Difference between revisions of "PMB8878"

From The iPhone Wiki
Jump to: navigation, search
(Known Firmware Versions)
m (remove dead baseband version links)
 
(69 intermediate revisions by 6 users not shown)
Line 1: Line 1:
This is the baseband processor used in the [[N82ap|iPhone 3G]], [[N88ap|iPhone 3GS]] and [[K48ap|iPad]] (3G version). It is upgraded with [[BBUpdaterExtreme]]. It is also known as the PMB8878 and is also used on the LG KM900 ARENA. There is a [http://arenoid.com team] working on how to port Android on LG ARENA.
+
This is the baseband processor used in the [[N82AP|iPhone 3G]], [[N88AP|iPhone 3GS]] and [[K48AP|iPad]] (3G version). It is upgraded with [[BBUpdaterExtreme]]. It is also known as the PMB8878 and is also used on the LG KM900 ARENA.
   
==Datasheet==
+
== Datasheet ==
 
Anyone got one? Infineon provides [http://www.infineon.com/dgdl/X-GOLD608_XMM6080.pdf?location=Products.Mobile_Phone_Baseband_ICs.WCDMA___HSDPA.X-GOLD__608_-_PMB_8878.PRODUCT_TYPE_DOCUMENTS.X-GOLD608_XMM6080.pdf&folderId=db3a304312fcb1bc0113000c158f0004&fileId=db3a30431936bc4b011957c66fee3850 this], which isn't really useful.
 
Anyone got one? Infineon provides [http://www.infineon.com/dgdl/X-GOLD608_XMM6080.pdf?location=Products.Mobile_Phone_Baseband_ICs.WCDMA___HSDPA.X-GOLD__608_-_PMB_8878.PRODUCT_TYPE_DOCUMENTS.X-GOLD608_XMM6080.pdf&folderId=db3a304312fcb1bc0113000c158f0004&fileId=db3a30431936bc4b011957c66fee3850 this], which isn't really useful.
   
Line 8: Line 8:
 
The firmware is a version of [http://www.mentor.com/products/embedded_software/nucleus_rtos/ Nucleos OS], a realtime OS for embedded platforms. The parser for the AT commands is generated from GNU bison.
 
The firmware is a version of [http://www.mentor.com/products/embedded_software/nucleus_rtos/ Nucleos OS], a realtime OS for embedded platforms. The parser for the AT commands is generated from GNU bison.
   
==Secpack 2.0==
+
== Secpack 2.0 ==
 
This is the security region in the files sent to the [[X-Gold 608]]. This is the first 0xCF8 is new fls and eep files.
 
This is the security region in the files sent to the [[X-Gold 608]]. This is the first 0xCF8 is new fls and eep files.
  +
=== Layout ===
 
===Layout===
 
 
0x634--Memory Map
 
0x634--Memory Map
 
0x714--Descriptor
 
0x714--Descriptor
Line 17: Line 16:
 
0xCEC--Data length
 
0xCEC--Data length
   
==Endpack==
+
== Endpack ==
 
The fls and eep files also have a footer tacked onto the end containing the loader and signature.
 
The fls and eep files also have a footer tacked onto the end containing the loader and signature.
   
==Memory Map==
+
== Memory Map ==
 
FLASH 0x20000000 0x1000000
 
FLASH 0x20000000 0x1000000
 
CODE 0x20000000 0x40000 0b0010(bootstrapper)
 
CODE 0x20000000 0x40000 0b0010(bootstrapper)
Line 33: Line 32:
 
RAM 0x40000000 0x800000
 
RAM 0x40000000 0x800000
   
==MMU relocation table==
+
== MMU relocation table ==
===Bootloader===
+
=== Bootloader ===
 
[[Image:Bltbl.png]]
 
[[Image:Bltbl.png]]
  +
=== Firmware ===
 
===Firmware===
 
 
[[Image:Bbmmu.png]]
 
[[Image:Bbmmu.png]]
   
