Difference between revisions of "Baseband Bootloader"

From The iPhone Wiki
Jump to: navigation, search
m
m (Updating.)
 
(38 intermediate revisions by 20 users not shown)
Line 1: Line 1:
 
The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also [[bootloader]].
 
The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also [[bootloader]].
   
  +
== [[S-Gold 2]] Revisions ==
==3.9==
 
  +
=== 3.1 ===
This is the old bootloader from the [[iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x400]] and [[IPSF]]
 
  +
Found in the iOS 1.0 and 1.1.1 [[Ramdisk]]s for the [[M68AP|iPhone]].
  +
=== 3.8 ===
  +
Found in the iOS 1.0 and 1.1.1 [[Ramdisk]]s for the [[M68AP|iPhone]]. It was often (unintentionally) installed when someone with a [[Fakeblank]]ed bootloader 3.9 downgraded to 1.0 or 1.1.1. This can be re-updated with [[BootNeuter]].
  +
=== 3.9 ===
  +
This is the old bootloader from the [[M68AP|iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x400]] and [[IPSF]]
  +
=== 4.6 ===
  +
This is the new bootloader from the [[M68AP|iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x20000 with Back Extend Erase]]
   
  +
== [[X-Gold 608]] Revisions==
==4.6==
 
  +
=== 5.8 ===
This is the new bootloader from the [[iPhone]]/[[S-Gold 2]]. It is vulnerable to [[Minus 0x20000 with Back Extend Erase]]
 
  +
This is the bootloader from the [[N82AP|iPhone 3G]]/[[X-Gold 608]]. It is, in contrast to 3.9 and 4.6, sig checked on startup. There is an exploit where the main fw cert is passed with the loader instead of the loader cert, and it checks the main firmware instead, allowing you to upload unsigned loader code. This has been fixed in 5.9. You can downgrade from 02.30.03 to 02.28.00 using [[pHaseBanDowngrader]] (by pH) in the Bootloader 5.8 or from 05.14.02,05.15.04 and 06.15.00 in the 5.8 Bootloader with [[Fuzzyband Downgrader]]. It once also downgraded 05.11.07, 05.12.01 and 05.13.04 to 04.26.08.
   
  +
DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.
==5.8==
 
This is the bootloader from the [[iPhone 3G]]/[[X-Gold 608]]. Currently it has no known exploits. It is, in contrast to 3.9 and 4.6, sig checked on startup. DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.
 
   
==5.9==
+
=== 5.9 ===
This is the lastet bootloader of iPhone 3G/X-Gold 608. Still has no kwown exploits and it was released as soon as Apple knew The Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9. DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.9.fls
+
This is the bootloader of version 2.1 and 2.2 OTB (and some 2.0 OTB) [[N82AP|iPhone 3G]]/[[X-Gold 608]]. Still has no known exploits and it was released as soon as Apple knew [[iPhone Dev Team]] could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9 and higher.
  +
  +
DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.9.fls
  +
=== 6.2 ===
  +
This is the latest bootloader of version 2.2.1 OTB in 2008 [[N82AP|iPhone 3G]]/[[X-Gold 608]]. Still has no known exploits and it was released as soon as Apple knew [[iPhone Dev Team]] could unlock their iPhone 3G baseband version 2.28 by yellowsn0w. Now, all the iPhone 3G 2.2.1 OTB has bootloader 6.2.
  +
  +
DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.6.2.fls
  +
=== 6.4 ===
  +
This is the latest bootloader of version 2.2.1 OTB in 2009 [[N82AP|iPhone 3G]]/[[X-Gold 608]]. Still has no known exploits and it was released as soon as Apple released firmware 3.x beta for testing. [[N88AP|iPhone 3GS]] and [[K48AP|iPad 3G+WiFi]] units contain this bootloader as well. As of the 3.x firmwares (baseband v. 4.x), the baseband now contains the loader of bootloader 6.4.
  +
  +
DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.6.4.fls
  +
  +
== [[X-Gold 618]], [[MDM6600]], [[MDM6610]] Revisions ==
  +
=== 2.06 ===
  +
This is the bootloader that ships with the [[iPhone 4]]. It has no known exploits. It is in a zip file with the baseband in the iPhone firmware. The name of the zip file in iOS 4.0-4.0.2 is ICE3_01.59.00_BOOT_02.06.Release.bbfw.
  +
=== 2.08 ===
  +
This is a new bootloader for the [[iPhone 4]], the bootloader was updated at 4.1 and used on iPhone 4 4.1-4.2.1 OTB. It doesn't allow a downgrade, even if the older baseband is still signed from Apple. It has no known exploits. It is in a zip file with the baseband in the iPhone firmware. The name of the zip file in iOS 4.1 is ICE3_02.10.04_BOOT_02.08.Release.bbfw.
  +
=== 2.13 ===
  +
This is a new bootloader for the [[iPhone 4]] and [[K94AP|iPad 2 (iPad2,2)]] and ships with iOS 4.3-5.0 OTB. The name of the baseband file in iOS 4.3.3 is ICE3_04.10.01_BOOT_02.13.Release.bbfw and doesn't allow baseband downgrades also if the baseband is still signed by Apple. Also this version is being used in the initial shipment of the [[N94AP|iPhone 4S]].
  +
[[Category:Baseband]]

