Page 1 of 2 12 LastLast
Results 1 to 10 of 11
Discuss [1.1.3 OTB] What happens if... at the Hardware Unlock - Hackint0sh.org; What happens if we ran ienew in 1.1.3 baseband (4.9 b/l) did ienew erase baseband ...
  1. #1
    Senior Professional Array tramuyo's Avatar

    Join Date
    Aug 2007
    Posts
    227
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Question [1.1.3 OTB] What happens if...

    What happens if we ran ienew in 1.1.3 baseband (4.9 b/l) did ienew erase baseband or just screw up baseband?

    With 1.1.3 preinstalled OTB can we run iunew to "overwrite" bootloader area (well, it say "did u erase first?") but I think theres a way to erase it (screwing up?) baseband to write anything...


    Just a thought...



  2. #2
    Senior Professional Array smirkis's Avatar

    Join Date
    Dec 2007
    Posts
    361
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    no.

    basebands are weird and require a newer version to be available to be able to erase it. with u being on the newest one you can't do shit. don't know what'll happen if you erase it but it wont be pretty
    originally OTB 1.1.2 iPhone 4.6BL
    hActivated/Jailbroken/gUnlocked
    Tzones hacked
    T-Mobile USA

    now blackra1n'd 3.1.2

  3. #3
    Senior Professional Array tramuyo's Avatar

    Join Date
    Aug 2007
    Posts
    227
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    thank you for ur answer. Better i wont do that erase...

  4. #4
    Developer Array cosmoLV's Avatar

    Join Date
    Dec 2007
    Location
    Latvia
    Posts
    320
    Post Thanks / Like
    Downloads
    1
    Uploads
    0
    Rep Power
    23

    Default

    We need baseband source to write a baseband update manualy, before apple release.
    then we can do this faster
    [SIZE=2]Location: Latvia

    ---

  5. #5
    Newbie Array

    Join Date
    Jan 2008
    Posts
    9
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Thumbs up

    I think nothing will happens because with ienew(ieraser) you will try erase only bbfirmware and 1.1.3 FW needed to cheat BL to work (if secpack allows it; so nothing; you dont have 1)

    Secpack is like you know; a file that authorize baseband upgrading. Inside this short file is rsa crypted header where are hidden checks (signs) for validate BB firmware to update and not downgrade

    Geohotz A17 point cheats BL4.6 to check on one or two areas which we erased with ienew (0xFFFFFFFF) which contains "flash block locked" flag or similar.

    That address or addresses in NOR flash are readed, for example in 0xA0000020 and 0xA00003FF and our cheat increase adresses by 2^17(0x20000) and make points BL4.6 to check data in address 0xA0020020 and 0xA002003FF which was previously erased and means 0xFFFFFFFF no lock on that block... THAT EVIL BLOCK where is stored BL and new BL3.9 are flashed there.

    I think that mechanism Geohot uses to downgrade BL!

    So probably answer on your question is:
    you wil not erase anything cause you cannot validate (no secpac) updating of BBFirmware even on first step - ienew!
    maybe you fk a little yor 1.1.3 fw but you will not allowed to touch BB fw and BL

    :p


  6. #6
    Senior Professional Array ta_mobile's Avatar

    Join Date
    Sep 2007
    Location
    HaNoi - VietNam
    Posts
    120
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    23

    Default

    Quote Originally Posted by error1 View Post
    I think nothing will happens because with ienew(ieraser) you will try erase only bbfirmware and 1.1.3 FW needed to cheat BL to work (if secpack allows it; so nothing; you dont have 1)

    Secpack is like you know; a file that authorize baseband upgrading. Inside this short file is rsa crypted header where are hidden checks (signs) for validate BB firmware to update and not downgrade

    Geohotz A17 point cheats BL4.6 to check on one or two areas which we erased with ienew (0xFFFFFFFF) which contains "flash block locked" flag or similar.

    That address or addresses in NOR flash are readed, for example in 0xA0000020 and 0xA00003FF and our cheat increase adresses by 2^17(0x20000) and make points BL4.6 to check data in address 0xA0020020 and 0xA002003FF which was previously erased and means 0xFFFFFFFF no lock on that block... THAT EVIL BLOCK where is stored BL and new BL3.9 are flashed there.

