Hello,

I see a lot of confusion recently about various software components inside the iPhone. Here is a small glossary that could help out some people actually understand what we are talking about here:


The iPhone is a small computer with two processors, some RAM and some eraseable FLASH for long-term storage (the 8GB of storage).

ARM Core: This is the processor used to run the Operating System (the OS), which is a scaled down version of MAC OS X. The job of the OS is as a general manager of the phone's resources (RAM, FLASH, Baseband, etc...) , as well as overview the concurrent running of the phone's applications.

Baseband: This is the processor that manages all the functions which need an antenna. The GSM phone, as well as the WiFi and bluetooth are all under the control of the baseband processor. The baseband processor has its own RAM and FLASH resources, separate from the ARM core resources. The baseband processor is a resource to the OS.

Boot Loader: This is a (normally) very small program in non-volatile memory (can be FLASH, often is un-eraseable) that 'bootstraps' a processor startup and calls the main (usually much larger) program. The boot loaderhas also the responsibility to provide a protocol for obtaining and storing an updated version of the main program. Normally, the boot loader changes very rarely, as there is no need to. It is the main program that gets upgraded, not the boot loader. Also, if something happens during the update of the main program, the boot loader will always be there to save you and restore the main program with a good one. However, when you update the boot loader, if anything bad happens, then you have no more boot loader, which means that the processor will not restart at all. A Brick.

Question: how are bootloaders first programmed into the system? The answer is left as an exercise to the student... :)

The ARM core processor has its own bootloader for restoring the OS, which implements the so-called <DFU mode>.

The Baseband processor also has its own boot loader too. That boot loader is a lot more hardened with crypto protection, and will not normally let you update the baseband program with one that is not digitally signed with the special Infineon crypto key. Infineon are the makers of the baseband processor. However, there is a bug in version 3.9 of the baseband bootloader that enables re-programming the baseband even with a version that has the wrong crypto signature. Thus, with a 3.9 boot loader, anything is possible.

However, with the new 4.x bootloader, the backdoor has been closed and we are back to square one: any update to the baseband must be cryptographically signed with the correct signature. That is why no unlock is possible at the moment.

Now, finding the key is next to impossible. For the unlock to work, some people must find a new crack in the bootloader, a new backdoor. Considering that Apple must have put quite a bit of pressure on Infineon in order to have a well protected bootloader this time, I would tend to think that it might take some time before a crack is actually found.

Time will tell.

WHAT HAPPENS WHEN I UPGRADE:

When you upgrade (or restore), the OS will be changed to whatever version you want (1.0.2, 1.1.1, 1.1.2) , however the baseband bootloader will only allow baseband firmware updates UP in the version chain. Never down. Moreover, the bootloader itself is not upgraded or changed in any way (that would be quite daring to do for Apple). Which is why when you restore a UK phone from 1.1.2 to 1.1.1 you still have the new 4.02.13 baseband firmware and bootloader 4.x. It is UNLOCKABLE at the moment. And which is also why you can restore from an original 1.1.1 US phone (with bootloader 3.x) to 1.1.2 (it then has baseband 4.02.13, but still bootloader 3.x), then restore down to 1.0.2 and unlock the baseband 4.02.13 (because bootloader 3.x has backdoor and allows unlock) and then can re-upgrade all the way up to 1.1.2 (only the OS changes, the 4.02 baseband firmware is already there and does not get updated, it is already at highest version, thus it stays unlocked).

Since it is very unlikely that the old 3.9 boot loaders will ever be upgraded via software, and also it is unlikely that a backdoor will be found in the 4.x bootloader, I would tend to think that the market value of iPhones with the 3.9 bootloaders should become much higher very soon...

I hope this helps understand a bit more...

I added a link to this to the iPhone Status Ticker.

http://docs.google.com/Doc?id=dgzw9xs_0gfhxns

this is bad news.. basically its unhackable bootloader? soo how will the hacker devlop an crack ver for it? since its unhackable...as u said the bak door is been close down and no loose string for hackers could trace MY IPHONE IS DOOMMED!!! dammit stupid UK bootloader 4.x!!

Urghhh!!!


I got 5 OTB/1.1.2/wk 45/bl 4.6!


Patiently waiting for a solution!!

Very sobering write up....

New Booter is unbreakable at this point then.

Now.... my friend just got a 1.12 iphone from US apple.com,

how can he check the booter version? If it still 3.9, then he still stand for a chance.

how can I check the bootloader version of my iphone?

This is an excellent explanation of the inner workings of the iPhone. If more people wrote/read posts like this, we would have far fewer pointless posts. I was actually wondering for a while now if Apple would upgrade the bootloader through iTunes. You make a good case for them not doing so, and appear to be right since the upgrade to 1.1.2 hasn't changed the bootloader.

bbupdater -v

or via minicom

O RYLY??

just look at the posts between the OP's and your post