Difference between revisions of "Baseband Device"

From The iPhone Wiki
Jump to: navigation, search
(The iPhone 12 series uses the Qualcomm Snapdragon X55 Baseband Chipset!)
(4 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
See also: [[Baseband Commands]] and [[iOS Baseband Tools]].
 
See also: [[Baseband Commands]] and [[iOS Baseband Tools]].
 
==Device List==
 
==Device List==
  +
<onlyinclude> <!-- Do not remove this tag, it is used as part of the main page transclution! -->
===[[PMB8876]] S-Gold 2===
 
  +
=====[[PMB8876]] S-Gold 2=====
 
* [[M68AP|iPhone]]
 
* [[M68AP|iPhone]]
   
===[[PMB8878]] X-Gold 608===
+
=====[[PMB8878]] X-Gold 608=====
 
* [[K48AP|iPad]]
 
* [[K48AP|iPad]]
 
* [[N82AP|iPhone 3G]]
 
* [[N82AP|iPhone 3G]]
 
* [[N88AP|iPhone 3GS]]
 
* [[N88AP|iPhone 3GS]]
   
===[[XMM 6180]] X-Gold 618===
+
=====[[XMM 6180]] X-Gold 618=====
 
* iPad 2 [[K94AP|(iPad2,2)]]
 
* iPad 2 [[K94AP|(iPad2,2)]]
 
* iPhone 4 [[N90AP|(iPhone3,1)]] and [[N90BAP|(iPhone3,2)]]
 
* iPhone 4 [[N90AP|(iPhone3,1)]] and [[N90BAP|(iPhone3,2)]]
   
===[[MDM6600]]===
+
=====[[MDM6600]]=====
 
* iPad 2 [[K95AP|(iPad2,3)]]
 
* iPad 2 [[K95AP|(iPad2,3)]]
 
* iPhone 4 [[N92AP|(iPhone3,3)]]
 
* iPhone 4 [[N92AP|(iPhone3,3)]]
   
===[[MDM6610]]===
+
=====[[MDM6610]]=====
 
* [[iPhone 4S]]
 
* [[iPhone 4S]]
   
===[[MDM9600]]===
+
=====[[MDM9600]]=====
 
* [[iPad (3rd generation)]]
 
* [[iPad (3rd generation)]]
   
===[[MDM9615]]===
+
=====[[MDM9615]]=====
  +
* [[iPad (4th generation)]]
 
* [[iPad Air]]
 
* [[iPad Air]]
 
* [[iPad mini]]
 
* [[iPad mini]]
Line 34: Line 36:
 
* [[iPhone 5s]]
 
* [[iPhone 5s]]
   
===[[MDM9625]]===
+
=====[[MDM9625]]=====
 
* [[iPad (5th generation)]]
 
* [[iPad (5th generation)]]
 
* [[iPad Air 2]]
 
* [[iPad Air 2]]
Line 43: Line 45:
 
* [[iPhone SE (1st generation)]]
 
* [[iPhone SE (1st generation)]]
   
===[[MDM9635]]===
+
=====[[MDM9635]]=====
 
* [[Apple Watch Series 3]]
 
* [[Apple Watch Series 3]]
 
* [[iPad (6th generation)]]
 
* [[iPad (6th generation)]]
Line 50: Line 52:
 
* [[iPhone 6s Plus]]
 
* [[iPhone 6s Plus]]
   
===[[MDM9645]]===
+
=====[[MDM9645]]=====
 
* [[iPad Pro (10.5-inch)]]
 
* [[iPad Pro (10.5-inch)]]
 
* [[iPad Pro (12.9-inch) (2nd generation)]]
 
* [[iPad Pro (12.9-inch) (2nd generation)]]
Line 56: Line 58:
 
* [[iPhone 7 Plus]]
 
* [[iPhone 7 Plus]]
   
===[[PMB9943]] X-Gold 736===
+
=====[[PMB9943]] X-Gold 736=====
 
* [[iPhone 7]]
 
* [[iPhone 7]]
 
* [[iPhone 7 Plus]]
 
* [[iPhone 7 Plus]]
   
===[[MDM9655]]===
+
=====[[MDM9655]]=====
 
* [[iPhone 8]]
 
* [[iPhone 8]]
 
* [[iPhone 8 Plus]]
 
* [[iPhone 8 Plus]]
 
* [[iPhone X]]
 
* [[iPhone X]]
   
===[[PMB9948]] X-Gold 748===
+
=====[[PMB9948]] X-Gold 748=====
 
* [[iPhone 8]]
 
* [[iPhone 8]]
 
* [[iPhone 8 Plus]]
 
* [[iPhone 8 Plus]]
 
