Shortly after breaking the bad news about the iPhone 4 carrier unlock for iOS 4.3, iPhone Dev Team member @MuscleNerd announced that they aren’t giving up just yet and are currently investigating a new method to unlock the iPhone 4.

This method, called the “NCK”, is the key generated by Apple if they were to officially unlock your iPhone. Basically, it’s similar to an IMEI unlock code, which permanently unlocks the phone…

MuscleNerd tweeted:

if turns out to be true, it’s unexpected surprise for those w/vuln BB’s. All the data is there for 40-bit brute force

To those patiently ignoring all the chatter from “promises” we never made comes a jewel: NCK unlock code is just 40 bits!

This new method will try to Brute Force the 40-bit NCK unlock code. For those of you unaware, brute forcing is trying all possible ways which will ultimately find the unique unlock code for your device. This “NCK-unlock” method has been known for over a few years now, when infamous iPhone and PS3 hacker, GeoHot started working on unlocking the iPhone 2G. The program GeoHot developed could “crack” this unique 15 digit long key for every device.

For more info on this permanent unlock solution, we’ve posted a FAQ courtesy of @veeence:

Since there is a lot of confusion out there, and since I’m repeating myself all the time (which I do not really like), I made this little write up of questions that are continuously being asked (my personal FAQ). Please not that this is a global explanation. Don’t try to argue with me on specific details.

1. What happened?! I thought the unlock for basebands 02.10.01 & 03.10.01 would be released within the next 2 weeks?

As you know the Dev-Team (MuscleNerd) have been working on the unlock for quite a while now. They were making great progress on the unlock, but they found out that they (accidentally) unlocked “one particular SIM card” instead of the baseband itself. Which means that the unlock would only be an unlock you could use with MuscleNerd’s T-Mobile SIM. So, useless. If the unlock would unlock the baseband instead of “the SIM”, it’d probably be out within 2 weeks (reasonable timeframe which they had hoped). But things turned out to be different. Basically these <2 weeks predictions were a lack of information.

2. What is this NCK-key cracking? How does it work?

The NCK-key is the key generated by Apple if you’d officially unlock you iPhone, and with officially I mean, via your carrier. This “NCK-unlock” method is known over a few years now, actually since geohot started working on unlocking the iPhone 2G. He developed a program that could “crack” this 15 digits long key and unique for every device. Geohots NCKBF program could do around 100,000 keys/second which would produce a hit in many years, or complete a search in 317 years. To get to a point where this is actually doable we would need many orders of magnitude of improvement. Even if you use a PS3 (would we still want to use this??) or special hardware (within 1,000 US$ range) you will only get an improvement of 20-100 times.. which doesn’t help much.

Now, luckily, with the exploits they have now, they can’t unlock your baseband, but they *can* capture more information from the baseband to speed up this cracking process. Since the NORID and CHIPID (unique for every device) are known, you’d apparently only have to check 40 more bits (5 digits). A 40 bits key is theoretically crackable on “home hardware” within a week (24/7). The downside of this approach is that you’ll have to keep your computer turned on, and your iPhone has to be connected. And that is the reason why they never tried it before. Please note that this method is completely theorical and has been NOT tried at all till this moment.

3. Now what? Should I sell my locked iPhone 4?

I’d wait for more information on this “NCK-unlock”. Right now it’s pretty vague what timeframe we’re talking about. If the Dev-Team can pull this method off, it’d be very promising for those waiting for an unlock. If this method turns out to be not doable, I’d consider selling your iPhone 4 and save up for a factory unlocked iPhone 5.

4. Do you think there is every going to be an unlock?

Of course. But that’s unlikely to be any time soon (with soon being <1 month).

5. If the NCK method fails, how long do you think it will take for the Dev-Team to unlock the iPhone 4?

No ETA at all. Could be a few weeks, but it could easily be a few months as well.

We’ll keep you updated when we learn more about this exploit!