Difference between revisions of "Baseband Device"

From The iPhone Wiki
Jump to: navigation, search
(Exploits)
m
Line 1: Line 1:
 
This is the device in the iPhone that manages all the functions which require an antenna. The baseband processor has its own RAM and firmware in NOR flash, separate from the [[ARM]] core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores their MAC addresses in it's NVRAM.
 
This is the device in the iPhone that manages all the functions which require an antenna. The baseband processor has its own RAM and firmware in NOR flash, separate from the [[ARM]] core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores their MAC addresses in it's NVRAM.
   
The [[iPhone]]'s baseband processor is the [[S-Gold 2]].
+
The [[M68ap|iPhone]]'s baseband processor is the [[S-Gold 2]]. The [[N82ap|iPhone 3G]] and the [[N88ap|iPhone 3GS]] make use of the [[X-Gold 608]] chip for this purpose. The [[N90ap|iPhone 4]] uses the [[XMM 6180]].
The [[iPhone 3G]] and the [[iPhone 3GS]] make use of the [[X-Gold 608]] chip for this purpose.
 
   
 
You can check some [[Baseband Commands]] too (by pH and EvilPenguin).
 
You can check some [[Baseband Commands]] too (by pH and EvilPenguin).
Line 20: Line 19:
 
==Exploits==
 
==Exploits==
 
* [[SIM hacks]]
 
* [[SIM hacks]]
  +
 
===[[S-Gold 2]]===
 
===[[S-Gold 2]]===
 
* [[Fakeblank]]
 
* [[Fakeblank]]
Line 25: Line 25:
 
* [[Minus 0x400]]
 
* [[Minus 0x400]]
 
* [[Minus 0x20000 with Back Extend Erase]]
 
* [[Minus 0x20000 with Back Extend Erase]]
  +
 
===[[X-Gold 608]]===
 
===[[X-Gold 608]]===
 
* [[JerrySIM]]
 
* [[JerrySIM]]
Line 31: Line 32:
 
* [[AT+XEMN Heap Overflow]]
 
* [[AT+XEMN Heap Overflow]]
 
* [[AT+XAPP Vulnerability]]
 
* [[AT+XAPP Vulnerability]]
  +
===[[XMM_6180]]===
 
  +
===[[XMM 6180]]===
 
* [[AT+XAPP Vulnerability]]
 
* [[AT+XAPP Vulnerability]]
   

Revision as of 17:31, 17 July 2010

This is the device in the iPhone that manages all the functions which require an antenna. The baseband processor has its own RAM and firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores their MAC addresses in it's NVRAM.

The iPhone's baseband processor is the S-Gold 2. The iPhone 3G and the iPhone 3GS make use of the X-Gold 608 chip for this purpose. The iPhone 4 uses the XMM 6180.

You can check some Baseband Commands too (by pH and EvilPenguin).

Seczone

This is the area in the baseband where the lock state is stored.

Layout

0x400--NCK token
0xB00--IMEI
0xB10--IMEI signature
0xC00--Locks table

Encryption

Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits

S-Gold 2

X-Gold 608

XMM 6180

Theoretical Attacks

Boot Chain

bootrom->bootloader->firmware