Difference between revisions of "Baseband Device"

From The iPhone Wiki
Jump to: navigation, search
(The iPhone 12 series uses the Qualcomm Snapdragon X55 Baseband Chipset!)
(One intermediate revision by one other user not shown)
Line 41: Line 41:
 
* [[iPhone 6]]
 
* [[iPhone 6]]
 
* [[iPhone 6 Plus]]
 
* [[iPhone 6 Plus]]
* [[iPhone SE]]
+
* [[iPhone SE (1st generation)]]
   
 
===[[MDM9635]]===
 
===[[MDM9635]]===
Line 89: Line 89:
 
* [[iPhone 11 Pro Max]]
 
* [[iPhone 11 Pro Max]]
 
* [[iPhone SE (2nd generation)]]
 
* [[iPhone SE (2nd generation)]]
  +
  +
===[[SDX55M]]===
  +
* [[iPhone 12 mini]]
  +
* [[iPhone 12]]
  +
* [[iPhone 12 Pro]]
  +
* [[iPhone 12 Pro Max]]
   
 
==[[Seczone]]==
 
==[[Seczone]]==
Line 156: Line 162:
   
 
===[[PMB9960]] X-Gold 766===
 
===[[PMB9960]] X-Gold 766===
  +
* none
  +
  +
===[[SDX55M]]===
 
* none
 
* none
   

Revision as of 02:22, 24 October 2020

the Baseband Device is the chipset that all iPhones and cellular models of the Apple Watch, iPad, iPad Air, iPad mini, and iPad Pro use that manages all the functions which require a cellular antenna. it has its own RAM and Firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores it's MAC addresses in its NVRAM.

See also: Baseband Commands and iOS Baseband Tools.

Device List

PMB8876 S-Gold 2

PMB8878 X-Gold 608

XMM 6180 X-Gold 618

MDM6600

MDM6610

MDM9600

MDM9615

MDM9625

MDM9635

MDM9645

PMB9943 X-Gold 736

MDM9655

PMB9948 X-Gold 748

PMB9955 X-Gold 756

PMB9960 X-Gold 766

SDX55M

Seczone

This is the area in the baseband where the lock state is stored.

Layout

0x400--NCK token
0xA00--IMEI signature
0xB00--IMEI
0xC00--Locks table

Encryption

Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits

PMB8876 S-Gold 2

PMB8878 X-Gold 608

XMM 6180 X-Gold 618

MDM6600

  • None

MDM6610

  • None

MDM9600

  • None

MDM9615

  • None

MDM9625

  • None

MDM9635

  • None

MDM9645

  • none

PMB9943 X-Gold 736

  • none

MDM9655

  • none

PMB9948 X-Gold 748

  • none

PMB9955 X-Gold 756

  • none

PMB9960 X-Gold 766

  • none

SDX55M

  • none

Theoretical Attacks

Boot Chain

bootrom->bootloader->firmware