Talk:Main Page

From The iPhone Wiki
Revision as of 13:49, 13 May 2012 by Kambiz (talk | contribs) (Baseband downgrade possibility: Attempt for 04.11.08/04.12.01 to 04.10.01: new section)
Jump to: navigation, search
Archives
 • 2009 • 2010 • 2011 • 2012 • 2013 •

iPhone Tracker

iPhone Tracker? --5urd 11:34, 9 September 2011 (MDT)

Apple TV 3

As I am told, it is Apple TV 3G. Just because the blogs use "iPod Touch 4," that doesnt mean we use that. --5urd 17:30, 7 March 2012 (MST)

Firmware

How is iOS 5.1 for iPhone 3GS Jailbreakable untethered for old bootrom and tethered for new bootrom when the holes were patched(from what I understand) and on the main page it shows there is no jailbreak for everything else. I'm confused here. --The preceding unsigned comment was added by Staycool72 (talk) 8 March 2012, 0:43 GMT. Please consult this page for more info on how to sign pages, and how to fix this.

I am going to try and answer though it is hard to tell what you are asking by your grammar. Those are bootrom exploits, which cannot be patched by any firmware update. There isn't a jailbreak available though, they have to update the programs like redsn0w to work with the new version of iOS. Once it is updated the jailbreak will be untethered for old bootroms and tethered for the new ones (excluding 4S and iPads since there isn't any bootrom exploits for those). Modern jailbreaks require userland exploits to be untethered, but iOS 5.1 patched the vulnerabilities we have been using to get untethered. Hope that helps. --Jacob 18:09, 7 March 2012 (MST)
Correct the vulnerabilities for iOS 5.1 are patched so therefor on the firmware page iOS 5.1 for iPhone 3GS should say no for (Can it be jailbroken? (old bootrom and new bootrom) and not yes, that it why I am confused because the main page says no --Staycool72 20:30, 7 March 2012 (EST)
iOS 5.1 can be jailbroken on the iPhone 3GS, but at the time of writing this, there are no tools that support jailbreaking iOS 5.1. --Dialexio 18:34, 7 March 2012 (MST)
ok it answers my question. --Staycool72 20:49, 7 March 2012 (EST)

Brazilian Carriers and Cellular Devices

Wanted to let you people know that all Cellular devices sold in Brazil must be factory-unlocked according to a federal law. This should be added to the main page, as it already states the same about GSM iPads in everywhere but Japan. Cellular devices sold in Brazil must be factory-unlocked or the supplier must provide an official unlock if the user demands so. Luxiel 06:55, 24 April 2012 (MDT)

I'm against this. Japan is the other way round, an exception. Many countries now sell unlocked devices. Anybody else? --http 16:15, 24 April 2012 (MDT)
I'll have to say no to this also. Cellular iPads are sold unlocked in every country except Japan (and maybe a few others that we don't know of). --Dialexio 16:56, 24 April 2012 (MDT)
My bad, I think I mistook the real reason behind that information being stated... Thanks for the answers. --Luxiel 08:28, 2 May 2012 (MDT)

Baseband Chip Page Titles

For the baseband chip page titles, I think we should stick with the model number despite the marketing name. Pages:

--5urd 21:35, 8 May 2012 (MDT)

I'm leaning more towards the marketing names, since I think people are more familiar with them and they've been in use for a long time. We've always referred to the iPhone 2G's baseband as the "S-Gold 2" and the iPhone 3G/3GS's baseband as the "X-Gold 608." (By the way, it sounds like Qualcomm "markets" their chips by model number. [1]) --Dialexio 00:11, 9 May 2012 (MDT)
I created most of these newer pages and always used the model number (without space). So I agree with that in general. Changing old ones is a totally different story though, where we need more consent. I would be for it (and create a redirect on the marketing names). --http 01:52, 9 May 2012 (MDT)

Baseband downgrade possibility: Attempt for 04.11.08/04.12.01 to 04.10.01

0x1 There is no downgrade possibility; according to the most basis of fact in how baseband works as explained by dear MuscleNerd and there is signature checks as well as bootloader's chain of trust that I'm not going to repeat them again, but for this topic I start from iTunes error 1,-1,11

0x2 iTunes error 1,-1,11 : We will get this error whenever we want to do something with BB which is not allowed by apple. you can read about these error in detail from here[2]. Going deeper, this error raise by baseband's bootloader whenever you attempt to downgrade BB (in this case), this happens inside the NOR so this is why we can not exploit it easily from the outside. Another reason for this error (and in here the most important one that I wanted to discuss) is that apple no longer signing that firmware.

0x3 The situation that there is no BB installed on iPhone! : I could restore my iPhone4 in the case of there will be no BB at all. I called it reset my BB. There will be no Wifi, no BT. At the first time (a few months since I've started to work on) I thought it is dead (as apple confirmed this also). But I could restore it only to stock firmware with the latest one. So for who stays in 04.11.08 it may lead to do upgrade to 04.12.01 permanently with the latest iOS, now is 5.1.1 and before for me was 5.0.1, so be sure what you are doing and then go to reset the BB. So back to the game, if there was no BB then there is no bootloeader inside the NOR to stuck BB update process but I do not know that in this case what happened to "sectable" also known as "locktable" which is the master accountable to unlock the carrier, any way I think so only firmware signature checking by apple will be remain in "restore verify process" by iTunes. because as mentioned earlier, "currentBB"(BB to be updated) is allowed to be update by "comingBB" (BB to be updating to) only if : 1. "currentBB" < "comingBB" (= are you the most recent/lastest BB?) 2. "comingBB" is now signing by apple (=if so, does apple sign you? Are you eligible?) Huum... What happens if "currentBB"="null/zero/no matter"? Could we eliminate option (1) from the security check above in this case? So what next?

0x4 Track back to the issue lead us inside the bbfw file (ICE3_04.11.08_BOOT_02.13.Release) which contains four .fls files inside, and the most important one is psi_flash.fls who is in charge of security checks before handover the routines to stack.fls which is responsible for updating the baseband. This file does like NOR bootloader but fortunately it's outside the device so it is accessible but not such easy format to be understand by programmers. They are raw ROM based images for XMM6180 chip, ARM based and programmed in Thread-X, but the compiler is unknown; I will write about some disassembly notes using ida pro 6.1; by the way I leave my iPhone with no BB trying to find out and break the trust chains in the above files in order to bypass the bootloader security checks which may let us to downgrade to 04.10.01 which is currently unlocked by Gevey. Keep in mind that if this solution works..., it will need the SHSH for downgrading the iOS firmware to do reset the BB. I heard that iPhoneDevTeam are going to release the new version of Redsn0w which there will be no need to restore by iTunes but I do not know if the baseband approaches supposed to be addressed or it will work like iFaith that is basically bypass (preserve) BB, any way if I found this article useful I will note about disassembly and possibility approach as well as BB reset to share with any followers.


--Kambiz 07:49, 13 May 2012 (MDT)K.N