The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "PMB8878"
m (→Known Firmware Versions) |
(added version 05.11.04) |
||
Line 60: | Line 60: | ||
[[5.08.01]] 3.1 beta 1 (Build 7C97d) |
[[5.08.01]] 3.1 beta 1 (Build 7C97d) |
||
[[5.10.01]] 3.1 beta 2 (Build 7C106c) |
[[5.10.01]] 3.1 beta 2 (Build 7C106c) |
||
+ | [[5.11.04]] 3.1 beta 3 (Build 7C116a) |
||
==Accessing [[Interactive Mode]]== |
==Accessing [[Interactive Mode]]== |
Revision as of 11:10, 20 August 2009
This is the baseband processor used in the iPhone 3G and the iPhone 3GS. It is upgraded with BBUpdaterExtreme. It is also known as the PMB8878.
Contents
Datasheet
Anyone got one? Infineon provides this, which isn't really useful.
Secpack 2.0
This is the security region in the files sent to the X-Gold 608. This is the first 0xCF8 is new fls and eep files.
Layout
0x634--Memory Map 0x714--Descriptor 0xCD4--Post secpack pointer to name 0xCEC--Data length
Endpack
The fls and eep files also have a footer tacked onto the end containing the loader and signature.
Memory Map
FLASH 0x20000000 0x1000000 CODE 0x20000000 0x40000 0b0010(bootstrapper) CODE 0x20040000 0xDC0000 0b0100(main firmware) FFS 0x20A00000 0x100000 0b1100(empty) DYNFFS 0x20A00000 0x100000 0b1100(empty) FFS 0x20B00000 0x40000 0b1011(empty) DYN_EEP 0x20E40000 0x80000 0b0110 SECPACK 0x20EC0000 0x40000 SECZONE 0x20F80000 0x40000 STATIC_EEP 0x20FC0000 0x40000 0b0111 RAM 0x40000000 0x800000
MMU relocation table
Bootloader
Firmware
Complete memory dump
Known Firmware Versions
1.43.00 2.0 (Build 5A331 - Internal Beta) 1.45.00 2.0 (Build 5A347 - Gold Master) 1.48.02 2.0.1 (Build 5B108) 2.04.03 2.1 (Build 5F90) 2.08.01 2.0.2 (Build 5C1) 2.11.07 2.1 (Build 5F136) 2.28.00 2.2 (Build 5G77) 2.30.03 2.2.1 (Build 5H11) 4.20.01 3.0 beta 1 (Build 7A238j) 4.22.01 3.0 beta 2 (Build 7A259g) 4.24.02 3.0 beta 3 (Build 7A280f) 4.26.08 3.0 (Build 7A341 - Gold Master) 5.08.01 3.1 beta 1 (Build 7C97d) 5.10.01 3.1 beta 2 (Build 7C106c) 5.11.04 3.1 beta 3 (Build 7C116a)
Accessing Interactive Mode
Interactive mode isn't accessed by sending characters to the baseband. Instead a GPIO pin is raised with a kernel call to preupdate reset.
result = IOConnectCallScalarMethod(conn, 0, 0, 0, 0, 0); //reset result = IOConnectCallScalarMethod(conn, 1, 0, 0, 0, 0); //power set result = IOConnectCallScalarMethod(conn, 2, 0, 0, 0, 0); //configuring mux result = IOConnectCallScalarMethod(conn, 7, 0, 0, 0, 0); //powercycle result = IOConnectCallScalarMethod(conn, 8, 0, 0, 0, 0); //preupdate reset