Difference between revisions of "BBUpdaterExtreme"

From The iPhone Wiki
Jump to: navigation, search
m
 
(6 intermediate revisions by 5 users not shown)
Line 1: Line 1:
This is the tool the 3G ramdisk uses to upgrade the baseband
+
This is the tool used by Apple to updateflash the Baseband of XGOLD basebands.
  +
It also allow to do some more things like changing the IMEI SV or just powercycling damaged baseband.
  +
  +
The tool seems to make a connection to the device to flash the firmware, the eeprom and the bootloader.
  +
The Device is the Emergency Bootloader of the iPhone which also is the only gate to flash the baseband.
  +
  +
There have been some tries to make custom fls / eep files ( which are needed to flash the baseband of the device ).
  +
This method could bring back 06.15.00 devices back which are now damaged.
  +
  +
With this tool it is not possible to downgrade any baseband version.
   
 
==Commands==
 
==Commands==
  +
*BBUpdaterExtreme help [unknown option] [?]
*queryversion
 
  +
*BBUpdaterExtreme queryversion | prints the current status of baseband firmware
  +
*BBUpdaterExtreme update -f ICE2_xx.xx.xx.fls -e ICE2_xx.xx.xx.eep | UPDATES ( not downgrades!!! ) Firmware version
  +
*BBUpdaterExtreme imeisv [option] | changes the imeisv value
  +
*BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores)
  +
*BBUpdaterExtreme audioparameters [?]
  +
*BBUpdaterExtreme ice3dump [?]
  +
*BBUpdaterExtreme staticeep [?]
  +
  +
==Undocumented Commands==
  +
  +
Source: [http://forum.gsmhosting.com/vbb/8058886-post191.html]
  +
  +
<b><u>update // performs manual update of Baseband</u>
  +
</b>BBUpdaterExtreme update -f /mnt1/gecko/bin/ICE2_05.16.05.fls
  +
^^<i>attempts an upgrade of single .FLS (flash) file only</i>
  +
BBUpdaterExtreme update -e /usr/local/standalone/firmware/ICE2_05.16.05.fls
  +
^^<i>attempts an upgrade of single .EEP '(eeprom) file only</i>
  +
BBUpdaterExtreme update -l bl.fls
  +
^^<i>attempts an upgrade of single .FLS bootloader file only</i>
  +
  +
<b><u>automatic // performs automatic update of Baseband</u></b>
  +
BBUpdaterExtreme automatic -S -L /mnt1/bin -x
  +
^^ this will update bootloader (if newer versions is available)
  +
BBUpdaterExtreme automatic -S -F /mnt1/bin -x
  +
^^ this will update both fls and EEP in specified folder (if newer version is available)
  +
  +
<b><u>imeisv // Sets the IMEI software version bits</u></b>
  +
BBUpdaterExtreme imeisv -v 018
  +
  +
<b><u>queryversion // prints current Baseband status (AT+XGENDATA)</u></b>
  +
BBUpdaterExtreme queryversion
  +
  +
<b><u>audioparameters // sets baseband EEP audio parameters</u></b>
  +
BBUpdaterExtreme audioparameters -p /mnt1/bin/BasebandAudioParameters.c
  +
  +
<b><u>powercycle // powercycles the modem</u></b>
  +
BBUpdaterExtreme powercycle -o 5
  +
  +
<b><u>staticeepcheck // Checks the backup of a static eep</u></b>
  +
BBUpdaterExtreme staticeepcheck -F /mnt1/tmp
  +
  +
<b><u>nukegnvram // Clears specific data from non volatile RAM</u></b>
  +
BBUpdaterExtreme nukegnvram
  +
  +
<b><u>memtest // Performs a Memory test</u></b>
  +
BBUpdaterExtreme memtest
  +
  +
<b><u>staticeep // Backs up static eep?</u></b>
  +
BBUpdaterExtreme staticeep -d backup.bin -f ICE2_05.16.05.eep -S &lt; ??? change
  +
  +
<b><u>help</u></b>
  +
supposed to show help, does nothing in recent versions
  +
  +
  +
<b><u>List of switches with args</u></b>
  +
  +
<b>-a</b> ??
  +
example: BBUpdaterExtreme update -e ICE2_05.16.05.eep -a 10
  +
  +
<b>-b</b> sets a specific boot code
  +
example: BBUpdaterExtreme update -e ICE2_05.15.04.eep -S -b 4154 &lt;X-GOLD
  +
  +
<b>-i</b> Version ID; customize flashing per device
  +
example:
  +
BBUpdaterExtreme queryversion -i K48 &lt; iPad (X-GOLD)
  +
BBUpdaterExtreme queryversion -i 1 &lt;iPhone 3G? (S-GOLD)
  +
BBUpdaterExtreme queryversion -i 2 &lt;iPhone 3GS? (X-GOLD)
  +
BBUpdaterExtreme queryversion -i 3 &lt;iPhone 4? (XMM)
  +
  +
on 3GS :
  +
choosing 1 will give you &quot;Opening device for pinging failed, did you forget to stop CommCenter?&quot;
  +
Choosing 2 will successfully boot and flash
  +
Choosing 3 will hang on sending Boot code
  +
Choosing K48 will successfully boot and flash
  +
  +
<b>-f</b> file / flash file / firmware
  +
example: BBUpdaterExtreme update -f /mnt1/bin/ICE2_05.16.05.fls
  +
  +
<b>-F</b> Folder
  +
example: BBUpdaterExtreme automatic -S -F /mnt1/bin -x
  +
  +
<b>-v</b> Version
  +
example: BBUpdaterExtreme imeisv -v 018
  +
  +
<b>-t </b>test count? (iterations)
  +
example: memtest -t 5
  +
  +
<b>-L</b> points to a folder for bootloader upgrade in automatic mode
  +
example: BBUpdaterExtreme automatic -S -L /mnt1/bin
  +
  +
<b>-p</b> path? / parameters?
  +
example: BBUpdaterExtreme audioparameters -p /mnt1/bin/params.c
  +
  +
  +
<u><b>Switches with no args</b></u>
  +
  +
<b>-!</b> uses &quot;old style&quot; AT upgrade sequence (boot pattern 0x41, 0x54)
  +
example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -!
  +
  +
<b>-#</b> ??
  +
example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -#
  +
  +
<b>-D</b> Disable sleep (useful when flashing from userland)
  +
example: BBUpdater queryversion -D
  +
  +
<b>-P </b>disables the initial AT+ XGENDATA ping/check sequence (baseband info will shown as 'unknown')
  +
example: BBUpdaterExtreme queryversion -P
  +
  +
<b>-S</b> run without disabling sleep (useful in ramdisk)
  +
example: BBUpdater queryversion -S
   
