Difference between revisions of "Baseband Bootloader"

From The iPhone Wiki
Jump to: navigation, search
Line 9: Line 9:
   
 
===5.8===
 
===5.8===
This is the bootloader from the [[iPhone 3G]]/[[X-Gold 608]]. Currently it has no known exploits. It is, in contrast to 3.9 and 4.6, sig checked on startup.
+
This is the bootloader from the [[iPhone 3G]]/[[X-Gold 608]]. It is, in contrast to 3.9 and 4.6, sig checked on startup. There is an exploit where the main fw cert is passed with the loader instead of the loader cert, and it checks the main firmware instead, allowing to upload any loader. This has been fixed in 5.9
   
 
DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.
 
DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.

Revision as of 19:12, 10 April 2009

The baseband bootloader is the code which runs before the baseband FW, it is responsible for signature checking and updating the baseband. See also bootloader.

Revisions

3.9

This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF

4.6

This is the new bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x20000 with Back Extend Erase

5.8

This is the bootloader from the iPhone 3G/X-Gold 608. It is, in contrast to 3.9 and 4.6, sig checked on startup. There is an exploit where the main fw cert is passed with the loader instead of the loader cert, and it checks the main firmware instead, allowing to upload any loader. This has been fixed in 5.9

DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.8.fls.

5.9

This is the latest bootloader of iPhone 3G/X-Gold 608. Still has no known exploits and it was released as soon as Apple knew Dev Team could downgrade their iPhone 3G baseband from 1.48 to 1.45. Now, all the iPhone 3G has bootloader 5.9.

DWD_ICE2_SECURE_BOOTLOADER/Secure_ICE2_Bootloader.5.9.fls