Difference between revisions of "PMB8878"

This is the baseband processor used in the iPhone 3G. It is upgraded with BBUpdaterExtreme. It is also known as the PMB8878

Datasheet

Anyone got one? Infineon provides this, which isn't really useful.

Memory Map

 FLASH      0x20000000 0x1000000
 CODE       0x20000000   0x40000 0b0010(bootstrapper)
 CODE       0x20040000  0xDC0000 0b0100(main firmware)
 FFS        0x20A00000  0x100000 0b1100(empty)
 DYNFFS     0x20A00000  0x100000 0b1100(empty)
 FFS        0x20B00000   0x40000 0b1011(empty)
 DYN_EEP    0x20E40000   0x80000 0b0110
 SECPACK    0x20EC0000   0x40000
 SECZONE    0x20F80000   0x40000
 STATIC_EEP 0x20FC0000   0x40000 0b0111
 RAM        0x40000000  0x800000

MMU relocation table

Bootloader

Firmware

Complete memory dump

0x00000000-0x0001FFFF

0x20000000-0x20FFFFFF

0x40000000-0x407FFFFF

0xFFFF0000-0xFFFFFFFF

Known Firmware Versions

 1.43.00    2.0 (Build 5A331 - Internal Beta)
 1.45.00    2.0 (Build 5A347 - Gold Master)
 1.48.02    2.0.1(Build 5B108)
 2.04.03    2.1 (Build 5F90)
 2.08.01    2.0.2 (Build 5C1)
 2.11.07    2.1 (Build 5F136)
 2.28.00    2.2 (Build 5G77)

Accessing Interactive Mode

Interactive mode isn't accessed by sending characters to the baseband. Instead a GPIO pin is raised with a kernel call to preupdate reset.

result = IOConnectCallScalarMethod(conn, 0, 0, 0, 0, 0);	//reset
result = IOConnectCallScalarMethod(conn, 1, 0, 0, 0, 0);	//power set
result = IOConnectCallScalarMethod(conn, 2, 0, 0, 0, 0);	//configuring mux
result = IOConnectCallScalarMethod(conn, 7, 0, 0, 0, 0);	//powercycle
result = IOConnectCallScalarMethod(conn, 8, 0, 0, 0, 0);	//preupdate reset