|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "BBUpdaterExtreme"
(added category) |
m |
||
| (7 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
| − | This is the tool |
+ | This is the tool used by Apple to updateflash the Baseband of XGOLD basebands. |
| + | It also allow to do some more things like changing the IMEI SV or just powercycling damaged baseband. |
||
| + | |||
| + | The tool seems to make a connection to the device to flash the firmware, the eeprom and the bootloader. |
||
| + | The Device is the Emergency Bootloader of the iPhone which also is the only gate to flash the baseband. |
||
| + | |||
| + | There have been some tries to make custom fls / eep files ( which are needed to flash the baseband of the device ). |
||
| + | This method could bring back 06.15.00 devices back which are now damaged. |
||
| + | |||
| + | With this tool it is not possible to downgrade any baseband version. |
||
==Commands== |
==Commands== |
||
| + | *BBUpdaterExtreme help [unknown option] [?] |
||
| − | *queryversion |
||
| + | *BBUpdaterExtreme queryversion | prints the current status of baseband firmware |
||
| + | *BBUpdaterExtreme update -f ICE2_xx.xx.xx.fls -e ICE2_xx.xx.xx.eep | UPDATES ( not downgrades!!! ) Firmware version |
||
| + | *BBUpdaterExtreme imeisv [option] | changes the imeisv value |
||
| + | *BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores) |
||
| + | *BBUpdaterExtreme audioparameters [?] |
||
| + | *BBUpdaterExtreme ice3dump [?] |
||
| + | *BBUpdaterExtreme staticeep [?] |
||
| + | |||
| + | ==Undocumented Commands== |
||
| + | |||
| + | Source: [http://forum.gsmhosting.com/vbb/8058886-post191.html] |
||
| + | |||
| + | <b><u>update // performs manual update of Baseband</u> |
||
| + | </b>BBUpdaterExtreme update -f /mnt1/gecko/bin/ICE2_05.16.05.fls |
||
| + | ^^<i>attempts an upgrade of single .FLS (flash) file only</i> |
||
| + | BBUpdaterExtreme update -e /usr/local/standalone/firmware/ICE2_05.16.05.fls |
||
| + | ^^<i>attempts an upgrade of single .EEP '(eeprom) file only</i> |
||
| + | BBUpdaterExtreme update -l bl.fls |
||
| + | ^^<i>attempts an upgrade of single .FLS bootloader file only</i> |
||
| + | |||
| + | <b><u>automatic // performs automatic update of Baseband</u></b> |
||
| + | BBUpdaterExtreme automatic -S -L /mnt1/bin -x |
||
| + | ^^ this will update bootloader (if newer versions is available) |
||
| + | BBUpdaterExtreme automatic -S -F /mnt1/bin -x |
||
| + | ^^ this will update both fls and EEP in specified folder (if newer version is available) |
||
| + | |||
| + | <b><u>imeisv // Sets the IMEI software version bits</u></b> |
||
| + | BBUpdaterExtreme imeisv -v 018 |
||
| + | |||
| + | <b><u>queryversion // prints current Baseband status (AT+XGENDATA)</u></b> |
||
| + | BBUpdaterExtreme queryversion |
||
| + | |||
| + | <b><u>audioparameters // sets baseband EEP audio parameters</u></b> |
||
| + | BBUpdaterExtreme audioparameters -p /mnt1/bin/BasebandAudioParameters.c |
||
| + | |||
| + | <b><u>powercycle // powercycles the modem</u></b> |
||
| + | BBUpdaterExtreme powercycle -o 5 |
||
| + | |||
| + | <b><u>staticeepcheck // Checks the backup of a static eep</u></b> |
||
| + | BBUpdaterExtreme staticeepcheck -F /mnt1/tmp |
||
| + | |||
| + | <b><u>nukegnvram // Clears specific data from non volatile RAM</u></b> |
||
| + | BBUpdaterExtreme nukegnvram |
||
| + | |||
| + | <b><u>memtest // Performs a Memory test</u></b> |
||
| + | BBUpdaterExtreme memtest |
||
| + | |||
| + | <b><u>staticeep // Backs up static eep?</u></b> |
||
| + | BBUpdaterExtreme staticeep -d backup.bin -f ICE2_05.16.05.eep -S < ??? change |
||
| + | |||
| + | <b><u>help</u></b> |
||
| + | supposed to show help, does nothing in recent versions |
||
| + | |||
| + | |||
| + | <b><u>List of switches with args</u></b> |
||
| + | |||
| + | <b>-a</b> ?? |
||
| + | example: BBUpdaterExtreme update -e ICE2_05.16.05.eep -a 10 |
||
| + | |||
