Page 1 of 11 12345678910 ... LastLast
Results 1 to 10 of 101
Discuss [NOR] 3.9 with bootrom locations blank at the iPhone "2G" (Rev. 1) - Hackint0sh.org; Would anyone happen to have a 3.9 NOR with the bootrom locations blank - and ...
  1. #1
    Professional Array

    Join Date
    Dec 2007
    Location
    Tucson, AZ
    Posts
    51
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default [NOR] 3.9 with bootrom locations blank

    Would anyone happen to have a 3.9 NOR with the bootrom locations blank - and working properly? The bootrom locations are easy enough to blank in a hex editor, but unfortunately, one of the 4 locations is an LDR instruction, so you can't blank it. If you do blank it I believe the baseband firmware will not boot. So you need to patch it to work around that instruction. I was just wondering if that already exists, before I spend much time disassembling it and patching it.

    aCujo



  2. #2
    Senior Professional Array

    Join Date
    Dec 2007
    Posts
    352
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    was also looking in to this this morning and asking my self same question, but well probably only geohot/dev team have something like that... i would be also interested in having this, since i know if ill try to do it my self ill screw up for sure and sadly this is not something repariable and you dont have multiple trys to get it right...

  3. #3
    Senior Professional Array

    Join Date
    Oct 2007
    Posts
    218
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    17

    Default

    what could such a file be used to?

  4. #4
    Senior Professional Array

    Join Date
    Dec 2007
    Posts
    352
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    Quote Originally Posted by protoZ_dk View Post
    what could such a file be used to?
    for software downgrade from 4.6 to 3.9, so you can eventualy also upgrade back software way... and ofc 1 more thing for zibri to leech

  5. #5
    Professional Array

    Join Date
    Dec 2007
    Location
    Tucson, AZ
    Posts
    51
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default

    Nah, you get tons of tries As many as you want, actually. Just keep your flash blank, and the bootrom locations blank.

    If you have a blank flash and forget to blank a bootrom location (as I did), you can always use the A17 testpoint. I had to do that several times last night. If you have the bootrom locations blank, there's no need for a testpoint.

    aCujo


  6. #6
    Senior Professional Array

    Join Date
    Oct 2007
    Posts
    218
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    17

    Default

    Quote Originally Posted by SoLoR View Post
    for software downgrade from 4.6 to 3.9, so you can eventualy also upgrade back software way... and ofc 1 more thing for zibri to leech
    Haha true

    But doesnt Zibri allready have that since his ziphone can downgrade to 3.6. Or is that done in another way via som GeoHot fun he snapped?

  7. #7
    Senior Professional Array

    Join Date
    Dec 2007
    Posts
    352
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    Quote Originally Posted by protoZ_dk View Post
    Haha true

    But doesnt Zibri allready have that since his ziphone can downgrade to 3.6. Or is that done in another way via som GeoHot fun he snapped?
    nah ziphone is using original 3.9BL nor (checked this morning), this would be original 3.9BL with bootrom locations blank (aka modifyed slightly). Bootrom locations are 4 different offsets, 4bytes long in bootloader nor and well... you cant just blank them, since at some locations actual bootloader code is there. Need to change code 1st

  8. #8
    Senior Professional Array

    Join Date
    Oct 2007
    Posts
    218
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    17

    Default

    I'm beliving you, as I have no idea about it myself

    Have sent you a pm regarding a problem. Hope you can / will help if you have a suggestion

  9. #9
    Senior Professional Array

    Join Date
    Aug 2007
    Location
    Brasil
    Posts
    111
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    aCujo,

    I have made before the same experiment and the bb indeed didnt't boot.
    Clearing the bootlocs is easy.
    So I'm trying to dissasemble the bl/bb system in IDA, but i cant`t propely disassembly it. I choose the entry point as 0x3c but it does not work!
    Any help on this so I can also help?

  10. #10
    iPhone DevTeam Array

    Join Date
    Aug 2007
    Location
    Always sunny Los Angeles, California
    Posts
    421
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Hi,

    We've released a set of patches (36 bytes total) to do this, over on the Dev wiki

    The 3.9fakeblank bootloader boots normally but if you give the bootrom a serial payload, it will run that instead.


 

 
Page 1 of 11 12345678910 ... LastLast

Similar Threads

  1. Blank IMEI,Blank ICCID - Please help
    By ramb0 in forum iPhone "2G" (Rev. 1)
    Replies: 9
    Last Post: 09-13-2009, 07:30 PM
  2. 2G FW 2.2.1 blank baseband, blank imei
    By peter3334 in forum General
    Replies: 15
    Last Post: 04-28-2009, 06:04 PM
  3. [Locations] can't refresh webcams
    By burdell1 in forum Free Toolchain Software (Cydia App's)
    Replies: 1
    Last Post: 05-08-2008, 03:00 AM
  4. [gbootloader] "bootrom loc 1 not blank" error
    By Natron in forum iPhone "2G" (Rev. 1)
    Replies: 2
    Last Post: 05-03-2008, 09:48 PM
  5. Using 'Locations', a bit differently?
    By xMemphisx in forum General
    Replies: 1
    Last Post: 02-01-2008, 05:41 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 05:44 AM.
twitter, follow us!