Baseband Chip Page Titles
For the baseband chip page titles, I think we should stick with the model number despite the marketing name. Pages:
- PMB8876 marketed "S-Gold 2"
- PMB8878 marketed "X-Gold 608"
- XMM 6180 marketed "X-Gold 618"
- MDM6600 (unknown marketing name)
- MDM6610 (unknown marketing name)
- MDM9x00 (unknown marketing name)
--5urd 21:35, 8 May 2012 (MDT)
- I'm leaning more towards the marketing names, since I think people are more familiar with them and they've been in use for a long time. We've always referred to the iPhone 2G's baseband as the "S-Gold 2" and the iPhone 3G/3GS's baseband as the "X-Gold 608." (By the way, it sounds like Qualcomm "markets" their chips by model number. ) --Dialexio 00:11, 9 May 2012 (MDT)
- I created most of these newer pages and always used the model number (without space). So I agree with that in general. Changing old ones is a totally different story though, where we need more consent. I would be for it (and create a redirect on the marketing names). --http 01:52, 9 May 2012 (MDT)
Baseband downgrade possibility: Attempt for 04.11.08/04.12.01 to 04.10.01
0x1 There is no downgrade possibility; according to the most basis of fact in how baseband works as explained by dear MuscleNerd and there is signature checks as well as bootloader's chain of trust that I'm not going to repeat them again, but for this topic I start from iTunes error 1,-1,11
0x2 iTunes error 1,-1,11 : We will get this error whenever we want to do something with BB which is not allowed by apple. you can read about these error in detail from here. Going deeper, this error raise by baseband's bootloader whenever you attempt to downgrade BB (in this case), this happens inside the NOR so this is why we can not exploit it easily from the outside. Another reason for this error (and in here the most important one that I wanted to discuss) is that apple no longer signing that firmware.
0x3 The situation that there is no BB installed on iPhone! : I could restore my iPhone4 in the case of there will be no BB at all. I called it reset my BB. There will be no Wifi, no BT. At the first time (a few months since I've started to work on) I thought it is dead (as apple confirmed this also). But I could restore it only to stock firmware with the latest one. So for who stays in 04.11.08 it may lead to do upgrade to 04.12.01 permanently with the latest iOS, now is 5.1.1 and before for me was 5.0.1, so be sure what you are doing and then go to reset the BB. So back to the game, if there was no BB then there is no bootloeader inside the NOR to stuck BB update process but I do not know that in this case what happened to "sectable" also known as "locktable" which is the master accountable to unlock the carrier, any way I think so only firmware signature checking by apple will be remain in "restore verify process" by iTunes. because as mentioned earlier, "currentBB"(BB to be updated) is allowed to be update by "comingBB" (BB to be updating to) only if : 1. "currentBB" < "comingBB" (= are you the most recent/lastest BB?) 2. "comingBB" is now signing by apple (=if so, does apple sign you? Are you eligible?) Huum... What happens if "currentBB"="null/zero/no matter"? Could we eliminate option (1) from the security check above in this case? So what next?
0x4 Track back to the issue lead us inside the bbfw file (ICE3_04.11.08_BOOT_02.13.Release) which contains four .fls files inside, and the most important one is psi_flash.fls who is in charge of security checks before handover the routines to stack.fls which is responsible for updating the baseband. This file does like NOR bootloader but fortunately it's outside the device so it is accessible but not such easy format to be understand by programmers. They are raw ROM based images for XMM6180 chip, ARM based and programmed in Thread-X, but the compiler is unknown; I will write about some disassembly notes using ida pro 6.1; by the way I leave my iPhone with no BB trying to find out and break the trust chains in the above files in order to bypass the bootloader security checks which may let us to downgrade to 04.10.01 which is currently unlocked by Gevey. Keep in mind that if this solution works..., it will need the SHSH for downgrading the iOS firmware to do reset the BB. I heard that iPhoneDevTeam are going to release the new version of Redsn0w which there will be no need to restore by iTunes but I do not know if the baseband approaches supposed to be addressed or it will work like iFaith that is basically bypass (preserve) BB, any way if I found this article useful I will note about disassembly and possibility approach as well as BB reset to share with any followers. --Kambiz 07:49, 13 May 2012 (MDT)K.N
Bluetooth Chip on iPhone 5
Is there any confirmation of the Bluetooth chip used in the iPhone 5? If there is, can we edit this page and add it? --5urd 10:04, 8 October 2012 (MDT)
- Chipworks analyzed the iPhone 5's Murata Wi-Fi module and determined it uses the BCM4334. I'll add it to the Main Page now. --Dialexio 20:35, 8 October 2012 (MDT)
Adding vulnerability to main page
The page CVE-2013-0964 is currently orphaned. I think it would fit under the "Vulnerabilities and Exploits" subheading. Can someone with adequate permission make the change? 0x56 (talk) 03:52, 12 September 2013 (UTC)