Difference between revisions of "Talk:06.15.00"

From The iPhone Wiki
Jump to: navigation, search
m (Install check)
(no the bootloader is now in rom)
Line 16: Line 16:
   
 
@geohot, would the 5.8BL downgrade work on the 3GS because it uses X-Gold 5.8? but doesnt the bootloader get checked everytime by the baseband and vice-versa? another exploit like the one for the 3.6/4.9 for the 2G would be needed correct? [[User:Leobruh|Leobruh]] 17:59, 30 November 2010 (UTC)!
 
@geohot, would the 5.8BL downgrade work on the 3GS because it uses X-Gold 5.8? but doesnt the bootloader get checked everytime by the baseband and vice-versa? another exploit like the one for the 3.6/4.9 for the 2G would be needed correct? [[User:Leobruh|Leobruh]] 17:59, 30 November 2010 (UTC)!
  +
:no the [[Baseband_Bootloader|bootloader]] is now in rom so it cannot be overwritten and the old [[M68ap|iphone 2g]] exploit's where used to bypass [[secpack]] restriction's allowing the modification of the [Baseband_Bootloader|bootloader]] and [[Baseband_Firmware|Firmware]] --[[User:Liamchat|liamchat]] 18:24, 30 November 2010 (UTC)

Revision as of 18:24, 30 November 2010

This has to be the best AppleFail yet, being able to use this on 3G/3GS... Iemit737 01:56, 29 November 2010 (UTC)

Install check

Why can this be installed on iPhone? I thought as of iOS4.2.1 there's a check for the bb version that must match the firmware. If a wrong (in this case higher) bb version is installed, then iOS doesn't boot. Or why does it boot now? And why can an old baseband be installed at all? Because the version number is higher and before iPhone 4 there was no certificate check? --http 00:16, 30 November 2010 (UTC)

The sig check for the baseband only determines if the baseband firmware is lower than what it should correspond to the iOS firmware then it prevents a successful boot sequence. However since the 3G/3GS use the X-Gold 608 chip it can be flashed to a higher Modem Firmware. By doing so it uses the chips own programming to be exploited using the recycled AT+XAPP injection vector. This however could easily be patched. Now that I answered your question maybe you can help me with this one. Since the iPad has no lock in the baseband why is Ultrasn0w even needed? Leobruh 03:57, 30 November 2010 (UTC)!
The unlock status doesn't reside in the baseband firmware; it's in the seczone. --Dialexio 04:24, 30 November 2010 (UTC)
So the baseband version check does not check for correct firmware version; it checks for "lower than correct" version. #epicfail --http 08:57, 30 November 2010 (UTC)
@Dialexio, so you still have to patch running memory with Ultrasn0w for the on-the-fly ram unlock?

@http, fail in it's biggest form. who knows how long we can use AT+XAPP. Leobruh 11:15, 30 November 2010 (UTC)!

Someone needs to write a baseband downgrader with this to allow normal restores again. And what really needs to be done is a bootloader downgrader, 5.8 FTW geohot 16:41, 30 November 2010 (UTC)

in the 25C3_presentation_Hacking_the_iPhone MuscleNerd did say that the iphone 3g has fakeblank but it uses a hash to verify the bootloader and Fuzzyband_Downgrader does a good Baseband_Firmware downgrade --liamchat 17:08, 30 November 2010 (UTC)

@geohot, would the 5.8BL downgrade work on the 3GS because it uses X-Gold 5.8? but doesnt the bootloader get checked everytime by the baseband and vice-versa? another exploit like the one for the 3.6/4.9 for the 2G would be needed correct? Leobruh 17:59, 30 November 2010 (UTC)!

no the bootloader is now in rom so it cannot be overwritten and the old iphone 2g exploit's where used to bypass secpack restriction's allowing the modification of the [Baseband_Bootloader|bootloader]] and Firmware --liamchat 18:24, 30 November 2010 (UTC)