In the past few days, people were talking about enumerating the NCK by brute force, this was possible given the NCK’s length is short. But according to the latest discovery by George Hotz:
…I got the activation/unlock record of a French unlocked iPhone. The field looks like
“UnlockCode” = “NO=111111111111111&”;
with the 1’s replaced by the code. “NO” is the lock type. There are fifteen digits, so I’m pretty sure the NCK length is 15. – quote from Geohot
Other legal values in that field besides “NO” are “SP”, “NS”, “CP”, and “SM”. – quote from MuscleNerd
This definitely renders the brute force NCK hopeless, 10^15 is too large to enumerate. If we could find some patterns in the NCK, we might reduce the count and shorten the time to brute force it, but so far, there’s no light on this.
There’s also a speculation that there is some relationship between the IMEI (or DeviceID) and NCK, however, this can not be further examined without some known IMEI/DeviceID and NCK’s.
UPDATE:
…the German ones use “SP” instead of “NO”. Also the two German NCK’s …both start with the number 3 …the algorithm used to verify the NCK on the phone is known and is not even close to reversible. Brute force is capable at 100,000 k/s, so the initial idea of finding a pattern in the NCK’s is to lower the time required for the brute force …theoretical NCK generation …this has no basis in anything anyone has discovered …IMEI^d mod n, where d and n are relatively prime and n is similar in size to the IMEI – quote from Geohot
UPDATE: the brute force tool: NCK Brute Force Tool Source Code
UPDATE: the compilation of NCK Brute Force Tool requires libGMP, here’s the compiled libgmp.a and gmp.h:
Compiled libGMP 4.2 – Credits to duwde
also a pre-compiled Windows binary:
NCK Brute Force Tool Binary for Windows – Credits to duwde
UPDATE:
As far as work with the NCK goes, I don’t think we will get anywhere. I do believe the numbers are generated from the IMEI/Serial, but it is done well enough that without Apple’s generator we won’t be able to do it. Also bruteforce is totally impractical.The 1.1.2 secpack will NEVER validate on the new bootloader … The A16 hack will work to validate the 1.1.3 secpack on 1.1.3 though.
So it’s VERY important that you do not upgrade your baseband. I am 100% sure the old hardware hack will work when the 1.1.3 secpack is used with iEraser. I also think that the -0×400 hack still exists in the new bootloader, so software unlocks are hopefully coming with the release of the new secpack. – quote from George Hotz