Results 1 to 7 of 7
Discuss NVRAM is a Misnomer at the iPhone "2G" (Rev. 1) - Hackint0sh.org; People frequently refer to "NVRAM". The baseband doesn't have any NVRAM, and everything (lockstate, IMEI, ...
  1. #1
    drg
    drg is offline
    Senior Professional Array

    Join Date
    Oct 2007
    Location
    Canada
    Posts
    479
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default NVRAM is a Misnomer

    People frequently refer to "NVRAM". The baseband doesn't have any NVRAM, and everything (lockstate, IMEI, NCK) is stored encrypted in the NOR at 0xA03FA000-0xA03FC000. The protected area of the baseband NOR which contains encrypted data relating to whether the phone is locked or not is the seczone.

    Source: http://code.google.com/p/iphone-elite/wiki/HowIPSFWorks



  2. #2
    Professional Array

    Join Date
    Sep 2007
    Posts
    62
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    for ages ive been trying to find out what exactly the NVRAM is and how IPSF corrupts it

  3. #3
    iPhone DevTeam Array

    Join Date
    Aug 2007
    Location
    Always sunny Los Angeles, California
    Posts
    421
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    IPSF doesn't corrupt the seczone, they "fix" it. They place inside of it the encrypted data that convinces the iPhone it's permanently unlocked (state 5, "unlocked and not lockable").

  4. #4
    drg
    drg is offline
    Senior Professional Array

    Join Date
    Oct 2007
    Location
    Canada
    Posts
    479
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by MuscleNerd View Post
    IPSF doesn't corrupt the seczone, they "fix" it. They place inside of it the encrypted data that convinces the iPhone it's permanently unlocked (state 5, "unlocked and not lockable").
    You are correct.

  5. #5
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    113
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    So, if IPSF "fixes" the seczone, they must write to it, correct? And, if the seczone is a protected area of the baseband NOR, then it follows that IPSF writes to the baseband.

    This sort of flies in the face of what most people believe what differentiates IPSF from the others, in that IPSF does not write to the bb. It could be the case, however, that IPSF does write to the bb, but only writes the exact same bits that were there before it went through its unlock process.


  6. #6
    Rookie Array

    Join Date
    Sep 2007
    Posts
    16
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    My understanding is that using IPSF results in a valid unlock token being written to the seczone, and since the seczone is valid it is left untouched during baseband updates. This is why iPhones IPSF unlocked via IPSF have remained unlocked with all current firmware updates (1.01/1.02/1.1.1).

    This is also why flashing the baseband will not result in the unlock count being reset, the seczone is never touched during the flash.

    I believe IPSF replaces the regular baseband to allow it to generate a valid unlock (which is generated on the server), and then once unlocked replaces the original baseband.

    It's very clever, and in my opinion it's extremely unlikely that there will ever be a firmware update that breaks IPSF as to do so would prevent iPhones ever being genuinely unlocked.

    A.

  7. #7
    drg
    drg is offline
    Senior Professional Array

    Join Date
    Oct 2007
    Location
    Canada
    Posts
    479
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by ajg1977 View Post
    My understanding is that using IPSF results in a valid unlock token being written to the seczone, and since the seczone is valid it is left untouched during baseband updates. This is why iPhones IPSF unlocked via IPSF have remained unlocked with all current firmware updates (1.01/1.02/1.1.1).

    This is also why flashing the baseband will not result in the unlock count being reset, the seczone is never touched during the flash.

    I believe IPSF replaces the regular baseband to allow it to generate a valid unlock (which is generated on the server), and then once unlocked replaces the original baseband.

    It's very clever, and in my opinion it's extremely unlikely that there will ever be a firmware update that breaks IPSF as to do so would prevent iPhones ever being genuinely unlocked.

    A.
    You are correct.

 

 

Similar Threads

  1. Replies: 9
    Last Post: 08-17-2011, 11:28 AM
  2. 3G nvram reset with openiboot?
    By seseberg in forum iPhone Linux (iDroid)
    Replies: 0
    Last Post: 03-19-2009, 06:30 PM
  3. Replies: 2
    Last Post: 01-29-2008, 10:17 PM
  4. NVRAM output neede!
    By semthex in forum AppleTV 1
    Replies: 1
    Last Post: 03-31-2007, 08:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 02:47 PM.
twitter, follow us!