| + | <b>-b</b> sets a specific boot code |
||
| + | example: BBUpdaterExtreme update -e ICE2_05.15.04.eep -S -b 4154 <X-GOLD |
||
| + | |||
| + | <b>-i</b> Version ID; customize flashing per device |
||
| + | example: |
||
| + | BBUpdaterExtreme queryversion -i K48 < iPad (X-GOLD) |
||
| + | BBUpdaterExtreme queryversion -i 1 <iPhone 3G? (S-GOLD) |
||
| + | BBUpdaterExtreme queryversion -i 2 <iPhone 3GS? (X-GOLD) |
||
| + | BBUpdaterExtreme queryversion -i 3 <iPhone 4? (XMM) |
||
| + | |||
| + | on 3GS : |
||
| + | choosing 1 will give you "Opening device for pinging failed, did you forget to stop CommCenter?" |
||
| + | Choosing 2 will successfully boot and flash |
||
| + | Choosing 3 will hang on sending Boot code |
||
| + | Choosing K48 will successfully boot and flash |
||
| + | |||
| + | <b>-f</b> file / flash file / firmware |
||
| + | example: BBUpdaterExtreme update -f /mnt1/bin/ICE2_05.16.05.fls |
||
| + | |||
| + | <b>-F</b> Folder |
||
| + | example: BBUpdaterExtreme automatic -S -F /mnt1/bin -x |
||
| + | |||
| + | <b>-v</b> Version |
||
| + | example: BBUpdaterExtreme imeisv -v 018 |
||
| + | |||
| + | <b>-t </b>test count? (iterations) |
||
| + | example: memtest -t 5 |
||
| + | |||
| + | <b>-L</b> points to a folder for bootloader upgrade in automatic mode |
||
| + | example: BBUpdaterExtreme automatic -S -L /mnt1/bin |
||
| + | |||
| + | <b>-p</b> path? / parameters? |
||
| + | example: BBUpdaterExtreme audioparameters -p /mnt1/bin/params.c |
||
| + | |||
| + | |||
| + | <u><b>Switches with no args</b></u> |
||
| + | |||
| + | <b>-!</b> uses "old style" AT upgrade sequence (boot pattern 0x41, 0x54) |
||
| + | example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -! |
||
| + | |||
| + | <b>-#</b> ?? |
||
| + | example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -# |
||
| + | |||
| + | <b>-D</b> Disable sleep (useful when flashing from userland) |
||
| + | example: BBUpdater queryversion -D |
||
| + | |||
| + | <b>-P </b>disables the initial AT+ XGENDATA ping/check sequence (baseband info will shown as 'unknown') |
||
| + | example: BBUpdaterExtreme queryversion -P |
||
| + | |||
| + | <b>-S</b> run without disabling sleep (useful in ramdisk) |
||
| + | example: BBUpdater queryversion -S |
||
| + | <b>-l </b>load/ bootloader |
||
| − | ==Output== |
||
| − | Disabling thermal Notifications...OK |
||
| − | Disabling sleep...OK |
||
| − | Powering radio on through AppleBaseband |
||
| − | Doing a hardware reset through AppleBaseband |
||
| − | Opening device path /dev/cu.debug, using initial baud 115200 |
||
| − | Pinging modem...Ping timed out, trying again, 9 tries left |
||
| − | Pinging modem...OK |
||
| − | Firmware Version: ICE2-01.45.00 |
||
| − | EEP Version: EEP_VERSION:526 |
||
| − | EEP Revision: EEP_REVISION:0 |
||
| − | Boot Loader Version: ICE2_BOOT_05.08_G2M3S2 |
||
| − | FLS/EEP Mismatch: Match |
||
| − | Doing a hardware reset through AppleBaseband |
||
| − | Configuring Hardware Mux...OK |
||
| − | ------------------------------------------------------------------------------- |
||
| − | BEGINNING BOOT |
||
| − | ------------------------------------------------------------------------------- |
||
| − | Sending boot code...OK |
||
| − | Automagic-ing firmware from path ICE2_01.45.00.fls... |
||
| − | - No compatible firmware files were found in ICE2_01 .45.00.fls |
||
| − | Automagic-ing firmware from path ICE2_01.45.00.fls -- All OK |
||
| − | !!! Exception at :0: |
||
| − | - BBUReturnAborted(8)/16: Automagic failed and can not perform update |
||
| − | Re-enabling thermal Notifications...OK |
||
| − | Re-enabling sleep...OK |
||
[[Category:Baseband]] |
[[Category:Baseband]] |
||
| − | [[Category:Hacking Software]] |
||
Latest revision as of 15:33, 26 March 2017
This is the tool used by Apple to updateflash the Baseband of XGOLD basebands. It also allow to do some more things like changing the IMEI SV or just powercycling damaged baseband.
