Talk:06.15.00

From The iPhone Wiki
Revision as of 10:45, 4 October 2011 by Itaiyz97 (talk | contribs) (moved Talk:6.15.00 to Talk:06.15.00: The real numbers of iOS basebands contain 2 digits before the first dot.)
Jump to: navigation, search

This has to be the best AppleFail yet, being able to use this on 3G/3GS... Iemit737 01:56, 29 November 2010 (UTC)

Install check

Why can this be installed on iPhone? I thought as of iOS4.2.1 there's a check for the bb version that must match the firmware. If a wrong (in this case higher) bb version is installed, then iOS doesn't boot. Or why does it boot now? And why can an old baseband be installed at all? Because the version number is higher and before iPhone 4 there was no certificate check? --http 00:16, 30 November 2010 (UTC)

The sig check for the baseband only determines if the baseband firmware is lower than what it should correspond to the iOS firmware then it prevents a successful boot sequence. However since the 3G/3GS use the X-Gold 608 chip it can be flashed to a higher Modem Firmware. By doing so it uses the chips own programming to be exploited using the recycled AT+XAPP injection vector. This however could easily be patched. Now that I answered your question maybe you can help me with this one. Since the iPad has no lock in the baseband why is Ultrasn0w even needed? Leobruh 03:57, 30 November 2010 (UTC)!
The unlock status doesn't reside in the baseband firmware; it's in the seczone. --Dialexio 04:24, 30 November 2010 (UTC)
So the baseband version check does not check for correct firmware version; it checks for "lower than correct" version. #epicfail --http 08:57, 30 November 2010 (UTC)
@Dialexio, so you still have to patch running memory with Ultrasn0w for the on-the-fly ram unlock?

@http, fail in it's biggest form. who knows how long we can use AT+XAPP. Leobruh 11:15, 30 November 2010 (UTC)!

Someone needs to write a baseband downgrader with this to allow normal restores again. And what really needs to be done is a bootloader downgrader, 5.8 FTW geohot 16:41, 30 November 2010 (UTC)

in the 25C3 presentation "Hacking the iPhone" MuscleNerd did say that the iphone 3g has fakeblank but it uses a hash to verify the bootloader and Fuzzyband_Downgrader does a good Baseband_Firmware downgrade --liamchat 17:08, 30 November 2010 (UTC)

@geohot, would the 5.8BL downgrade work on the 3GS because it uses X-Gold 5.8? but doesnt the bootloader get checked everytime by the baseband and vice-versa? another exploit like the one for the 3.6/4.9 for the 2G would be needed correct? Leobruh 17:59, 30 November 2010 (UTC)!

no the bootloader is now in rom so it cannot be overwritten and the old iphone 2g exploit's where used to bypass secpack restriction's allowing the modification of the bootloader and Firmware --liamchat 18:24, 30 November 2010 (UTC)
@Leobruh: Nope. All iPhone 3GS units have the X-Gold 608, but they have the newest baseband bootloader (6.4), which isn't susceptible to the baseband-downgrading exploit. Only very old iPhone 3G units have said exploit.
@Liamchat: To my knowledge, the bootloader does not reside in ROM; otherwise, it'd be considered (part of) the bootrom, no? ;) The X-Gold 608 bootrom does check the bootloader to ensure it's not modified, though. --Dialexio 19:42, 30 November 2010 (UTC)
it does say on paragraph 6 in the 25C3 presentation "Hacking the_iPhone"#Part 2: Baseband .28by_MuscleNerd.29 that the bootloader is not in nor and why does apple not update all devices to 6.4 preventing downgrade --liamchat 20:14, 30 November 2010 (UTC)
"the bootloader is alway's in the NOR" says otherwise. Apple never updates the bootloader in firmware updates because it's considered rather dangerous. --Dialexio 20:43, 30 November 2010 (UTC)