 
== Known Firmware Versions ==
 
== Known Firmware Versions ==
  +
=== [[K48AP|iPad]] ===
  +
[[06.15.00]] 3.2 (Build 7B367)
  +
3.2.1 (Build 7B405)
  +
3.2.2 (Build 7B500)
  +
[[07.08.00]] 4.2 beta (Build 8C5091e)
  +
[[07.09.00]] 4.2 beta 2 (Build 8C5101)
  +
[[07.10.00]] 4.2 beta 3 (Build 8C5115c)
  +
4.2 (Build 8C134 & 8C134b)
  +
4.2.1 [[Golden Master‎|GM]] (Build 8C148)
  +
4.2.1 (Build 8C148)
  +
[[07.11.00]] 4.3 beta (Build 8F5148b)
  +
4.3 beta 2 (Build 8F5153d)
  +
4.3 beta 3 (Build 8F5166b)
  +
4.3 [[Golden Master‎|GM]] (Build 8F190)
  +
4.3 (Build 8F190)
  +
[[07.11.01]] 4.3.1 (Build 8G4)
  +
4.3.2 (Build 8H7)
  +
4.3.3 (Build 8J3)
  +
4.3.4 (Build 8K2)
  +
4.3.5 (Build 8L1)
  +
5.0 beta (Build 9A5220p)
  +
5.0 beta 2 (Build 9A5248d)
  +
5.0 beta 3 (Build 9A5258f)
  +
5.0 beta 4 (Build 8A5274d)
  +
5.0 beta 5 (Build 8A5288d)
  +
5.0 beta 6 (Build 8A5302b)
  +
5.0 beta 7 (Build 8A5313e)
  +
5.0 [[Golden Master|GM]] (Build 9A334)
  +
5.0.1 beta (Build 9A402)
  +
5.0.1 beta 2 (Build 9A404)
  +
5.0.1 (Build 9A405)
  +
5.1 beta (Build 9B5117b)
  +
5.1 beta 2 (Build 9B5127c)
  +
5.1 beta 3 (Build 9B5141a)
  +
5.1 (Build 9B176)
  +
5.1.1 (Build 9B206)
   
=== [[K48ap|iPad]] ===
+
=== [[N82AP|iPhone 3G]]/[[N88AP|iPhone 3GS]] ===
[[6.15.00]] 3.2 (Build 7B367),
+
[[01.43.00]] 2.0 beta 7 (Build 5A331; Internal Beta)
3.2.1 (Build 7B405),
+
[[01.43.02]] 2.0 (Unknown Internal Beta)
and 3.2.2 (Build 7B500)
+
[[01.45.00]] 2.0 (Build 5A345)
[[7.08.00]] 4.2 beta 1 (Build 8C5091e)
+
[[01.45.00]] 2.0 (Build 5A347)
[[7.09.00]] 4.2 beta 2 (Build 8C5101)
+
[[01.48.02]] 2.0.1 (Build 5B108)
[[7.10.00]] 4.2 beta 3 (Build 8C5115c),
+
[[02.08.01]] 2.0.2 (Build 5C1)
4.2 (Builds 8C134 and 8C134b),
+
02.11.07 2.1 (Build 5F136)
and 4.2.1 (Build 8C148)
+
02.??.?? 2.2 beta (Build 5G29)
[[7.11.00]] 4.3b1 (Build 8F5148b),
+
02.??.?? 2.2 beta 2 (Build 5G53)
4.3b2 (Build 8F5153d),
+
[[02.28.00]] 2.2 (Build 5G77)
4.3b3 (Build 8F5166b),
+
[[02.30.03]] 2.2.1 (Build 5H11)
and 4.3 (Build 8F190)
+
04.20.01 3.0 beta (Build 7A238j)
[[7.11.01]] 4.3.1 (Build 8G4),
+
04.22.01 3.0 beta 2 (Build 7A259g)
4.3.2 (Build 8H7),
+
04.24.02 3.0 beta 3 (Build 7A280f)
4.3.3 (Build 8J2),
+
04.26.04 3.0 beta 4 (Build 7A300g)
5.0b1 (Build 9A5220p),
+
[[04.26.08]] 3.0 beta 5 (Build 7A312g)
5.0b2 (Build 9A5248d),
+
3.0 [[Golden Master|GM]] (Build 7A341)
and 5.0b3 (Build 9A5258f)
+
3.0 (Build 7A341)
  +
3.0.1 (Build 7A400)
 
