X2,”PP”,X1,X2,”PC”,X1,X2,”PS”,X1,
+XLOCK: X2(the only lock present is the PN lock)

SS: 0=No SIM Inserted 2=SIM Ready 6=SIM Bus
X1:
0=Unlockable(i assume without attempt counter)
1=Unlockable
2=Unknown(i have never seen this)
3=Attempt Limit Reached
4=Unlocked and Lockable
5=Unlocked

X2:
0=SIM Valid
1=Unknown(this gets set for PN when unlock is attempted)
4=SIM Not Valid

These values weren’t found in any manual, and were all determined
either empirically or by reversing the firmware.

Crap, my attempt limit is reached:

So is mine :) I don’t think our unlock will be done using the NCK
method anyway. This is the traditional way most phones have been
unlocked, and the way many professional unlocker teams would try
first. I really doubt that the NCK is generated as a function of the
IMEI+salt the way many phones in the past have been done, otherwise
the iPhone would already be unlocked. Many skilled people have been
working for a while on this, and NO IPHONE ANYWHERE IN THE WORLD IS
UNLOCKED, with the exception of a few “locked” inside a vault
somewhere at Apple. Our unlock will probably be the result of some
obscure backdoor or an exploit in code somewhere, meaning the attempt
counter probably won’t make a difference. So without further ado, all
known exploits into the baseband.

The kernel doesn’t normally map the baseband firmware or eeprom
anywhere. Thanks to Daeken’s tool, I have dumps of the entire kernel
space memory. I documented the nor flash region of kmem at
http://lpahome.com/iPhone/kmemdump.txt and found iBoot and the nvram.

This could lead to a patch to remove the “Permission Denied” errors
from iBoot which will let us start unsigned ramdisks, modify the
DeviceTree, and POWERNVRAM, which could be the radio NVRAM. It has
been mentioned that anything iBoot can do, you can write a program to
do the same from kernelmode, but if iBoot already has the
functionality, why write code. I would be willing to try patching the
iBoot on my phone by writing to /dev/kmem. I already have the patch
addresses and values.

There is definitely a DMA interface between the baseband and the main
cpu. com.apple.driver.AppleARMPL080DMAC is the kernel driver, and it
should be possible to connect to memory on the baseband. The question
is, what memory can you access? The DMA is believed to be used for the
audio stream, and assuming the camera is connected to the S-Gold2, DMA
is used for that. I’d doubt the main ram that stores the tables is
used, but it is possible. If the table memory also happens to be
writable, we probably have an unlock. If the main flash is writable
and the sig isn’t checked on boot, we definitely have an unlock. We
need someone to reverse this device driver and write a program to
access it from user mode. There is also a AppleARMNORFlashDevice

We have full control over AT commands to the baseband; we even have
minicom connecting. Although this isn’t the only avenue the main cpu
has into the baseband. There is a kernel driver, called from
bbupdater, called com.apple.driver.AppleBaseband, although this is
believed to only contain power on/off and reset functions. bbupdater
somehow connects to the bootloader of the baseband and sends the
update there. It is believed to have read commands as well, so we
should be able to read the eeprom off of a running phone.

There are also some hidden test features in the baseband, though I
don’t know how to use them. AT#(0xfd), AT#(0xfe), and AT#(0xff) are
all valid commands. AT#n is also a valid command, but it checks some
debug flags which aren’t set. Why would they use characters outside
ascii in commands unless the commands did really cool things. I
haven’t looked too much into the functions the commands call. Also, I
found that the modem will not respond to STKPRO or STKENV unless
‘AT+CFUN=6′ is issued first. There is still much to be learned about
the STK(sim toolkit) commands. One more command I discovered is
‘AT+XSIO=4′ Do not run this one, you will brick your iPhone ;)

JTAG, the end all, be all:

The only guaranteed way to get an unlock is through JTAG. The S-Gold2
doesn’t have any sort of trustzone, so with JTAG, you can control
everything. You can modify the firmware to your hearts content, and it
really won’t be hard to unlock then. We could also get the NCK out of
the running ram and finally trace the calls used to check it. JTAG
would be ideal here. I know the S-Gold2 has it, and I’d even bet that
it is broken out to a header on the board. But I have no plans to open
up my iPhone because I’d be really pissed with myself if I broke it.
If anyone has an iPhone, in any state, no matter how bricked or
damaged that they’d like to donate to the JTAG cause, that’d be
great :)

Legal note:

Unlocking is totally legal. In fact, the reverse engineering required
for unlocking was even declared legal under the DMCA. To quote,
“Computer programs in the form of firmware that enable wireless
telephone handsets to connect to a wireless telephone communication
network, when circumvention is accomplished for the sole purpose of
lawfully connecting to a wireless telephone communication network.”
So legally we are covered, I wouldn’t worry about hiding any
information, just don’t post anything copyrighted publicly.