Difference between revisions of "Brick"

From The iPhone Wiki
Jump to: navigation, search
(fixing)
(noting nvram variable bricking method more explicitly)
Line 3: Line 3:
 
== Difficulty of bricking an iOS device ==
 
== Difficulty of bricking an iOS device ==
   
Jailbreaking cannot put a device into an unusable state on its own. If something goes wrong with a jailbreak, putting the device into [[DFU Mode]] will allow you to restore it via iTunes. Installing software via Cydia also cannot cause an unrecoverable state; if something goes wrong, DFU mode will still work.
+
Jailbreaking cannot put a device into an unusable state on its own. If something goes wrong while jailbreaking, putting the device into [[DFU Mode]] will allow you to restore it via iTunes. Installing software via Cydia also cannot cause an unrecoverable state (unless very specifically designed to do so by a malicious person, which has not been seen "in the wild"). Other than that specific exception, if something goes wrong, DFU mode will still work.
   
== Types of "bricking" that can be easily fixed ==
+
== Types of "bricking" that can be easily fixed (not really "bricking") ==
   
 
=== Installing stock iOS on a device with a preserved baseband ===
 
=== Installing stock iOS on a device with a preserved baseband ===
Line 17: Line 17:
 
If you change your device's MAC address to something invalid (for example if you're attempting to change your [[UDID]]), your internet won't work again until you fix the MAC address (using MobileTerminal or similar). This persists even if you restore -- so you can make this really really hard to fix if you restore and there's no jailbreak available, if the available jailbreaks don't include afc2 and other workarounds aren't working, etc. [http://www.jailbreakqa.com/questions/277646/stuck-after-mac-address-change-can-i-revive-it Here's a JailbreakQA thread about this] and [http://www.jailbreakqa.com/questions/211048/how-to-install-afc2add-without-using-wi-fi-in-a-jailbroken-ipad-3-with-704 another one].
 
If you change your device's MAC address to something invalid (for example if you're attempting to change your [[UDID]]), your internet won't work again until you fix the MAC address (using MobileTerminal or similar). This persists even if you restore -- so you can make this really really hard to fix if you restore and there's no jailbreak available, if the available jailbreaks don't include afc2 and other workarounds aren't working, etc. [http://www.jailbreakqa.com/questions/277646/stuck-after-mac-address-change-can-i-revive-it Here's a JailbreakQA thread about this] and [http://www.jailbreakqa.com/questions/211048/how-to-install-afc2add-without-using-wi-fi-in-a-jailbroken-ipad-3-with-704 another one].
   
== Types of bricking that may be impossible to fix ==
+
== Types of bricking that are (or may be) impossible to fix ==
   
=== Intentionally modifying key parts of iOS ===
+
=== Intentionally modifying key parts of iOS: changing NVRAM variables to invalid values ===
   
  +
In February 2015, [http://dayt0n.github.io/articles/dclr-override/ researchers released information] about how to change an [[NOR (NVRAM)|nvram]] variable called <code>DClr_override</code>. If this is changed to an invalid value for the device (valid values are not the same on all devices), and the device is rebooted, the device will permanently not be able to boot. This cannot be fixed with a DFU restore or any other method.
If you purposefully erase / zero out your [[NOR]], then you will even have trouble doing a DFU restore because important information from the SysCfg section will not be available.
 
   
  +
=== Intentionally modifying key parts of iOS: other ways ===
[http://www.reddit.com/r/jailbreak/comments/1m3jo6/how_much_torture_kernel_user_based_etc_would_it/cc5g8nj See winocm's explanation of one way to brick a device.]
 
  +
  +
If you purposefully erase / zero out your [[NOR]], then you will have trouble doing a DFU restore because important information from the SysCfg section will not be available.
  +
  +
[http://www.reddit.com/r/jailbreak/comments/1m3jo6/how_much_torture_kernel_user_based_etc_would_it/cc5g8nj See winocm's explanation of several other way to brick a device.]
   
 
=== Making the wrong modifications to the baseband ===
 
=== Making the wrong modifications to the baseband ===

Revision as of 01:57, 17 February 2015

A bricked device is a device that does not work. The direct metaphorical meaning is that the device is permanently damaged (making it as useless as a brick), but people use the term "bricked" for non-working conditions which range from easy to fix (such as a failed update) to impossible to fix (such as damaged baseband memory). A phone may be called "bricked" if it will not boot, will not respond to input, will not make calls, etc. iOS devices are very difficult to brick permanently via software, and in almost all cases the damage can be reversed.

Difficulty of bricking an iOS device

Jailbreaking cannot put a device into an unusable state on its own. If something goes wrong while jailbreaking, putting the device into DFU Mode will allow you to restore it via iTunes. Installing software via Cydia also cannot cause an unrecoverable state (unless very specifically designed to do so by a malicious person, which has not been seen "in the wild"). Other than that specific exception, if something goes wrong, DFU mode will still work.

Types of "bricking" that can be easily fixed (not really "bricking")

Installing stock iOS on a device with a preserved baseband

Early unlock solutions frequently resulted in unusable (but recoverable) phones after installing an iOS update. Fill out more detail here.

Types of bricking that may be hard to fix

Changing MAC address to invalid address

If you change your device's MAC address to something invalid (for example if you're attempting to change your UDID), your internet won't work again until you fix the MAC address (using MobileTerminal or similar). This persists even if you restore -- so you can make this really really hard to fix if you restore and there's no jailbreak available, if the available jailbreaks don't include afc2 and other workarounds aren't working, etc. Here's a JailbreakQA thread about this and another one.

Types of bricking that are (or may be) impossible to fix

Intentionally modifying key parts of iOS: changing NVRAM variables to invalid values

In February 2015, researchers released information about how to change an nvram variable called DClr_override. If this is changed to an invalid value for the device (valid values are not the same on all devices), and the device is rebooted, the device will permanently not be able to boot. This cannot be fixed with a DFU restore or any other method.

Intentionally modifying key parts of iOS: other ways

If you purposefully erase / zero out your NOR, then you will have trouble doing a DFU restore because important information from the SysCfg section will not be available.

See winocm's explanation of several other way to brick a device.

Making the wrong modifications to the baseband

One way to irreversibly brick a device in software is to flash an invalid baseband bootloader, provided it has a baseband. Most other bad flash scenarios are recoverable some way or another.

Another way to brick the baseband is by installing baseband 06.15.00 on an incompatible device. redsn0w has an option to install this baseband on the iPhone 3G or iPhone 3GS in order to get a baseband version that is unlockable with ultrasn0w. This is a nice way to get an unlock, because the iPad, the iPhone 3G and the iPhone 3GS all share the same Baseband Device, but the iPad has a newer version number in its baseband. That way people can actually downgrade by installing a higher version (there are no APTicket checks in these devices). This has known side-effects, like losing GPS functionality (this baseband comes from an iPad which has GPS not or differently implemented).

It was possible to brick an iPhone 3GS with this method. In fall 2011 Apple replaced the NOR flash. It is not clear if this was done intentionally to prevent this method. The previous type of baseband was 36my1ee and they changed it to 36my1eh, 36my1eg. (There was no switch to Toshiba baseband devices.) These new NOR flash chips seem to work with the newer baseband versions in the iPhone 3GS, but are not supported with the old 06.15.00 baseband. Therefore installing this version will brick your device if you have a new NOR flash, as you (currently) cannot go back and install anything else.To check before installation, check the version number, as it reveals the production year/week in the digits 3...5. Week 34/2011 appears safe, 35 seems iffy, 36 seems iffy, 37 is not safe. Or open the device and check the chip type.