I'm guessing no since no one has offered this solution yet, but I'm wondering why this isn't possible.

I would imagine the bootloader is hardware specific such as an eprom chip and not an eeprom chip. ( eprom cannot be re-written on, where as eeprom can.) A reason such as this might be why the bootloader is unchangable.

Originally Posted by wildonrio

I'm guessing no since no one has offered this solution yet, but I'm wondering why this isn't possible.

The bootloader is like the arrow of time...always flowing in one direction, cause always occurs before the effect and so on. The bL can up UPGRADED but not DOWN. And since all the previous FW versions would be considered a downgrade- yaap...you got it...it isnt possible!

mobman, sorry if I didnt understand what you said, but as far as I know, the bootloader cannot be upgraded (I mean, Apple can make as many new bootloaders as they want, but we cannot upgrade 3.9 to 4.6, so the bl can not be updraded, am I wrong ? Correct me if so

Also, a bl downgraded is less likely right now, I bet a crack on new bootloader is what ppl expect, and its what Dev Team is working on... ( I hope so )

The bootloader is digitally signed and can only be changed for another properly signed and versioned bootloader. And as we don't have the key to sign it, then we can´t change it.

Originally Posted by Sesheron

I would imagine the bootloader is hardware specific such as an eprom chip and not an eeprom chip. ( eprom cannot be re-written on, where as eeprom can.) A reason such as this might be why the bootloader is unchangable.

Oh... I really want to know the internal hardware spec of iphone is using eprom or eeprom!! If eprom is the case, then no one can change the bootloader except that we open up the iphone physically and replace the chips.

Really it's a bad news for me... I hv one OTB US iphone 1.1.2 on my desk and
i wanna cry now... please..don't be eprom chip.....

Originally Posted by ericeric

Oh... I really want to know the internal hardware spec of iphone is using eprom or eeprom!!

The apple bootloader resides in neither eprom nor eeprom. It is in an Intel W18 NOR flash. It can be rewritten, but only by code executing on the baseband CPU (which is connected directly to the NOR on chip select 0).

Originally Posted by MuscleNerd

It can be rewritten, but only by code executing on the baseband CPU (which is connected directly to the NOR on chip select 0).

So, it means that there's only 2 ways?
1. Find a hole in bootloader to rewrite the baseband (which they already did in 3.9)
2. Find a hole in baseband to allow rewriting of bootloader, which has more risk

But would the 2nd way possible?

Just an imagination and idea
Heard about the new method for Dumping patched OS into a PSP?
using the special battery to initialize the self-made bootloader to launch a
program in memory stick in order to dump a cracked OS into the PSP flash memory

If we can do the similar thing in an iphone with 4.x bootloader, that may be what we call the 2nd way.

Originally Posted by ericeric

Oh... I really want to know the internal hardware spec of iphone is using eprom or eeprom!! If eprom is the case, then no one can change the bootloader except that we open up the iphone physically and replace the chips.

Really it's a bad news for me... I hv one OTB US iphone 1.1.2 on my desk and
i wanna cry now... please..don't be eprom chip.....

Hi Eric, i can confirm that ut is eeprom and not eprom.

Guys, i want you's to have a look at the following images, these are screenshots taken of IDA Pro Disassembler reverse engineering bbupdater:





As you can CLEARLY see here, bbupdater has the ability to reflash the bootloader. It uses the comand "-l" to flas a bootloader fls file.

If, we can find a way to erase the bootloader with a program such as ieraser, we could then reflash the old bootloader fls file to the phones using bbupdater.

The major problem with this is if you mess with the bootloader and something goes wrong, your phone is bricked asn since we donet know EXACTLY how bbupdater implements the -l command and reflashes the bootloader, it would be VERY risky to attempt to erase the bootloader and reflash and old one.

I just posted these images to prove that a bootloader downgrade IS possible, but hopefully when we get the dump of the new bootloader we will be able to find an exploit and not have to risk a bootloader downgrade!!