The tool seems to make a connection to the device to flash the firmware, the eeprom and the bootloader. The Device is the Emergency Bootloader of the iPhone which also is the only gate to flash the baseband.
There have been some tries to make custom fls / eep files ( which are needed to flash the baseband of the device ). This method could bring back 06.15.00 devices back which are now damaged.
With this tool it is not possible to downgrade any baseband version.
Commands
- BBUpdaterExtreme help [unknown option] [?]
- BBUpdaterExtreme queryversion | prints the current status of baseband firmware
- BBUpdaterExtreme update -f ICE2_xx.xx.xx.fls -e ICE2_xx.xx.xx.eep | UPDATES ( not downgrades!!! ) Firmware version
- BBUpdaterExtreme imeisv [option] | changes the imeisv value
- BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores)
- BBUpdaterExtreme audioparameters [?]
- BBUpdaterExtreme ice3dump [?]
- BBUpdaterExtreme staticeep [?]
Undocumented Commands
Source: [1]
update // performs manual update of Baseband BBUpdaterExtreme update -f /mnt1/gecko/bin/ICE2_05.16.05.fls ^^attempts an upgrade of single .FLS (flash) file only BBUpdaterExtreme update -e /usr/local/standalone/firmware/ICE2_05.16.05.fls ^^attempts an upgrade of single .EEP '(eeprom) file only BBUpdaterExtreme update -l bl.fls ^^attempts an upgrade of single .FLS bootloader file only
automatic // performs automatic update of Baseband BBUpdaterExtreme automatic -S -L /mnt1/bin -x ^^ this will update bootloader (if newer versions is available) BBUpdaterExtreme automatic -S -F /mnt1/bin -x ^^ this will update both fls and EEP in specified folder (if newer version is available)
imeisv // Sets the IMEI software version bits BBUpdaterExtreme imeisv -v 018
queryversion // prints current Baseband status (AT+XGENDATA) BBUpdaterExtreme queryversion
audioparameters // sets baseband EEP audio parameters BBUpdaterExtreme audioparameters -p /mnt1/bin/BasebandAudioParameters.c
powercycle // powercycles the modem BBUpdaterExtreme powercycle -o 5
staticeepcheck // Checks the backup of a static eep BBUpdaterExtreme staticeepcheck -F /mnt1/tmp
nukegnvram // Clears specific data from non volatile RAM BBUpdaterExtreme nukegnvram
memtest // Performs a Memory test BBUpdaterExtreme memtest
staticeep // Backs up static eep? BBUpdaterExtreme staticeep -d backup.bin -f ICE2_05.16.05.eep -S < ??? change
help supposed to show help, does nothing in recent versions
List of switches with args
-a ?? example: BBUpdaterExtreme update -e ICE2_05.16.05.eep -a 10
-b sets a specific boot code example: BBUpdaterExtreme update -e ICE2_05.15.04.eep -S -b 4154 <X-GOLD
-i Version ID; customize flashing per device example: BBUpdaterExtreme queryversion -i K48 < iPad (X-GOLD) BBUpdaterExtreme queryversion -i 1 <iPhone 3G? (S-GOLD) BBUpdaterExtreme queryversion -i 2 <iPhone 3GS? (X-GOLD) BBUpdaterExtreme queryversion -i 3 <iPhone 4? (XMM)
on 3GS : choosing 1 will give you "Opening device for pinging failed, did you forget to stop CommCenter?" Choosing 2 will successfully boot and flash Choosing 3 will hang on sending Boot code Choosing K48 will successfully boot and flash
-f file / flash file / firmware example: BBUpdaterExtreme update -f /mnt1/bin/ICE2_05.16.05.fls
-F Folder example: BBUpdaterExtreme automatic -S -F /mnt1/bin -x
-v Version example: BBUpdaterExtreme imeisv -v 018
-t test count? (iterations) example: memtest -t 5
-L points to a folder for bootloader upgrade in automatic mode example: BBUpdaterExtreme automatic -S -L /mnt1/bin
-p path? / parameters? example: BBUpdaterExtreme audioparameters -p /mnt1/bin/params.c
Switches with no args
-! uses "old style" AT upgrade sequence (boot pattern 0x41, 0x54) example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -!
-# ?? example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -#
-D Disable sleep (useful when flashing from userland) example: BBUpdater queryversion -D
-P disables the initial AT+ XGENDATA ping/check sequence (baseband info will shown as 'unknown') example: BBUpdaterExtreme queryversion -P
-S run without disabling sleep (useful in ramdisk) example: BBUpdater queryversion -S
-l load/ bootloader
