Tutorial wanted: bootloader, baseband, firmware - GSM-Forum

https · 03-23-2010, 00:15

Can somebody explain what the exact differences are:
- bootloader: seems to be built-in to the device and can never be changed (only by hardware mod). What versions exist? What's the job of this software exactly? I assume just to load the next part and maybe to check some Apple signatures? Must be stored in a ROM or EEPROM or so. (?)

- baseband: This is the modem firmware. The latest version is 5.12.01. Unlocking (opening the SIM lock) takes part in here. Under which conditions this can be modified is unclear. Is always only upgrade possible and changing this is done by the bootrom? Probably stored in flash memory or so. (?) Upgrading firmware by iTunes updates the baseband also, but custom firmware updates leave this part alone.

- firmware: latest version is 3.1.3 and includes the current uncrackeable baseband 5.12.01 mentioned above.

- hardware model: I have model MC133FD. What does this mean? Does FD stand for a specific provider it is locked for?

- What are the certificates (shsh file etc.) exactly needed for? I understand that this is somehow to confirm which version may be installed on the iPhone, because the certificate contains some hardware serial number (ECID or so). Can someone explain how this works in detail?

Under what conditions can the baseband be changed? Can this be done on a jailbroken device easily? Are any certificates necessary?

What are the requirements to flash a custom firmware to the iPhone 3GS with new bootloader (serial >xxx45)? Can this be done?

https · 03-23-2010, 22:47

Forgot to mention this also:
Activation: We all know what activation is in simple terms: A new iPhone needs to get connected to iTunes before it can be used the first time. But we would like to know more details:
- What happens during activation? What is it for?
- Are certificates used? How?
- Is an internet connection necessary?
- Why is the correct SIM card for activation needed?
- What data goes back and forth and between whom?
- What does Apple want to protect with activation? Or ist this for the mobile carrier?
- Can it be "un-activated"? By doing a restore in iTunes?

Timothy Mcrea · 03-24-2010, 01:59

Quote:

Originally Posted by https

Forgot to mention this also:
Activation: We all know what activation is in simple terms: A new iPhone needs to get connected to iTunes before it can be used the first time. But we would like to know more details:
- What happens during activation? What is it for?
- Are certificates used? How?
- Is an internet connection necessary?
- Why is the correct SIM card for activation needed?
- What data goes back and forth and between whom?
- What does Apple want to protect with activation? Or ist this for the mobile carrier?
- Can it be "un-activated"? By doing a restore in iTunes?

Don't think you actually need that?

https · 03-25-2010, 23:28

Nobody knows anything about this? Come on, even if you know only one answer, please post it here. Thanks!

.::iRizwan::. · 03-26-2010, 13:35

Bootloader
In general, this is the code which is run prior to the main firmware and is responsible for loading the main FW and in some cases performs signature checking. Both thebaseband and the main iPhone OS have bootloaders, and these are entirely different.PwnageTool and WinPwn allow control over the main OS bootloader, while BootNeuter allows control over the Baseband Bootloader.

Baseband Bootloader
The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband

Revisions :

3.9
This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF .

4.6
This is the new bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x20000 with Back Extend Erase

5.8
This is the bootloader from the iPhone 3G/X-Gold 608. It is, in contrast to 3.9 and 4.6, sig checked on startup. There is an exploit where the main fw cert is passed with the loader instead of the loader cert, and it checks the main firmware instead, allowing you to upload unsigned loader code. This has been fixed in 5.9.

5.9
This is the bootloader of version 2.1 and 2.2 OTB (and some 2.0 OTB) iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew iPhone Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9 and higher.

6.2
This is the latest bootloader of version 2.2.1 OTB in 2008iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew iPhone Dev Team could unlock their iPhone 3G baseband version 2.28 by yellowsn0w. Now, all the iPhone 3G 2.2.1 OTB has bootloader 6.2.

6.4
This is the latest bootloader of version 2.2.1 OTB in 2009iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple released firmware 3.x beta for testing. All iPhone 3GS have bootloader 6.4 and same to iPhone 3G produced in 2009. The baseband firmware of 3.x (BB ver 4.x) now contents the loader of bootloader 6.4.

