Thursday, July 24, 2008

iPhone 3G, S-Gold Chip... Unlock?

It's been a couple of days now that we have had the chance to play around with the NOR dump. All of us, and I believe the Dev Team as well, have one issue: the stupid 3G Infineon Chip. I am glad Geohot decided to talk about it, I was afraid no one was going to speak on the chip. Yes, the chip is as complicated as he says it is. And yes, without access to it an unlock is basically impossible.

The 3G bootloader is sig checked by the bootrom. So even removing the NOR and patching the bootloader(to remove main fw sig checks) and main firmware doesn't work for an unlock. Big thanks to TA_Mobile for dumping the NOR and confirming this. You have some real skills.

The X-Gold 608 is the chip used. The lame "datasheet" infineon gives us shows the hardware RSA and the secure bootrom. So we have a real problem. Even if we find an unsigned code exploit, which wasn't done for the previous two bootloaders in software(we found tricks to play with the nor), we still can't unlock.

No comments: