|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "BootNeuter"
MuscleNerd (talk | contribs) |
(Tried to rewrite parts; too much was copied and pasted from the Dev Team's page.) |
||
| Line 1: | Line 1: | ||
| + | [[Image:Bootneuter.png|right|thumb|BootNeuter on firmware 2.0.|300px]] |
||
| − | == Summary == |
||
| + | BootNeuter allows one to unlock their iPhone, "neuter" it, flash a Fakeblank bootloader, and flash the 3.9 or 4.6 bootloader image, regardless of the iPhone's bootloader version. |
||
| + | == Neuter == |
||
| − | '''BootNeuter gives you total control of your first-gen iPhone's S-Gold bootloader and baseband.''' |
||
| + | A neutered bootloader has many restrictions placed by the bootloader removed. With a neutered bootloader: |
||
| − | |||
| + | *The baseband is no longer integrity-checked, so modifications (including unlocking) can be made. |
||
| − | It's an application you run right on your iPhone that lets you: |
||
| + | *Secpack restrictions are removed |
||
| − | |||
| + | **You are free to downgrade your baseband using bbupdater without having to run ieraser/ienew first. |
||
| − | '''Neuter''' your bootloader |
||
| + | **No longer does the “greater than” (4.6BL) or “greater than or equal” (3.9BL) rule apply. You can arbitrarily go up and down regardless of what secpacks you use. |
||
| − | |||
| + | *Secpack signatures are ignored |
||
| − | '''Unlock''' your baseband |
||
| + | **The RSA encrypted header is no longer checked for correct hash values by the bootloader |
||
| − | |||
| + | **The *.fls files can be patched and fed to bbupdater directly |
||
| − | '''Reflash''' your bootloader to 3.9BL or 4.6BL no matter what version you're at now (even if you're at 3.8BL) |
||
| + | **A copy of the last used secpack will be saved at a03c0000, retrievable via norz or similar dumpers. Not that secpacks even matter anymore. |
||
| − | |||
| − | '''Fakeblank''' your bootloader to let you run serial payloads directly on your S-Gold |
||
| − | |||
| − | == Screenshot == |
||
| − | [[Image:Bootneuter.png]] |
||
| − | |||
| − | == Neutering == |
||
| − | |||
| − | A neutered bootloader gives you absolute control over your baseband. The restrictions normally applied by the bootloader are completely lifted! With a neutered bootloader: |
||
| − | |||
| − | The baseband is no longer integrity-checked |
||
| − | Can be patched (unlocked or other custom modifications) |
||
| − | 4.6BL will even run with patched baseband – no need to revert to 3.9BL even with most recent firmware |
||
| − | Secpack restrictions are removed |
||
| − | You are free to downgrade your baseband using bbupdater without having to run ieraser/ienew first. |
||
| − | No longer does the “greater than” (4.6BL) or “greater than or equal” (3.9BL) rule apply. You can arbitrarily go up and down regardless of what secpacks you use. |
||
| − | Secpack signatures are ignored |
||
| − | The RSA encrypted header is no longer checked for correct hash values by the bootloader |
||
| − | The *.fls files can be patched and fed to bbupdater directly |
||
| − | A copy of the last used secpack will be saved at a03c0000, retrievable via norz or similar dumpers. Not that secpacks even matter anymore. |
||
== Unlocking == |
== Unlocking == |
||
| + | BootNeuter gives you the option to unlock your 1.1.4 or 2.0 (on first generation iPhones) baseband. The bootloader will need to be neutered for unlocking. |
||
| − | |||
| − | BootNeuter gives you the option to unlock your 1.1.4 or 2.0 1G baseband. An unlocked baseband is patched, and would normally fail the integrity check done by the bootloader on recent firmware releases. The anySIM app written by gray forges the token in the baseband, which will trick 3.9BL but not 4.6BL. With a neutered phone, the integrity check is skipped completely. So now you can run recent firmware releases with a 4.6BL even if you've unlocked your baseband! |
||
A neutered bootloader will let you use bbupdater on modified ICE*.fls files, so now you don't even need a separate app to unlock. As discussed on the simple_unlock page, you can now unlock the baseband before it even gets put on your iPhone! |
A neutered bootloader will let you use bbupdater on modified ICE*.fls files, so now you don't even need a separate app to unlock. As discussed on the simple_unlock page, you can now unlock the baseband before it even gets put on your iPhone! |
||
== Bootloader Version == |