* [[iPhone X]]
 
* [[iPhone X]]
   
===[[PMB9955]] X-Gold 756===
+
=====[[PMB9955]] X-Gold 756=====
 
* [[Apple Watch Series 4]]
 
* [[Apple Watch Series 4]]
 
* [[Apple Watch Series 5]]
 
* [[Apple Watch Series 5]]
  +
* [[Apple Watch SE]]
  +
* [[Apple Watch Series 6]]
 
* [[iPad (7th generation)]]
 
* [[iPad (7th generation)]]
  +
* [[iPad (8th generation)]]
 
* [[iPad Air (3rd generation)]]
 
* [[iPad Air (3rd generation)]]
 
* [[iPad Pro (11-inch)]]
 
* [[iPad Pro (11-inch)]]
Line 82: Line 87:
 
* [[iPhone XS Max]]
 
* [[iPhone XS Max]]
   
===[[PMB9960]] X-Gold 766===
+
=====[[PMB9960]] X-Gold 766=====
  +
* [[iPad Air (4th generation)]]
 
* [[iPad Pro (11-inch) (2nd generation)]]
 
* [[iPad Pro (11-inch) (2nd generation)]]
 
* [[iPad Pro (12.9-inch) (4th generation)]]
 
* [[iPad Pro (12.9-inch) (4th generation)]]
Line 90: Line 96:
 
* [[iPhone SE (2nd generation)]]
 
* [[iPhone SE (2nd generation)]]
   
===[[SDX55M]]===
+
=====[[SDX55M]]=====
  +
* [[iPad Pro (11-inch) (3rd generation)]]
  +
* [[iPad Pro (12.9-inch) (5th generation)]]
 
* [[iPhone 12 mini]]
 
* [[iPhone 12 mini]]
 
* [[iPhone 12]]
 
* [[iPhone 12]]
 
* [[iPhone 12 Pro]]
 
* [[iPhone 12 Pro]]
 
* [[iPhone 12 Pro Max]]
 
* [[iPhone 12 Pro Max]]
  +
</onlyinclude> <!-- Do not remove this tag, it is used as part of the main page transclution! -->
   
 
==[[Seczone]]==
 
==[[Seczone]]==
Line 147: Line 156:
   
 
===[[MDM9645]]===
 
===[[MDM9645]]===
* none
+
* None
   
 
===[[PMB9943]] X-Gold 736===
 
===[[PMB9943]] X-Gold 736===
* none
+
* None
   
 
===[[MDM9655]]===
 
===[[MDM9655]]===
* none
+
* None
   
 
===[[PMB9948]] X-Gold 748===
 
===[[PMB9948]] X-Gold 748===
* none
+
* None
   
 
===[[PMB9955]] X-Gold 756===
 
===[[PMB9955]] X-Gold 756===
* none
+
* None
   
 
===[[PMB9960]] X-Gold 766===
 
===[[PMB9960]] X-Gold 766===
* none
+
* None
   
 
===[[SDX55M]]===
 
===[[SDX55M]]===
* none
+
* None
   
 
==Theoretical Attacks==
 
==Theoretical Attacks==

Revision as of 02:25, 2 May 2021

the Baseband Device is the chipset that all iPhones and cellular models of the Apple Watch, iPad, iPad Air, iPad mini, and iPad Pro use that manages all the functions which require a cellular antenna. it has its own RAM and Firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores it's MAC addresses in its NVRAM.

See also: Baseband Commands and iOS Baseband Tools.

Device List

PMB8876 S-Gold 2
PMB8878 X-Gold 608
XMM 6180 X-Gold 618
MDM6600
MDM6610
MDM9600
MDM9615
MDM9625
MDM9635
MDM9645
PMB9943 X-Gold 736
MDM9655
PMB9948 X-Gold 748
PMB9955 X-Gold 756
PMB9960 X-Gold 766
SDX55M


Seczone

This is the area in the baseband where the lock state is stored.

Layout

0x400--NCK token
0xA00--IMEI signature
0xB00--IMEI
0xC00--Locks table

Encryption

Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits

PMB8876 S-Gold 2

PMB8878 X-Gold 608

XMM 6180 X-Gold 618

MDM6600

  • None

MDM6610

  • None

MDM9600

  • None

MDM9615

  • None

MDM9625

  • None

MDM9635

  • None

MDM9645

  • None

PMB9943 X-Gold 736

  • None

MDM9655

  • None

PMB9948 X-Gold 748

  • None

PMB9955 X-Gold 756

  • None

PMB9960 X-Gold 766

  • None

SDX55M

  • None

Theoretical Attacks

Boot Chain

bootrom->bootloader->firmware