Someone Asking MuscleNerd: Anything positive coming about your NCK attempts?
MuscleNerd Replying: finally got the SecZone dumper working (turns out it’s very different than in 2G/3G/3GS, where SZ was simply memory mapped)
You may ask about the meaning of these tecky expressions:
What is the SecZone?
This is the area in the baseband where the lock state is stored.
What is NCK Brute Force?
This is a theoretical exploit which involves brute forcing the NCK from the seczone the CHIPID and the NORID. So far no one has made public an instance of NCK discovery using this theoretical approach.
MuscleNerd mentioned that the iPhone 4’s SecZone is very different and difficult than the one of iPhone 2G / 3G / 3GS. Today’s progress is definitely a new milestone. Now dev-team is working on capture the official NCK code and finally capturing after SecZone then work out an offline BF flow
so the idea is: capture (a) before-seczone, (b) official NCK code (c) after-seczone. Then work out an offline BF flow
after those steps a,b,c, then get back to the SW-based hacked unlock (and revisit BF results when they’re done)
On the other hand, you have to know that there is another hardware solution for unlocking iPhone 4 basebands 2.10.04 / 3.10.01 with Gevey SIM.