Talk:Preventing Baseband Update

From The iPhone Wiki
Revision as of 12:09, 16 January 2011 by Liamchat (talk | contribs) (No success)
Jump to: navigation, search

No success

I tried this and it didn't work. I used an iPhone 4 with firmware 4.1 and baseband 1.59.00, trying to upgrade it to stock firmware 4.2.1, preserving the baseband.

One thing that was unclear is the plist edit. There was another entry SystemPartitionSyize=1024(integer) (<key>SystemPartitionSize</key><integer>1024</integer>). It was not clear if this should be removed or not. I tried both.

To reencrypt, it used the command

xpwntool 038-0032-002_modified.dmg 038-0032-002_reencrypted.dmg -t 038-0032-002_original.dmg -k 06849aead2e9a6ca8a82c3929bad5c2368942e3681a3d5751720d2aacf0694c0 -iv 9b20ae16bebf4cf1b9101374c3ab0095

With key and iv from here (must be correct, otherwise decryption wouldn't have worked). Then rename 038-0032-002_reencrypted.dmg to original name and back into the ipsw.

To prepare for custom firmware flashing, I used redsn0w 0.9.6b4, reading initial 4.1 firmware.

Without the SystemPartitionSize, I received an iTunes unknown error 46 when it started to flash. With the SystemPartitionSize it went a few seconds longer and I got iTunes error 14.

Anything I am doing wrong? Did anybody else complete this successfully? Or was this just a joke? --http 03:14, 29 November 2010 (UTC)

well what ipsw did you restore to because restored will signature check the root filesystem after ASR but the SystemPartitionSize should be replaced with <key>SystemImage</key> <false/> if you dont want to update the root partition --liamchat 16:06, 29 November 2010 (UTC)
ipsw: 4.2.1 as I said. Why should I not update the root partition? The goal is to upgrade firmware from 4.1 to 4.2.1, without updating the baseband. Did you do this and were successful? --http 19:40, 29 November 2010 (UTC)
why are you using the original file as a template --liamchat 23:02, 29 November 2010 (UTC)
Because xpwntool says so. Is that wrong? --http 23:17, 29 November 2010 (UTC)
it is optional if you want to the code just says create an abstract copy of template if has key --liamchat 23:30, 29 November 2010 (UTC)
Are you guessing? Did you ever try all this? If yes: Did it work for you? If no: no guessing please and better no answer in that case. Thanks. --http 00:48, 30 November 2010 (UTC)
when you used xpwn did it output
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8
img3.c:createAbstractFileFromImg3:645: d65fdeb907a78562210697cf5e57bcaefde672d1a64fda4ec7d1da9df9c6502d23cd01d17ccb0f60b3bdcce154216af8
--liamchat 10:45, 30 November 2010 (UTC)
I don't have MUCH experience with this, but I assume that since you've got yourself a modded ramdisk, you have to pwn the bootstrapper iBEC and the other fw parts, as in pwnagetool. --dra1nerdrake 01:24, 30 November 2010 (UTC)
well no because if he see's the apple logo and the empty bar that is in the ramdisk --liamchat 08:29, 30 November 2010 (UTC)
Step 7 should take care of that. I used redsn0w to prepare. --http 08:49, 30 November 2010 (UTC)

It works. restored checks the plist and skips BB update if the option is set to false. Now are you saying that your hand-made ipsw failed the restore process or that your BB was in fact updated? --Msft.guy 03:59, 7 December 2010 (UTC)

Just to confirm: all those that are claiming it doesn't work are patching the correct ramdisk right? Some people are talking about the restore ramdisk then mentioning updates?? Surely if you want to prevent update when updating software you need to patch the update ramdisk and in the same way for restores patch the restore ramdisk? I'm sure this isn't happening but I thought it right to check to rule it out as a possibility -- blackthund3r 06:20, 7 December 2010 (UTC)

I never said it cannot work. For me it just didn't restore (as mentioned). But even if it would restore: how do you get around the new baseband version check? Nothing mentioned about that. --http 07:52, 7 December 2010 (UTC)
i thought the check was in the restore ramdisk not the kernelcache i checked the kernal's memory and saw no running process that can check the baseband version --liamchat 19:22, 7 December 2010 (UTC)
confirmed there is no check on ios it is in the ramdisk --liamchat 22:26, 18 December 2010 (UTC)
Is there currently any way to bypass the check? or is it done by setting UpdateBaseband to false? iPad 3Gs cannot downgrade from 4.3 to 4.2.1 and get stuck in a recovery loop even after being kicked out of recovery mode. LIV2 11:23, 16 January 2011 (UTC)
what error did you get when you restored --liamchat 12:09, 16 January 2011 (UTC)

merge all ipsw modifications

Shuld all pages that describe how to make changes to the restore process be merged into one page --liamchat 23:02, 29 November 2010 (UTC)

deletion request

there are 2 point's i am going to make

The ONLY thing you should do to skip a BB update is to set UpdateBaseband to false, don't change anything else. To just flash NOR you have do disable baseband and rootfs, I don't really know the proper way to disable it but there's more than what's listed on the nor-only page. --Ryccardo 21:33, 6 December 2010 (UTC)
i actually would patch restored ( the files are checked before they are flashed and SHSHed ) or replace it with restored_pwn but that is the way apple does it with the recovery ipsw for the S5L8900 --liamchat 19:22, 7 December 2010 (UTC)

Errors :(

There were some errors in this article. Sorry! I edited it and there should be no problems now.PwnageTool & sn0wbreeze use this method. --Whiteshinyapple

Thanks for updating. But actually I cannot see any difference to your original article, except that you mention to not change existing values in the plist. My open questions are:
  • Any idea what I should have made wrong from my description above?
  • Did you or anybody else ever tried this successfully? I always hear that it "should work", but nobody confirmed it by doing so.
  • As far as I know do PwnageTool & sn0wbreeze not support iOS 4.2.1 yet.
  • I can see that by this method the baseband won't get updated. But you can achieve this also by pointing your hosts file to Cydia Server. But how would this solve the problem to boot the device as of the new bb check?

BTW, this still won't work with original IPSW. Pwned DFU mode doesn't patch sigchecks in iBSS, so the ramdisk won't load. You need to load patched iBSS/iBEC for this to work. --Msft.guy 14:11, 7 December 2010 (UTC)

also i added the swap ramdisk because that was confirmed to work this baseband check is only in the restore ramdisk and there are no differences between the update and restore ramdisk and strangely the ramdisk mounts and the progress bar appears --liamchat 19:22, 7 December 2010 (UTC)
TinyUmbrella uses a different method to prevent baseband update afaik.And could someone add on how to swap ramdisks. --Whiteshinyapple
i added how to use TinyUmbrella but it will not work untill someone start's to save update SHSH so until this is fixed i will teach people how to swap ramdisk's --liamchat 16:11, 8 December 2010 (UTC)
[1] the check is only on the restore ramdisk --liamchat 17:22, 9 December 2010 (UTC)