    I think that mechanism Geohot uses to downgrade BL!

    So probably answer on your question is:
    you wil not erase anything cause you cannot validate (no secpac) updating of BBFirmware even on first step - ienew!
    maybe you fk a little yor 1.1.3 fw but you will not allowed to touch BB fw and BL

    :p
    exactly. If trying to erase 113otb, some address of bootlader will be FF but the whole can't touch.

  7. #7
    Newbie Array

    Join Date
    Jan 2008
    Posts
    9
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Oh my god , ta_mobile answered here

    Great work ta_mobile!!

    Im working in Hi-Tec fiber optics company so i understand that is difficult for "common" people desolder bga flashes or worst solder it back and check it x-ray or
    with ersa scope, but i have acces to all this.

    I know that you will not answer me in private or here but i want ask you here anyway:
    I dont think you have desoldered , reprogrammed and resoldered flash cause with your equipment what is shown in photo is impossible to do . Anyway what is suported programmer for Nor flash or tecnicaly how you do reprograming

    (or you have priv.a.t.e rsa k.e.y?)

    thanks and sorry if i asked too much
    Btw, you are GREAT!!!!

    a

  8. #8
    Rookie Array

    Join Date
    Dec 2007
    Posts
    12
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Hi,

    Do you think that's impossible to dessolder and solder a BGA with a hot air gun? You are only capable of doing that job with a UV Rework from ERSA?

    I have a rework from ERSA and it is a lot easier to rework BGA that with a Hot Air, but with both I can do the job.

    A supported programmer is some piece of device + ZIF socket adapter that can reprogram the flash chip, take a look at Xeltek, AEC, UP-48.... all of them can reprogram the flash.

    If TA_MOBILE could tell me/us where to errase and reprogram the flash, I would be very thankfull. If not I'll try to FULL dump other flash with older version and check where baseband is and to reprogram my flash IC.

    Regards,
    Skippy

    Quote Originally Posted by error1 View Post
    Oh my god , ta_mobile answered here

    Great work ta_mobile!!

    Im working in Hi-Tec fiber optics company so i understand that is difficult for "common" people desolder bga flashes or worst solder it back and check it x-ray or
    with ersa scope, but i have acces to all this.

    I know that you will not answer me in private or here but i want ask you here anyway:
    I dont think you have desoldered , reprogrammed and resoldered flash cause with your equipment what is shown in photo is impossible to do . Anyway what is suported programmer for Nor flash or tecnicaly how you do reprograming

    (or you have priv.a.t.e rsa k.e.y?)

    thanks and sorry if i asked too much
    Btw, you are GREAT!!!!

    a

  9. #9
    Professional Array

    Join Date
    Sep 2007
    Posts
    77
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    ta_mobile... did you find a bootrom that loads if the flash isn't working? of did someone give you key?

    when will your tell everyone... when secpack 1.1.4 comes out?

    Eric Jarvies

  10. #10
    Newbie Array

    Join Date
    Jan 2008
    Posts
    9
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    you are right ; i say that is very silly to do resoldering the chip back on main board with Hot Air because u must have luck to solder all balls and to center flash well.

    What i want to precise that is not impossible to do it with Hot Air station but unessessary hard to do.
    And also why then "keep secret"?
    I want only "provoke" Great ta_mobile gently to reply with;
    for example:
    "Haha, Be patient soon!"
    to give us hope that is some other method :p .

    Gogogogo ta_mobile !

    Quote Originally Posted by ta_mobile View Post
    First, Hello and sorry all !

    As I said, I did unlock sucessfully 1.1.3OTB full function with the fw 113 and the BB 4.03 also. Cos jailbreak for 1.1.3 released.

    But, the solution will not be released cos of it's so much risk and difficult with full equiped tools and skill. And I must keep it for the incomming firmware researching. What I can help the community, I did it. And pls dont buzz me with blabla share me solution or something like that.

    Be calm and wait. If u have problem with 1.1.3 being upgraded or 1.1.3OTB (bl 4.6) you can send me the comm board to repair it (sound impossible but this is the less i can help).



    Will upload some more pics of 113OTB with serial 8x80x for you to see. Just for fun.

    BR


 

 
Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 09:08 AM.
twitter, follow us!