Difference between revisions of "Preventing Baseband Update"

From The iPhone Wiki
Jump to: navigation, search
(TinyUmbrella/Cydia Method for iPhone 4 (Doesnt work on iOS 4.2.1))
(New method by iH8sn0w and some formatting)
Line 1: Line 1:
==Step 1: Swap Ramdisks==
+
==Swap Ramdisks Method==
  +
===Step 1: Swap Ramdisks===
 
Open the IPSW (with your favorite ZIP utility). Replace the [[Restore Ramdisk]] and the [[Update Ramdisk]] names with each other.
 
Open the IPSW (with your favorite ZIP utility). Replace the [[Restore Ramdisk]] and the [[Update Ramdisk]] names with each other.
   
== Step 2: Edit options.plist ==
+
===Step 2: Edit options.plist===
 
# Unpack custom IPSW
 
# Unpack custom IPSW
 
# Decrypt Restore Ramdisk using [[xpwntool]] and mount it
 
# Decrypt Restore Ramdisk using [[xpwntool]] and mount it
Line 31: Line 32:
 
# Edit the hosts file and add the line "74.208.10.249 gs.apple.com" without the quotes, or run [[TinyUmbrella]] after saving the firmware's SHSH. If [[Cydia Server]] hasn't got your [[SHSH]], but you have it locally, use TSS Server method in [[TinyUmbrella]].
 
# Edit the hosts file and add the line "74.208.10.249 gs.apple.com" without the quotes, or run [[TinyUmbrella]] after saving the firmware's SHSH. If [[Cydia Server]] hasn't got your [[SHSH]], but you have it locally, use TSS Server method in [[TinyUmbrella]].
 
# Use the "Restore" button in [[iTunes]] to update. you will get error 1013 on 4.2.1 when trying to restore thought the restore ramdisk
 
# Use the "Restore" button in [[iTunes]] to update. you will get error 1013 on 4.2.1 when trying to restore thought the restore ramdisk
  +
  +
==[[User:Ih8sn0w|IH8sn0w]] Method==
  +
User [[User:Ih8sn0w|IH8sn0w]] mentioned a new method in [http://twitter.com/iH8sn0w/status/19249886721478656 this tweet] (an upgrade-only option in [[Sn0wbreeze]]). [http://twitter.com/iH8sn0w/status/19453808090288128 He confirmed] that his method is not the same as the above mentioned methods. To get more details, someone would have to compare the generated ipsw content.
   
 
[[Category:Baseband]]
 
[[Category:Baseband]]

Revision as of 14:58, 29 December 2010

Swap Ramdisks Method

Step 1: Swap Ramdisks

Open the IPSW (with your favorite ZIP utility). Replace the Restore Ramdisk and the Update Ramdisk names with each other.

Step 2: Edit options.plist

  1. Unpack custom IPSW
  2. Decrypt Restore Ramdisk using xpwntool and mount it
  3. Navigate to /usr/local/share/restore
  4. Edit options.plist on the restore ramdisk

(Ignore the SystemPartitionSize in your plist file and leave it)

	<key>UpdateBaseband</key>
        <false/>
  1. Reencrypt the restore ramdisk
  2. Repack the IPSW
  3. Prepare device for custom firmware using redsn0w
  4. Restore IPSW to iTunes in pwned DFU Mode

You must load a patched iBSS/iBEC for this to work. Using an original IPSW will not work, because redsn0w's pwned DFU Mode doesn't patch sigchecks in iBSS.

TinyUmbrella/Cydia Method for iPhone 4 (Doesnt work on iOS 4.2.1)

The iPhone 4 requires a AT+NONCE key signature from Apple in order to update the baseband. Pointing the hosts file to Cydia Server or running TinyUmbrella will allow this request for signature to be ignored, thus preventing a baseband update.

  • This only works if Cydia/TinyUmbrella accepts the firmware's SHSH.
  • This method also 'works' with iOS 4.2.1, but in the restore ramdisk there is a baseband version check. If it doesn't match, it will not boot. The usual 'Kick out of recovery mode' methods won't work, so this method is actually not useful for iOS 4.2.1.
  1. Edit the hosts file and add the line "74.208.10.249 gs.apple.com" without the quotes, or run TinyUmbrella after saving the firmware's SHSH. If Cydia Server hasn't got your SHSH, but you have it locally, use TSS Server method in TinyUmbrella.
  2. Use the "Restore" button in iTunes to update. you will get error 1013 on 4.2.1 when trying to restore thought the restore ramdisk

IH8sn0w Method

User IH8sn0w mentioned a new method in this tweet (an upgrade-only option in Sn0wbreeze). He confirmed that his method is not the same as the above mentioned methods. To get more details, someone would have to compare the generated ipsw content.