== Bootloader Version == |
||
| + | BootNeuter is able to switch your first generation iPhone's bootloader between 3.9 or 4.6 at will. If your iPhone got onto bootloader 3.8, BootNeuter can upgrade it. As easy as BootNeuter makes bootloader flashing, you should still only switch versions as necessary. |
||
| + | == FakeBlank == |
||
| − | If you found yourself downgraded to 3.9BL (without your consent) by running buggy software, the iPhone Dev Team comes to the rescue. With BootNeuter you can freely go back and forth between bootloader versions. Now you can truly restore your iPhone to its out-of-box condition. |
||
| + | A FakeBlank bootloader allows for iPhone hackers to be able to run serial payloads directly at S-Gold reboot time. If BootNeuter detects that your iPhone is currently fakeblanked, it will do all of its bootloader operations via serial payload and won't need to erase/reprogram the baseband to make bootloader changes. If you don't know what FakeBlank means, you probably should leave it off when using BootNeuter. |
||
| − | |||
| − | == Fakeblank == |
||
| − | |||
| − | For iPhone hackers who want to be able to run serial payloads directly at S-Gold reboot time, BootNeuter lets you choose a fakeblank bootloader. If BootNeuter detects that your iPhone is currently fakeblanked, it will do all of its bootloader operations via serial payload and won't need to erase/reprogram the baseband to make bootloader changes. If you don't know what FakeBlank means, you probably should leave it off when using BootNeuter. |
||
== Credits == |
== Credits == |
||
MuscleNerd, gray, chris, wizdaz, planetbeing, and the entire iPhone Dev Team. Thanks to geohot for the extended secpack erase method for those with 4.6 bootloaders. |
MuscleNerd, gray, chris, wizdaz, planetbeing, and the entire iPhone Dev Team. Thanks to geohot for the extended secpack erase method for those with 4.6 bootloaders. |
||
| − | == |
+ | == Links == |
* [[http://wikee.iphwn.org/sgold_bootrom:bootneuter Official BootNeuter homepage]] |
* [[http://wikee.iphwn.org/sgold_bootrom:bootneuter Official BootNeuter homepage]] |
||
Revision as of 00:58, 29 July 2008
BootNeuter allows one to unlock their iPhone, "neuter" it, flash a Fakeblank bootloader, and flash the 3.9 or 4.6 bootloader image, regardless of the iPhone's bootloader version.
Neuter
A neutered bootloader has many restrictions placed by the bootloader removed. With a neutered bootloader:
- The baseband is no longer integrity-checked, so modifications (including unlocking) can be made.
- Secpack restrictions are removed
- You are free to downgrade your baseband using bbupdater without having to run ieraser/ienew first.
- No longer does the “greater than” (4.6BL) or “greater than or equal” (3.9BL) rule apply. You can arbitrarily go up and down regardless of what secpacks you use.
- Secpack signatures are ignored
- The RSA encrypted header is no longer checked for correct hash values by the bootloader
- The *.fls files can be patched and fed to bbupdater directly
- A copy of the last used secpack will be saved at a03c0000, retrievable via norz or similar dumpers. Not that secpacks even matter anymore.
Unlocking
BootNeuter gives you the option to unlock your 1.1.4 or 2.0 (on first generation iPhones) baseband. The bootloader will need to be neutered for unlocking.
A neutered bootloader will let you use bbupdater on modified ICE*.fls files, so now you don't even need a separate app to unlock. As discussed on the simple_unlock page, you can now unlock the baseband before it even gets put on your iPhone!
Bootloader Version
BootNeuter is able to switch your first generation iPhone's bootloader between 3.9 or 4.6 at will. If your iPhone got onto bootloader 3.8, BootNeuter can upgrade it. As easy as BootNeuter makes bootloader flashing, you should still only switch versions as necessary.
FakeBlank
A FakeBlank bootloader allows for iPhone hackers to be able to run serial payloads directly at S-Gold reboot time. If BootNeuter detects that your iPhone is currently fakeblanked, it will do all of its bootloader operations via serial payload and won't need to erase/reprogram the baseband to make bootloader changes. If you don't know what FakeBlank means, you probably should leave it off when using BootNeuter.
Credits
MuscleNerd, gray, chris, wizdaz, planetbeing, and the entire iPhone Dev Team. Thanks to geohot for the extended secpack erase method for those with 4.6 bootloaders.