  +
[[05.08.01]] 3.1 beta (Build 7C97d)
=== [[N82ap|iPhone 3G]]/[[N88ap|iPhone 3GS]] ===
 
[[1.43.00]] 2.0 (Build 5A331 - Internal Beta)
+
[[05.10.01]] 3.1 beta 2 (Build 7C106c)
[[1.43.02]] 2.0 (Unknown Internal Beta)
+
[[05.11.04]] 3.1 beta 3 (Build 7C116a)
[[1.45.00]] 2.0 (Build 5A347 - Gold Master)
+
[[05.11.07]] 3.1 (Build 7C144)
[[1.48.02]] 2.0.1 (Build 5B108)
+
3.1.2 (Build 7D11)
[[2.04.03]] 2.1 (Build 5F90)
+
[[05.12.01]] 3.1.3 (Build 7E18)
[[2.08.01]] 2.0.2 (Build 5C1)
+
[[05.13.03]] 4.0 beta (Build 8A230m)
[[2.11.07]] 2.1 (Build 5F136)
+
4.0 beta 2 (Build 8A248c)
[[2.28.00]] 2.2 (Build 5G77)
+
[[05.13.04]] 4.0 beta 3 (Build 8A260b)
[[2.30.03]] 2.2.1 (Build 5H11)
+
4.0 beta 4 (Build 8A274b)
[[4.20.01]] 3.0b1 (Build 7A238j)
+
4.0 [[Golden Master|GM]] (Build 8A293)
[[4.22.01]] 3.0b2 (Build 7A259g)
+
4.0 (Build 8A293)
[[4.24.02]] 3.0b3 (Build 7A280f)
+
4.0.1 (Build 8A306)
[[4.26.08]] 3.0 (Build 7A341)
+
4.0.2 (Build 8A400)
and 3.0.1 (Build 7A400)
+
4.1 beta (Build 8B5080c)
[[5.08.01]] 3.1b1 (Build 7C97d)
+
[[05.14.01]] 4.1 beta 2 (Build 8B5091b)
[[5.10.01]] 3.1b2 (Build 7C106c)
+
4.1 beta 3 (Build 8B5097d)
[[5.11.04]] 3.1b3 (Build 7C116a)
+
[[05.14.02]] 4.1 (Build 8B117)
[[5.11.07]] 3.1 (Build 7C144)
+
05.15.01 4.2 beta (Build 8C5091e)
and 3.1.2 (Build 7D11)
+
4.2 beta 2 (Build 8C5101c)
[[5.12.01]] 3.1.3 (Build 7E18)
+
[[05.15.04]] 4.2 beta 3 (Build 8C5115c)
[[5.13.03]] 4.0b1 (Build 8A230m)
+
4.2 [[Golden Master|GM]] (Build 8C134)
and 4.0b2 (Build 8A248c)
+
4.2.1 [[Golden Master|GM]] (Build 8C148)
[[5.13.04]] 4.0 (Build 8A293),
+
4.2.1 (Build 8C148a)
4.0.1 (Build 8A306),
+
[[05.16.00]] 4.3 beta (Build 8F5148b)
4.0.2 (Build 8A400),
+
4.3 beta 2 (Build 8F5153d)
and 4.1b1 (Build 8B5080c)
+
4.3 beta 3 (Build 8F5166b)
[[5.14.01]] 4.1b2 (Build 8B5091b)
+
4.3 [[Golden Master|GM]] (Build 8F190)
[[5.14.02]] 4.1 (Build 8B117)
+
[[05.16.01]] 4.3 (Build 8F190)
[[5.15.04]] 4.2b3 (Build 8C5115c),
+
[[05.16.02]] 4.3.1 (Build 8G4)
4.2GM (Build 8C134),
+
4.3.2 (Build 8H7)
4.2.1GM (Build 8C148),
+
4.3.3 (Build 8J2)
and 4.2.1 (Builds 8C148 and 8C148a)
+
4.3.4 (Build 8K2)
[[5.16.00]] 4.3b1 (Build 8F5148b),
+
4.3.5 (Build 8L1)
4.3b2 (Build 8F5153d),
+
5.0 beta (Build 9A5220p)
4.3b3 (Build 8F5166b),
+
5.0 beta 2 (Build 9A5248d)
4.3 (Build 8F190)
+
5.0 beta 3 (Build 9A5258f)
and 4.3.1 (Build 8G4)
+
5.0 beta 4 (Build 9A5274d)
[[5.16.02]] 4.3.2 (Build 8H7),
+
[[05.16.05]] 5.0 beta 5 (Build 9A5288d)
4.3.3 (Build 8J2),
+
5.0 beta 6 (Build 9A5302b)
5.0b1 (Build 9A5220p),
+
5.0 beta 7 (Build 9A5313e)
5.0b2 (Build 9A5248d),
+
5.0 [[Golden Master|GM]] (Build 9A334)
5.0b3 (Build 9A5258f)
+
5.0.1 beta (Build 9A402)
  +
5.0.1 beta 2 (Build 9A404)
  +
5.0.1 (Build 9A405)
  +
5.1 beta (Build 9B5117b)
  +
5.1 beta 2 (Build 9B5127c)
  +
5.1 beta 3 (Build 9B5141a)
  +
5.1 (Build 9B176)
  +
5.1.1 (Build 9B206)
  +
05.16.06 6.0 beta (Build 10A5316k)
  +
6.0 beta 2 (Build 10A5336d)
  +
6.0 beta 3 (Build 10A5355d)
  +
6.0 beta 4 (Build 10A5376e)
  +
05.16.07 6.0 [[Golden Master|GM]] (Build 10A403)
  +
6.0 (Build 10A403)
  +
6.0.1 (Build 10A523)
  +
6.1 beta (Build 10B5095f)
  +
6.1 beta 2 (Build 10B5105c)
  +
6.1 beta 3 (Build 10B5117b)
  +
6.1 beta 4 (Build 10B5126b)
  +
6.1 beta 5 (Build 10B141)
  +
6.1 (Build 10B141)
  +
6.1.1 beta (Build 10B311)
  +
05.16.08 6.1.2 (Build 10B146)
  +
6.1.3 beta 2 (Build 10B318)
  +
6.1.3 (Build 10B329)
  +
6.1.6 (Build 10B500)
   