https · 04-14-2010, 22:59

Here are some more infos:
Main Page - The iPhone Wiki

03-23-2010, 00:15	#1 (permalink)
https No Life Poster Join Date: Mar 2010 Posts: 1,211 Member: 1263932 Status: Offline Thanks Meter: 181	Tutorial wanted: bootloader, baseband, firmware Can somebody explain what the exact differences are: - bootloader: seems to be built-in to the device and can never be changed (only by hardware mod). What versions exist? What's the job of this software exactly? I assume just to load the next part and maybe to check some Apple signatures? Must be stored in a ROM or EEPROM or so. (?) - baseband: This is the modem firmware. The latest version is 5.12.01. Unlocking (opening the SIM lock) takes part in here. Under which conditions this can be modified is unclear. Is always only upgrade possible and changing this is done by the bootrom? Probably stored in flash memory or so. (?) Upgrading firmware by iTunes updates the baseband also, but custom firmware updates leave this part alone. - firmware: latest version is 3.1.3 and includes the current uncrackeable baseband 5.12.01 mentioned above. - hardware model: I have model MC133FD. What does this mean? Does FD stand for a specific provider it is locked for? - What are the certificates (shsh file etc.) exactly needed for? I understand that this is somehow to confirm which version may be installed on the iPhone, because the certificate contains some hardware serial number (ECID or so). Can someone explain how this works in detail? Under what conditions can the baseband be changed? Can this be done on a jailbroken device easily? Are any certificates necessary? What are the requirements to flash a custom firmware to the iPhone 3GS with new bootloader (serial >xxx45)? Can this be done?

03-26-2010, 13:35	#5 (permalink)
.::iRizwan::. No Life Poster Join Date: Aug 2004 Location: Planet Earth Posts: 1,160 Member: 79937 Status: Offline Sonork: 100.84313 Thanks Meter: 4,715	Bootloader In general, this is the code which is run prior to the main firmware and is responsible for loading the main FW and in some cases performs signature checking. Both thebaseband and the main iPhone OS have bootloaders, and these are entirely different.PwnageTool and WinPwn allow control over the main OS bootloader, while BootNeuter allows control over the Baseband Bootloader. Baseband Bootloader The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband Revisions : 3.9 This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF . 4.6 This is the new bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x20000 with Back Extend Erase 5.8 This is the bootloader from the iPhone 3G/X-Gold 608. It is, in contrast to 3.9 and 4.6, sig checked on startup. There is an exploit where the main fw cert is passed with the loader instead of the loader cert, and it checks the main firmware instead, allowing you to upload unsigned loader code. This has been fixed in 5.9. 5.9 This is the bootloader of version 2.1 and 2.2 OTB (and some 2.0 OTB) iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew iPhone Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9 and higher. 6.2 This is the latest bootloader of version 2.2.1 OTB in 2008iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew iPhone Dev Team could unlock their iPhone 3G baseband version 2.28 by yellowsn0w. Now, all the iPhone 3G 2.2.1 OTB has bootloader 6.2. 6.4 This is the latest bootloader of version 2.2.1 OTB in 2009iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple released firmware 3.x beta for testing. All iPhone 3GS have bootloader 6.4 and same to iPhone 3G produced in 2009. The baseband firmware of 3.x (BB ver 4.x) now contents the loader of bootloader 6.4. Last edited by .::iRizwan::.; 03-26-2010 at 13:42.

Similar Threads
thread	Thread Starter	Forum	Replies	Last Post
Tutorial for bad box firmware update	MARTECH	Martech CLIP / Box / Key	10	04-24-2009 12:55
Tutorial for bad box firmware update	MARTECH	ALC Service Tools	1	03-28-2009 10:53
EL71 or C81 or M81 Baseband Firmware	ururk	x6x and x7x Flashpatching	0	07-20-2007 18:31
WANTED: cruiser K800i firmware	alchz1	Sony Ericsson	5	10-21-2006 00:21
Wanted: Unbranded E810 firmware	thagangsta	Trident/AGERE Platform	1	03-16-2006 11:36

03-23-2010, 22:47	#2 (permalink)
https No Life Poster Join Date: Mar 2010 Posts: 1,211 Member: 1263932 Status: Offline Thanks Meter: 181	Forgot to mention this also: Activation: We all know what activation is in simple terms: A new iPhone needs to get connected to iTunes before it can be used the first time. But we would like to know more details: - What happens during activation? What is it for? - Are certificates used? How? - Is an internet connection necessary? - Why is the correct SIM card for activation needed? - What data goes back and forth and between whom? - What does Apple want to protect with activation? Or ist this for the mobile carrier? - Can it be "un-activated"? By doing a restore in iTunes?

03-25-2010, 23:28	#4 (permalink)
https No Life Poster Join Date: Mar 2010 Posts: 1,211 Member: 1263932 Status: Offline Thanks Meter: 181	Nobody knows anything about this? Come on, even if you know only one answer, please post it here. Thanks!

04-14-2010, 22:59	#6 (permalink)
https No Life Poster Join Date: Mar 2010 Posts: 1,211 Member: 1263932 Status: Offline Thanks Meter: 181	Here are some more infos: Main Page - The iPhone Wiki