  +
<b>-l </b>load/ bootloader
==Output==
 
Disabling thermal Notifications...OK
 
Disabling sleep...OK
 
Powering radio on through AppleBaseband
 
Doing a hardware reset through AppleBaseband
 
Opening device path /dev/cu.debug, using initial baud 115200
 
Pinging modem...Ping timed out, trying again, 9 tries left
 
Pinging modem...OK
 
Firmware Version: ICE2-01.45.00
 
EEP Version: EEP_VERSION:526
 
EEP Revision: EEP_REVISION:0
 
Boot Loader Version: ICE2_BOOT_05.08_G2M3S2
 
FLS/EEP Mismatch: Match
 
Doing a hardware reset through AppleBaseband
 
Configuring Hardware Mux...OK
 
-------------------------------------------------------------------------------
 
BEGINNING BOOT
 
-------------------------------------------------------------------------------
 
Sending boot code...OK
 
Automagic-ing firmware from path ICE2_01.45.00.fls...
 
- No compatible firmware files were found in ICE2_01 .45.00.fls
 
Automagic-ing firmware from path ICE2_01.45.00.fls -- All OK
 
!!! Exception at :0:
 
- BBUReturnAborted(8)/16: Automagic failed and can not perform update
 
Re-enabling thermal Notifications...OK
 
Re-enabling sleep...OK
 
   
{{stub|software}}
 
 
[[Category:Baseband]]
 
[[Category:Baseband]]
[[Category:Hacking Software]]
 

Latest revision as of 15:33, 26 March 2017

This is the tool used by Apple to updateflash the Baseband of XGOLD basebands. It also allow to do some more things like changing the IMEI SV or just powercycling damaged baseband.

The tool seems to make a connection to the device to flash the firmware, the eeprom and the bootloader. The Device is the Emergency Bootloader of the iPhone which also is the only gate to flash the baseband.

There have been some tries to make custom fls / eep files ( which are needed to flash the baseband of the device ). This method could bring back 06.15.00 devices back which are now damaged.