==Accessing [[Interactive Mode]]==
+
== Accessing [[Interactive Mode]] ==
 
Interactive mode isn't accessed by sending characters to the baseband. Instead a GPIO pin is raised with a kernel call to preupdate reset.
 
Interactive mode isn't accessed by sending characters to the baseband. Instead a GPIO pin is raised with a kernel call to preupdate reset.
 
result = IOConnectCallScalarMethod(conn, 0, 0, 0, 0, 0); //reset(kAppleBasebandConnectMethodResetModem)
 
result = IOConnectCallScalarMethod(conn, 0, 0, 0, 0, 0); //reset(kAppleBasebandConnectMethodResetModem)

Latest revision as of 19:18, 18 October 2019

This is the baseband processor used in the iPhone 3G, iPhone 3GS and iPad (3G version). It is upgraded with BBUpdaterExtreme. It is also known as the PMB8878 and is also used on the LG KM900 ARENA.

Datasheet

Anyone got one? Infineon provides this, which isn't really useful.

View Pinouts from Apple iPhone 3G Schematic - http://img218.imageshack.us/img218/149/baseband.jpg

The firmware is a version of Nucleos OS, a realtime OS for embedded platforms. The parser for the AT commands is generated from GNU bison.

Secpack 2.0

This is the security region in the files sent to the X-Gold 608. This is the first 0xCF8 is new fls and eep files.