Latest revision as of 07:59, 8 October 2015

The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also bootloader.

S-Gold 2 Revisions

3.1

Found in the iOS 1.0 and 1.1.1 Ramdisks for the iPhone.

3.8

Found in the iOS 1.0 and 1.1.1 Ramdisks for the iPhone. It was often (unintentionally) installed when someone with a Fakeblanked bootloader 3.9 downgraded to 1.0 or 1.1.1. This can be re-updated with BootNeuter.

3.9

This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF

4.6

This is the new bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x20000 with Back Extend Erase

X-Gold 608 Revisions

5.8

This is the bootloader from the iPhone 3G/X-Gold 608. It is, in contrast to 3.9 and 4.6, sig checked on startup. There is an exploit where the main fw cert is passed with the loader instead of the loader cert, and it checks the main firmware instead, allowing you to upload unsigned loader code. This has been fixed in 5.9. You can downgrade from 02.30.03 to 02.28.00 using pHaseBanDowngrader (by pH) in the Bootloader 5.8 or from 05.14.02,05.15.04 and 06.15.00 in the 5.8 Bootloader with Fuzzyband Downgrader. It once also downgraded 05.11.07, 05.12.01 and 05.13.04 to 04.26.08.

DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.

5.9

This is the bootloader of version 2.1 and 2.2 OTB (and some 2.0 OTB) iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew iPhone Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9 and higher.

DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.9.fls

6.2

This is the latest bootloader of version 2.2.1 OTB in 2008 iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew iPhone Dev Team could unlock their iPhone 3G baseband version 2.28 by yellowsn0w. Now, all the iPhone 3G 2.2.1 OTB has bootloader 6.2.

DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.6.2.fls

6.4

This is the latest bootloader of version 2.2.1 OTB in 2009 iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple released firmware 3.x beta for testing. iPhone 3GS and iPad 3G+WiFi units contain this bootloader as well. As of the 3.x firmwares (baseband v. 4.x), the baseband now contains the loader of bootloader 6.4.

DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.6.4.fls

X-Gold 618, MDM6600, MDM6610 Revisions

2.06

This is the bootloader that ships with the iPhone 4. It has no known exploits. It is in a zip file with the baseband in the iPhone firmware. The name of the zip file in iOS 4.0-4.0.2 is ICE3_01.59.00_BOOT_02.06.Release.bbfw.

2.08

This is a new bootloader for the iPhone 4, the bootloader was updated at 4.1 and used on iPhone 4 4.1-4.2.1 OTB. It doesn't allow a downgrade, even if the older baseband is still signed from Apple. It has no known exploits. It is in a zip file with the baseband in the iPhone firmware. The name of the zip file in iOS 4.1 is ICE3_02.10.04_BOOT_02.08.Release.bbfw.

2.13

This is a new bootloader for the iPhone 4 and iPad 2 (iPad2,2) and ships with iOS 4.3-5.0 OTB. The name of the baseband file in iOS 4.3.3 is ICE3_04.10.01_BOOT_02.13.Release.bbfw and doesn't allow baseband downgrades also if the baseband is still signed by Apple. Also this version is being used in the initial shipment of the iPhone 4S.