With this tool it is not possible to downgrade any baseband version.

Commands

  • BBUpdaterExtreme help [unknown option] [?]
  • BBUpdaterExtreme queryversion | prints the current status of baseband firmware
  • BBUpdaterExtreme update -f ICE2_xx.xx.xx.fls -e ICE2_xx.xx.xx.eep | UPDATES ( not downgrades!!! ) Firmware version
  • BBUpdaterExtreme imeisv [option] | changes the imeisv value
  • BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores)
  • BBUpdaterExtreme audioparameters [?]
  • BBUpdaterExtreme ice3dump [?]
  • BBUpdaterExtreme staticeep [?]

Undocumented Commands

Source: [1]

update // performs manual update of Baseband BBUpdaterExtreme update -f /mnt1/gecko/bin/ICE2_05.16.05.fls ^^attempts an upgrade of single .FLS (flash) file only BBUpdaterExtreme update -e /usr/local/standalone/firmware/ICE2_05.16.05.fls ^^attempts an upgrade of single .EEP '(eeprom) file only BBUpdaterExtreme update -l bl.fls ^^attempts an upgrade of single .FLS bootloader file only

automatic // performs automatic update of Baseband BBUpdaterExtreme automatic -S -L /mnt1/bin -x ^^ this will update bootloader (if newer versions is available) BBUpdaterExtreme automatic -S -F /mnt1/bin -x ^^ this will update both fls and EEP in specified folder (if newer version is available)

imeisv // Sets the IMEI software version bits BBUpdaterExtreme imeisv -v 018

queryversion // prints current Baseband status (AT+XGENDATA) BBUpdaterExtreme queryversion

audioparameters // sets baseband EEP audio parameters BBUpdaterExtreme audioparameters -p /mnt1/bin/BasebandAudioParameters.c

powercycle // powercycles the modem BBUpdaterExtreme powercycle -o 5

staticeepcheck // Checks the backup of a static eep BBUpdaterExtreme staticeepcheck -F /mnt1/tmp

nukegnvram // Clears specific data from non volatile RAM BBUpdaterExtreme nukegnvram

memtest // Performs a Memory test BBUpdaterExtreme memtest

staticeep // Backs up static eep? BBUpdaterExtreme staticeep -d backup.bin -f ICE2_05.16.05.eep -S < ??? change

help supposed to show help, does nothing in recent versions


List of switches with args

-a ?? example: BBUpdaterExtreme update -e ICE2_05.16.05.eep -a 10

-b sets a specific boot code example: BBUpdaterExtreme update -e ICE2_05.15.04.eep -S -b 4154 <X-GOLD

-i Version ID; customize flashing per device example: BBUpdaterExtreme queryversion -i K48 < iPad (X-GOLD) BBUpdaterExtreme queryversion -i 1 <iPhone 3G? (S-GOLD) BBUpdaterExtreme queryversion -i 2 <iPhone 3GS? (X-GOLD) BBUpdaterExtreme queryversion -i 3 <iPhone 4? (XMM)

on 3GS : choosing 1 will give you "Opening device for pinging failed, did you forget to stop CommCenter?" Choosing 2 will successfully boot and flash Choosing 3 will hang on sending Boot code Choosing K48 will successfully boot and flash

-f file / flash file / firmware example: BBUpdaterExtreme update -f /mnt1/bin/ICE2_05.16.05.fls

-F Folder example: BBUpdaterExtreme automatic -S -F /mnt1/bin -x

-v Version example: BBUpdaterExtreme imeisv -v 018

-t test count? (iterations) example: memtest -t 5

-L points to a folder for bootloader upgrade in automatic mode example: BBUpdaterExtreme automatic -S -L /mnt1/bin

-p path? / parameters? example: BBUpdaterExtreme audioparameters -p /mnt1/bin/params.c


Switches with no args

-! uses "old style" AT upgrade sequence (boot pattern 0x41, 0x54) example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -!

-# ?? example: BBUpdaterExtreme update -f ICE2_05.16.05.fls -#

-D Disable sleep (useful when flashing from userland) example: BBUpdater queryversion -D

-P disables the initial AT+ XGENDATA ping/check sequence (baseband info will shown as 'unknown') example: BBUpdaterExtreme queryversion -P

-S run without disabling sleep (useful in ramdisk) example: BBUpdater queryversion -S

-l load/ bootloader