iPhone Dev Team has said that they are now working on a new “NCK-Unlock” exploit which will allow you to unlock your iPhone 4 forever. This exploit was originally made by Geohot about three years ago for iPhone baseband unlock.

In case you don’t know, the exploit on which iPhone Dev Team was working that would unlock iPhone 4 baseband 02.10.04, 03.10.01, and 04.10.01, which was expected to be released after iOS 4.3, unfortunately the team found that they unlocked “one particular SIM card” instead of unlocking baseband this is why the unlock was not released.

For iPhone 4 baseband unlockers, Veeence has made a FAQ (Frequently Asked Question) which will answer your questions about the upcoming unlock exploit for iPhone baseband. Those FAQs are as follows:

Since there is a lot of confusion out there, and since I’m repeating myself all the time (which I do not really like), I made this little write up of questions that are continuously being asked (my personal FAQ). Please not that this is a global explanation. Don’t try to argue with me on specific details.

Question 1. What happend?! I thought the unlock for basebands 02.10.01 & 03.10.01 would be released within the next 2 weeks?

As you know the Dev-Team (MuscleNerd) have been working on the unlock for quite a while now. They were making great progress on the unlock, but they found out that they (accidentally) unlocked “one particular SIM card” instead of the baseband itself. Which means that the unlock would only be an unlock you could use with MuscleNerd’s T-Mobile SIM. So, useless. If the unlock would unlock the baseband instead of “the SIM”, it’d probably be out within 2 weeks (reasonable timeframe which they had hoped). But things turned out to be different. Basically these <2 weeks predictions were a lack of information.

Question 2.What is this NCK-key cracking? How does it work?

The NCK-key is the key generated by Apple if you’d officially unlock you iPhone, and with officially I mean, via your carrier. This “NCK-unlock” method is known over a few years now, actually since geohot started working on unlocking the iPhone 2G. He developed a program that could “crack” this 15 digits long key and unique for every device. Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years, or complete a search in 317 years. To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PS3 (would we still want to use this??) or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn’t help much.

Now, luckily, with the exploits they have now, they can’t unlock your baseband, but they *can* capture more information from the baseband to speed up this cracking process. Since the NORID and CHIPID (unique for every device) are known, you’d apparently only have to check 40 more bits (5 digits). A 40 bits key is theoretically crackable on “home hardware” within a week (24/7). The downside of this approach is that you’ll have to keep your computer turned on, and your iPhone has to be connected. And that is the reason why they never tried it before. Please note that this method is completely theoretical and has NOT been tried at all at this moment.

UPDATE: The status of your baseband (carrier locked or unlocked) is saved in the seczone, which is cryptographically tied to each unique device and never being updated with a baseband update. Since you only have a handful attempts to test your generated (possible) NCK key’s against the crypto before the baseband permanent locks you out for a “NCK-unlock”, you can’t really verify all the generated NCK-key’s realtime with the iPhone.

So the plan is to dump the seczone, get the unique NORID and CHIPID from the baseband using the baseband hacks/exploits and generate your unique NCK-key “offline” (meaning, your iPhone does not have to be connected to your computer while finding your unique NCK-key). Please note that this is still completely theoretical, since this has never been tried at all. It’s trial and error, don’t be disappointed if it fails.

Question 3. Now what? Should I sell my locked iPhone 4?

I’d wait for more information on this “NCK-unlock”. Right now it’s pretty vague what timeframe we’re talking about. If the Dev-Team can pull this method off, it’d be very promising for those waiting for an unlock. If this method turns out to be not doable, I’d consider selling your iPhone 4 and save up for a factory unlocked iPhone 5.

Question 4. Do you think there is every going to be an unlock?

Of course. But that’s unlikely to be any time soon (with soon being <1 month).

Question 5. If the NCK method fails, how long do you think it will take for the Dev-Team to unlock the iPhone 4?

No ETA at all. Could be a few weeks, but it could easily be a few months as well.

Stay tuned as we will keep you updated with all the news about iPhone baseband unlock !