Difference between revisions of "Baseband Bootrom"

From The iPhone Wiki
Jump to: navigation, search
(New page: This is the first code that runs on the baseband. ==S-Gold 2== The bootrom here is located at 0x400000. It was initially dumped using exploits in java on other S-Gold 2 phones. It al...)
 
m (as discussed, no deletion)
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This is the first code that runs on the baseband.
+
This is the first code that runs on the baseband. It resides in internal ROM.
   
 
==S-Gold 2==
 
==S-Gold 2==
Line 5: Line 5:
   
 
==X-Gold 608==
 
==X-Gold 608==
  +
The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit
The bootrom hasn't been dumped on this chip yet. This is a vital step in searching for an unlock from boot. It is believed to be located at 0x400000 as well. It checks the signature of the bootloader in the flash.
 
  +
  +
{{stub|firmware}}

Latest revision as of 17:27, 21 January 2013

This is the first code that runs on the baseband. It resides in internal ROM.

S-Gold 2

The bootrom here is located at 0x400000. It was initially dumped using exploits in java on other S-Gold 2 phones. It allows unsigned code to be uploaded using Baseband Bootrom Protocol. On non debug variants of the chip, it requires Fakeblank to run that code

X-Gold 608

The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit

Tango Utilities-terminal.png This firmware article is a "stub", an incomplete page. Please add more content to this article and remove this tag.