Layout

0x634--Memory Map
0x714--Descriptor
0xCD4--Post secpack pointer to name
0xCEC--Data length

Endpack

The fls and eep files also have a footer tacked onto the end containing the loader and signature.

Memory Map

 FLASH      0x20000000 0x1000000
 CODE       0x20000000   0x40000 0b0010(bootstrapper)
 CODE       0x20040000  0xDC0000 0b0100(main firmware)
 FFS        0x20A00000  0x100000 0b1100(empty)
 DYNFFS     0x20A00000  0x100000 0b1100(empty)
 FFS        0x20B00000   0x40000 0b1011(empty)
 DYN_EEP    0x20E40000   0x80000 0b0110
 SECPACK    0x20EC0000   0x40000
 SECZONE    0x20F80000   0x40000
 STATIC_EEP 0x20FC0000   0x40000 0b0111
 RAM        0x40000000  0x800000

MMU relocation table

Bootloader

Bltbl.png

Firmware

Bbmmu.png

Known Firmware Versions

iPad

06.15.00    3.2          (Build 7B367)
            3.2.1        (Build 7B405)
            3.2.2        (Build 7B500)
07.08.00    4.2 beta     (Build 8C5091e)
07.09.00    4.2 beta 2   (Build 8C5101)
07.10.00    4.2 beta 3   (Build 8C5115c)
            4.2          (Build 8C134 & 8C134b)
            4.2.1 GM     (Build 8C148)
            4.2.1        (Build 8C148)
07.11.00    4.3 beta     (Build 8F5148b)
            4.3 beta 2   (Build 8F5153d)
            4.3 beta 3   (Build 8F5166b)
            4.3 GM       (Build 8F190)
            4.3          (Build 8F190)
07.11.01    4.3.1        (Build 8G4)
            4.3.2        (Build 8H7)
            4.3.3        (Build 8J3)
            4.3.4        (Build 8K2)
            4.3.5        (Build 8L1)
            5.0 beta     (Build 9A5220p)
            5.0 beta 2   (Build 9A5248d)
            5.0 beta 3   (Build 9A5258f)
            5.0 beta 4   (Build 8A5274d)
            5.0 beta 5   (Build 8A5288d)
            5.0 beta 6   (Build 8A5302b)
            5.0 beta 7   (Build 8A5313e)
            5.0 GM       (Build 9A334)
            5.0.1 beta   (Build 9A402)
            5.0.1 beta 2 (Build 9A404)
            5.0.1        (Build 9A405)
            5.1 beta     (Build 9B5117b)
            5.1 beta 2   (Build 9B5127c)
            5.1 beta 3   (Build 9B5141a)
            5.1          (Build 9B176)
            5.1.1        (Build 9B206)

