Difference between revisions of "Baseband Device"

Revision as of 01:43, 11 February 2009

This is the device in the iPhone that manages all the functions which require an antenna. The baseband processor has its own RAM and firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and bluetooth are managed by the main CPU, although the baseband stores their MAC addresses in it's NVRAM.

The iPhone's baseband processor is the S-Gold 2 and the iPhone 3G makes use of the X-Gold 608 chip for this purpose.

Seczone

This is the area in the baseband where the lock state is stored.

Layout

0x400--NCK token
0xB00--IMEI
0xB10--IMEI signature
0xC00--Locks table

Encryption

Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits

Theoretical Attacks

Boot Chain

bootrom->bootloader->firmware

@@ Line 1: / Line 1: @@
 This is the device in the iPhone that manages all the functions which require an antenna. The baseband processor has its own RAM and firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and bluetooth are managed by the main CPU, although the baseband stores their MAC addresses in it's NVRAM.
 The [[iPhone]]'s baseband processor is the [[S-Gold 2]] and the [[iPhone 3G]] makes use of the [[X-Gold 608]] chip for this purpose.
+==Seczone==
+This is the area in the baseband where the lock state is stored.
+===Layout===
+x400--NCK token
+xB00--IMEI
+xB10--IMEI signature
+xC00--Locks table
+==Encryption==
+Many of the sections are encrypted using TEA based off the CHIPID and NORID. See [[NCK Brute Force]] for more info.
 ==Exploits==

Difference between revisions of "Baseband Device"

Revision as of 01:43, 11 February 2009

Contents

Seczone

Layout

Encryption

Exploits

Theoretical Attacks

Boot Chain

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools