Difference between revisions of "BBUpdaterExtreme"

From The iPhone Wiki
Jump to: navigation, search
m
 
(9 intermediate revisions by 7 users not shown)
Line 1: Line 1:
This is the tool the 3G ramdisk uses to upgrade the baseband
+
This is the tool used by Apple to updateflash the Baseband of XGOLD basebands.
  +
It also allow to do some more things like changing the IMEI SV or just powercycling damaged baseband.
   
  +
The tool seems to make a connection to the device to flash the firmware, the eeprom and the bootloader.
==Output==
 
  +
The Device is the Emergency Bootloader of the iPhone which also is the only gate to flash the baseband.
Disabling thermal Notifications...OK
 
  +
Disabling sleep...OK
 
  +
There have been some tries to make custom fls / eep files ( which are needed to flash the baseband of the device ).
Powering radio on through AppleBaseband
 
  +
This method could bring back 06.15.00 devices back which are now damaged.
Doing a hardware reset through AppleBaseband
 
  +
Opening device path /dev/cu.debug, using initial baud 115200
 
  +
With this tool it is not possible to downgrade any baseband version.
Pinging modem...Ping timed out, trying again, 9 tries left
 
  +
Pinging modem...OK
 
  +
==Commands==
Firmware Version: ICE2-01.45.00
 
  +
*BBUpdaterExtreme help [unknown option] [?]
EEP Version: EEP_VERSION:526
 
  +
*BBUpdaterExtreme queryversion | prints the current status of baseband firmware
EEP Revision: EEP_REVISION:0
 
  +
*BBUpdaterExtreme update -f ICE2_xx.xx.xx.fls -e ICE2_xx.xx.xx.eep | UPDATES ( not downgrades!!! ) Firmware version
Boot Loader Version: ICE2_BOOT_05.08_G2M3S2
 
  +
*BBUpdaterExtreme imeisv [option] | changes the imeisv value
FLS/EEP Mismatch: Match
 
  +
*BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores)
Doing a hardware reset through AppleBaseband
 
  +
*BBUpdaterExtreme audioparameters [?]
Configuring Hardware Mux...OK
 
  +
*BBUpdaterExtreme ice3dump [?]
-------------------------------------------------------------------------------
 
  +
*BBUpdaterExtreme staticeep [?]
BEGINNING BOOT
 
  +
-------------------------------------------------------------------------------
 
  +
==Undocumented Commands==
Sending boot code...OK
 
  +
Automagic-ing firmware from path ICE2_01.45.00.fls...
 
  +
Source: [http://forum.gsmhosting.com/vbb/8058886-post191.html]
- No compatible firmware files were found in ICE2_01 .45.00.fls
 
  +
Automagic-ing firmware from path ICE2_01.45.00.fls -- All OK
 
  +
<b><u>update // performs manual update of Baseband</u>
!!! Exception at :0:
 
  +
</b>BBUpdaterExtreme update -f /mnt1/gecko/bin/ICE2_05.16.05.fls
- BBUReturnAborted(8)/16: Automagic failed and can not perform update
 
  +
^^<i>attempts an upgrade of single .FLS (flash) file only</i>
Re-enabling thermal Notifications...OK
 
  +
BBUpdaterExtreme update -e /usr/local/standalone/firmware/ICE2_05.16.05.fls
Re-enabling sleep...OK
 
  +
^^<i>attempts an upgrade of single .EEP '(eeprom) file only</i>
  +
BBUpdaterExtreme update -l bl.fls
  +
^^<i>attempts an upgrade of single .FLS bootloader file only</i>
  +
  +
<b><u>automatic // performs automatic update of Baseband</u></b>
  +
BBUpdaterExtreme automatic -S -L /mnt1/bin -x
  +
^^ this will update bootloader (if newer versions is available)
  +
BBUpdaterExtreme automatic -S -F /mnt1/bin -x
  +
^^ this will update both fls and EEP in specified folder (if newer version is available)
  +
  +
<b><u>imeisv // Sets the IMEI software version bits</u></b>
  +
BBUpdaterExtreme imeisv -v 018
  +
  +
<b><u>queryversion // prints current Baseband status (AT+XGENDATA)</u></b>
  +
BBUpdaterExtreme queryversion
  +
  +
<b><u>audioparameters // sets baseband EEP audio parameters</u></b>
  +
BBUpdaterExtreme audioparameters -p /mnt1/bin/BasebandAudioParameters.c
  +
  +
<b><u>powercycle // powercycles the modem</u></b>
  +
BBUpdaterExtreme powercycle -o 5
  +
  +
<b><u>staticeepcheck // Checks the backup of a static eep</u></b>
  +
BBUpdaterExtreme staticeepcheck -F /mnt1/tmp
  +
  +
<b><u>nukegnvram // Clears specific data from non volatile RAM</u></b>
  +
BBUpdaterExtreme nukegnvram
  +
  +
<b><u>memtest // Performs a Memory test</u></b>
  +
BBUpdaterExtreme memtest
  +
  +
<b><u>staticeep // Backs up static eep?</u></b>
  +
BBUpdaterExtreme staticeep -d backup.bin -f ICE2_05.16.05.eep -S &lt; ??? change
  +
  +
<b><u>help</u></b>
  +
supposed to show help, does nothing in recent versions
  +
  +
  +
<b><u>List of switches with args</u></b>
  +
  +
<b>-a</b> ??
  +
example: BBUpdaterExtreme update -e ICE2_05.16.05.eep -a 10
  +
  +
<b>-b</b> sets a specific boot code
  +
example: BBUpdaterExtreme update -e ICE2_05.15.04.eep -S -b 4154 &lt;X-GOLD
  +
  +
<b>-i</b> Version ID; customize flashing per device
  +
example:
  +
BBUpdaterExtreme queryversion -i K48 &lt; iPad (X-GOLD)
  +
BBUpdaterExtreme queryversion -i 1 &lt;iPhone 3G? (S-GOLD)
  +
BBUpdaterExtreme queryversion -i 2 &lt;iPhone 3GS? (X-GOLD)
  +
BBUpdaterExtreme queryversion -i 3 &lt;iPhone 4? (XMM)
  +
  +
on 3GS :
  +
choosing 1 will give you &quot;Opening device for pinging failed, did you forget to stop CommCenter?&quot;
  +
Choosing 2 will successfully boot and flash
  +
Choosing 3 will hang on sending Boot code
  +
Choosing K48 will successfully boot and flash
  +
  +
<b>-f</b> file / flash file / firmware
  +
example: BBUpdaterExtreme update -f /mnt1/bin/ICE2_05.16.05.fls
  +
  +
<b>-F</b> Folder
  +
example: BBUpdaterExtreme automatic -S -F /mnt1/bin -x
  +
  +
<b>-v</b> Version
  +
example: BBUpdaterExtreme imeisv -v 018
  +
  +
<b>-t </b>test count? (iterations)
  +
example: memtest -t 5
  +
  +
<b>-L</b> points to a folder for bootloader upgrade in automatic mode
  +
example: BBUpdaterExtreme automatic -S -L /mnt1/bin
  +
  +
<b>-p</b> path? / parameters?
  +
example: BBUpdaterExtreme audioparameters -p /mnt1/bin/params.c
  +
  +
  +
<u><b>Switches with no args</b></u>
  +
  +
<b>-!</b> uses &quot;old style&quot; AT upgrade sequence (boot pattern 0x41, 0x54)
  +
example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -!
  +
  +
<b>-#</b> ??
  +
example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -#
  +
  +
<b>-D</b> Disable sleep (useful when flashing from userland)
  +
example: BBUpdater queryversion -D
  +
  +
<b>-P </b>disables the initial AT+ XGENDATA ping/check sequence (baseband info will shown as 'unknown')
  +
example: BBUpdaterExtreme queryversion -P
  +
  +
<b>-S</b> run without disabling sleep (useful in ramdisk)
  +
example: BBUpdater queryversion -S
  +
  +
<b>-l </b>load/ bootloader
   
 
[[Category:Baseband]]
 
[[Category:Baseband]]

Latest revision as of 15:33, 26 March 2017

This is the tool used by Apple to updateflash the Baseband of XGOLD basebands. It also allow to do some more things like changing the IMEI SV or just powercycling damaged baseband.

The tool seems to make a connection to the device to flash the firmware, the eeprom and the bootloader. The Device is the Emergency Bootloader of the iPhone which also is the only gate to flash the baseband.

There have been some tries to make custom fls / eep files ( which are needed to flash the baseband of the device ). This method could bring back 06.15.00 devices back which are now damaged.

With this tool it is not possible to downgrade any baseband version.

Commands

  • BBUpdaterExtreme help [unknown option] [?]
  • BBUpdaterExtreme queryversion | prints the current status of baseband firmware
  • BBUpdaterExtreme update -f ICE2_xx.xx.xx.fls -e ICE2_xx.xx.xx.eep | UPDATES ( not downgrades!!! ) Firmware version
  • BBUpdaterExtreme imeisv [option] | changes the imeisv value
  • BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores)
  • BBUpdaterExtreme audioparameters [?]
  • BBUpdaterExtreme ice3dump [?]
  • BBUpdaterExtreme staticeep [?]

Undocumented Commands

Source: [1]

update // performs manual update of Baseband BBUpdaterExtreme update -f /mnt1/gecko/bin/ICE2_05.16.05.fls ^^attempts an upgrade of single .FLS (flash) file only BBUpdaterExtreme update -e /usr/local/standalone/firmware/ICE2_05.16.05.fls ^^attempts an upgrade of single .EEP '(eeprom) file only BBUpdaterExtreme update -l bl.fls ^^attempts an upgrade of single .FLS bootloader file only

automatic // performs automatic update of Baseband BBUpdaterExtreme automatic -S -L /mnt1/bin -x ^^ this will update bootloader (if newer versions is available) BBUpdaterExtreme automatic -S -F /mnt1/bin -x ^^ this will update both fls and EEP in specified folder (if newer version is available)

imeisv // Sets the IMEI software version bits BBUpdaterExtreme imeisv -v 018

queryversion // prints current Baseband status (AT+XGENDATA) BBUpdaterExtreme queryversion

audioparameters // sets baseband EEP audio parameters BBUpdaterExtreme audioparameters -p /mnt1/bin/BasebandAudioParameters.c

powercycle // powercycles the modem BBUpdaterExtreme powercycle -o 5

staticeepcheck // Checks the backup of a static eep BBUpdaterExtreme staticeepcheck -F /mnt1/tmp

nukegnvram // Clears specific data from non volatile RAM BBUpdaterExtreme nukegnvram

memtest // Performs a Memory test BBUpdaterExtreme memtest

staticeep // Backs up static eep? BBUpdaterExtreme staticeep -d backup.bin -f ICE2_05.16.05.eep -S < ??? change

help supposed to show help, does nothing in recent versions


List of switches with args

-a ?? example: BBUpdaterExtreme update -e ICE2_05.16.05.eep -a 10

-b sets a specific boot code example: BBUpdaterExtreme update -e ICE2_05.15.04.eep -S -b 4154 <X-GOLD

-i Version ID; customize flashing per device example: BBUpdaterExtreme queryversion -i K48 < iPad (X-GOLD) BBUpdaterExtreme queryversion -i 1 <iPhone 3G? (S-GOLD) BBUpdaterExtreme queryversion -i 2 <iPhone 3GS? (X-GOLD) BBUpdaterExtreme queryversion -i 3 <iPhone 4? (XMM)

on 3GS : choosing 1 will give you "Opening device for pinging failed, did you forget to stop CommCenter?" Choosing 2 will successfully boot and flash Choosing 3 will hang on sending Boot code Choosing K48 will successfully boot and flash

-f file / flash file / firmware example: BBUpdaterExtreme update -f /mnt1/bin/ICE2_05.16.05.fls

-F Folder example: BBUpdaterExtreme automatic -S -F /mnt1/bin -x

-v Version example: BBUpdaterExtreme imeisv -v 018

-t test count? (iterations) example: memtest -t 5

-L points to a folder for bootloader upgrade in automatic mode example: BBUpdaterExtreme automatic -S -L /mnt1/bin

-p path? / parameters? example: BBUpdaterExtreme audioparameters -p /mnt1/bin/params.c


Switches with no args

-! uses "old style" AT upgrade sequence (boot pattern 0x41, 0x54) example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -!

-# ?? example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -#

-D Disable sleep (useful when flashing from userland) example: BBUpdater queryversion -D

-P disables the initial AT+ XGENDATA ping/check sequence (baseband info will shown as 'unknown') example: BBUpdaterExtreme queryversion -P

-S run without disabling sleep (useful in ramdisk) example: BBUpdater queryversion -S

-l load/ bootloader