iPhone 3G/iPhone 3GS

01.43.00    2.0 beta 7   (Build 5A331; Internal Beta)
01.43.02    2.0          (Unknown Internal Beta)
01.45.00    2.0          (Build 5A345)
01.45.00    2.0          (Build 5A347)
01.48.02    2.0.1        (Build 5B108)
02.08.01    2.0.2        (Build 5C1)
02.11.07    2.1          (Build 5F136)
02.??.??    2.2 beta     (Build 5G29)
02.??.??    2.2 beta 2   (Build 5G53)
02.28.00    2.2          (Build 5G77)
02.30.03    2.2.1        (Build 5H11)
04.20.01    3.0 beta     (Build 7A238j)
04.22.01    3.0 beta 2   (Build 7A259g)
04.24.02    3.0 beta 3   (Build 7A280f)
04.26.04    3.0 beta 4   (Build 7A300g)
04.26.08    3.0 beta 5   (Build 7A312g)
            3.0 GM       (Build 7A341)
            3.0          (Build 7A341)
            3.0.1        (Build 7A400)
05.08.01    3.1 beta     (Build 7C97d)
05.10.01    3.1 beta 2   (Build 7C106c)
05.11.04    3.1 beta 3   (Build 7C116a)
05.11.07    3.1          (Build 7C144)
            3.1.2        (Build 7D11)
05.12.01    3.1.3        (Build 7E18)
05.13.03    4.0 beta     (Build 8A230m)
            4.0 beta 2   (Build 8A248c)
05.13.04    4.0 beta 3   (Build 8A260b)
            4.0 beta 4   (Build 8A274b)
            4.0 GM       (Build 8A293)
            4.0          (Build 8A293)
            4.0.1        (Build 8A306)
            4.0.2        (Build 8A400)
            4.1 beta     (Build 8B5080c)
05.14.01    4.1 beta 2   (Build 8B5091b)
            4.1 beta 3   (Build 8B5097d)
05.14.02    4.1          (Build 8B117)
05.15.01    4.2 beta     (Build 8C5091e)
            4.2 beta 2   (Build 8C5101c)
05.15.04    4.2 beta 3   (Build 8C5115c)
            4.2 GM       (Build 8C134)
            4.2.1 GM     (Build 8C148)
            4.2.1        (Build 8C148a)
05.16.00    4.3 beta     (Build 8F5148b)
            4.3 beta 2   (Build 8F5153d)
            4.3 beta 3   (Build 8F5166b)
            4.3 GM       (Build 8F190)
05.16.01    4.3          (Build 8F190)
05.16.02    4.3.1        (Build 8G4)
            4.3.2        (Build 8H7)
            4.3.3        (Build 8J2)
            4.3.4        (Build 8K2)
            4.3.5        (Build 8L1)
            5.0 beta     (Build 9A5220p)
            5.0 beta 2   (Build 9A5248d)
            5.0 beta 3   (Build 9A5258f)
            5.0 beta 4   (Build 9A5274d)
05.16.05    5.0 beta 5   (Build 9A5288d)
            5.0 beta 6   (Build 9A5302b)
            5.0 beta 7   (Build 9A5313e)
            5.0 GM       (Build 9A334)
            5.0.1 beta   (Build 9A402)
            5.0.1 beta 2 (Build 9A404)
            5.0.1        (Build 9A405)
            5.1 beta     (Build 9B5117b)
            5.1 beta 2   (Build 9B5127c)
            5.1 beta 3   (Build 9B5141a)
            5.1          (Build 9B176)
            5.1.1        (Build 9B206)
05.16.06    6.0 beta     (Build 10A5316k)
            6.0 beta 2   (Build 10A5336d)
            6.0 beta 3   (Build 10A5355d)
            6.0 beta 4   (Build 10A5376e)
05.16.07    6.0 GM       (Build 10A403)
            6.0          (Build 10A403)
            6.0.1        (Build 10A523)
            6.1 beta     (Build 10B5095f)
            6.1 beta 2   (Build 10B5105c)
            6.1 beta 3   (Build 10B5117b)
            6.1 beta 4   (Build 10B5126b)
            6.1 beta 5   (Build 10B141)
            6.1          (Build 10B141)
            6.1.1 beta   (Build 10B311)
05.16.08    6.1.2        (Build 10B146)
            6.1.3 beta 2 (Build 10B318)
            6.1.3        (Build 10B329)
            6.1.6        (Build 10B500)

Accessing Interactive Mode

Interactive mode isn't accessed by sending characters to the baseband. Instead a GPIO pin is raised with a kernel call to preupdate reset.

result = IOConnectCallScalarMethod(conn, 0, 0, 0, 0, 0);	//reset(kAppleBasebandConnectMethodResetModem)
result = IOConnectCallScalarMethod(conn, 1, 0, 0, 0, 0);	//power set(kAppleBasebandConnectMethodRadioOn)
result = IOConnectCallScalarMethod(conn, 2, ?, 0, 0, 0);	//configuring mux
result = IOConnectCallScalarMethod(conn, 7, 0, 0, 0, 0);	//powercycle
result = IOConnectCallScalarMethod(conn, 8, 0, 0, 0, 0);	//preupdate reset
result = IOConnectCallScalarMethod(conn, 9, 0, 0, 0, 0);	//kAppleBasebandConnectMethodNotifyBasebandPoweringDown