Preventing Baseband Update

From The iPhone Wiki
Revision as of 15:54, 16 January 2011 by Liamchat (talk | contribs)
Jump to: navigation, search

official apple way

inside the ramdisk there is a plist read by restored defining the things that are updated during a restore or update.

Edit options.plist

  1. Unpack custom IPSW
  2. Decrypt Restore Ramdisk using xpwntool and mount it
  3. Navigate to /usr/local/share/restore
  4. Edit options.plist on the restore ramdisk

(Ignore any other settings specified in the plist, don't edit them)

  1. Reencrypt the restore ramdisk
  2. Repack the IPSW
  3. Prepare device for custom firmware using redsn0w
  4. Restore IPSW to iTunes in pwned DFU Mode

You must load a patched iBSS/iBEC for this to work. Using an original IPSW will not work, because redsn0w's pwned DFU Mode doesn't patch sigchecks in iBSS (which is loaded from the IPSW).

this process has being automated into some of the unofficial bundles out there.

TinyUmbrella/Cydia Method (iPhone 4)

The iPhone 4 requires a AT+NONCE key signature from Apple in order to update the baseband. Pointing the hosts file to Cydia Server or running TinyUmbrella will allow this request for signature to be ignored, thus preventing a baseband update.

  • This only works if Cydia/TinyUmbrella accepts the firmware's SHSH.
  • This method 'works' with iOS 4.2.1, but in the restore ramdisk there is a baseband version check. If it doesn't match, it will crash before the Apple logo with the loading bar (the 2nd one, not the restore one) appears. It will boot and crash again. The usual 'Kick out of recovery mode' methods or "setenv auto-boot true" won't work, because it's not the problem that the auto-boot is false. So this method is actually not useful for iOS 4.2.1.
  1. Edit the hosts file and add the line "" without the quotes, or run TinyUmbrella after saving the firmware's SHSH. If Cydia Server hasn't got your SHSH, but you have it locally, use TSS Server method in TinyUmbrella.
  2. Delete the .bbfw file in the firmware. Rename the IPSW to ZIP, open it and then go to the "firmware" folder. There you can see a .bbfw file, which means baseband firmware. The name gives you information about the baseband version and the Baseband BootLoader. Delete the .bbfw file and ZIP the firmware files (ZIP everything in the folder, don't ZIP the folder itself). Then you can restore to this. You will get error 11. This will only work up to iOS 4.1. If you do this on a newer version than iOS 4.1, your iPhone won't boot (see the text above).
  3. Use the "Restore" button in iTunes to update. you will get error 1013 on 4.2.1 when trying to restore thought the restore ramdisk
  4. If downgrading from a later firmware to a firmware that performs baseband checks, you will get error 1015. The only way to bypass this is to either update to the firmware version that matches your baseband version or downgrade (if possible) to an earlier firmware that doesn't perform the baseband version checks.

iH8Sn0w's Method

User IH8sn0w mentioned a new method in this tweet (an upgrade-only option in Sn0wbreeze). He confirmed that his method is not the same as the above mentioned methods. To get more details, someone would have to compare the generated ipsw content.

iTunes Update Method (iPhone 4)

A variant of the TinyUmbrella method which exploits the lack of baseband version checks on the update ramdisk. [1] Just shift+click (Windows) or Option+click (Mac) the !Update! button in iTunes after switching to a non-Apple TSS server and exit recovery mode after the update fails