I don't know where to post this because it is both software and hardware.
Anyway, I just post in Software forum then.

This might fix a lot of bricked iphones. Your bricked iphone is sitting there anyway, so why not give this a try. You have nothing to lose.
If you have phone week 47th and later, you might not be able to downgrade to 1.0.2. So use 1.1.1 at your own risk.
Mine is week 47th though.

Make sure you read to the end of my post before starting.
Here is the link for the files needed: click here

For now, it is the only solution, so make sure you guys don't mess it up.
Like JSN1 said before, I am sure there is a way to do it with software method by trying to pass the checking version of baseband or bootloader and then using bootneuter to flash the bootloader. However, I can't find a way to patch bootneuter to by pass that step. Maybe the Dev Team could fix it in the future.
So the testpoint hardware method is the way to by pass everything in order to flash the bootloader.

I am sure most of you know how to put files into iphone without wifi, chmod, jailbreak, install BSD, terminal...blah..blah, so I won't write it long, but if you guys need I could write it in details later.

Here is the steps:
You need to open your phone for this method. But you can test by using software first to make sure if it is able to fix before open your phone.
I had 3.9 bootloader before I ran into the problem, but I think it will work with 4.6 too because this will flash the bootloader to 3.9 no matter what.

1. DFU restoring to 1.0.2 firmware twice to make sure your phone is working on 1.0.2. The reason with 1.0.2 because it is the safest firmware to do the hardware method I believe. Don't worry about 1011 error.
2. Use iLiberty+ to kick the phone out of recovery mode first. Then jailbreak, activate, install BSD, terminal. Terminal and BSD in iLiberty did not work well for me (I can't DL term-vt100 there), so I had to use iPlus payload files to put into iLiberty and make it work.
If you can't do launchctl unload and chmod files, your BSD had problem, you need to install a working one.
3. Now put those downgrade files to usr/bin
4. You need to test it first on the phone
- Do ienew (if you get stuck at "waiting for data", then keep going with this method)
- If you don't get stuck at "waiting for data" then try this thread: http://www.hackint0sh.org/forum/showthread.php?t=34713
5. Do iunew and you will get something like this:
# iunew
Resetting the Baseband...Done
Opened: /dev/tty.debug
iUnlocker: tool by geohot
uploads and runs testcode.bb in the same dir
uploads the nor image in "nor"
make sure your switch is on
thanks to iProof and lazyc0der for finding this method
thanks to the siemens guys for discovering it
and thanks to nightwatch for the awesome toolchain
Spamming AT, waiting for a response
Attempting to read[1]...c0
Connected established to bootrom
File size: 1608
Checksum: 0x37
Attempting to read[1]...c1
Attempting to read[3]...c1
Please connect the testpoint

6. If you get to "please connect the testpoint", then it is doable. Go to step 7.
If you stuck at Spamming AT forever, then you need to fix that first.
Here is the thread for fixing Spamming AT:
http://www.hackint0sh.org/forum/showthread.php?t=33566

7. Here is the hard part: testpoint
opening your iphone and doing the Testpoint is not easy for most people.
Click here for detail

8. In step 7, you will do the "sleep 20; iunew" and connect A to B by needle.
If you get the following, then congratulation:
# iunew
Resetting the Baseband...Done
Opened: /dev/tty.debug
iUnlocker: tool by geohot
uploads and runs testcode.bb in the same dir
uploads the nor image in "nor"
make sure your switch is on
thanks to iProof and lazyc0der for finding this method
thanks to the siemens guys for discovering it
and thanks to nightwatch for the awesome toolchain
Spamming AT, waiting for a response
Attempting to read[1]...c0
Connected established to bootrom
File size: 1608
Checksum: 0x37
Attempting to read[2]...c1
TESTPOINT WORKS: 55
Press any char, then hit enter after testpoint has been disconnected
x
Attempting to read[1]...54
Downloading modified nor...
Attempting to read[1]...45
Erased
Downloaded: 0
.....
Downloaded: 1FC00
Downloaded: 1FD00
Downloaded: 1FE00
Downloaded: 1FF00
Attempting to read[1]...44
run bbupdater -v and pray
if it worked, enjoy your unlocked iPhone!!!

9. Don't turn off your iphone yet:
you need to flash the baseband by bbupdater -f 111.fls -e 111.eep
Then do bbupdater -v to see if it works this time with 3.9 bootloader and baseband. The load CommCenter. Now you will get everything back except for WIFI. (Not sure on your case, but I didn't get my MAC number).

10. DFU Restore to 1.1.4, then jailbreak and unlock with your method, you will get everything back including Wifi.

Note: at some point, it will take awhile running the code, so when you see it is stuck somewhere, just wait a bit. If it stuck for 10 mins, then I don't know. This might not work for you.

Good luck to you guys!
If you have more question, feel free to ask.

Anybody try this?
could it be restored to 1.02?
I don't think so for most people.

@newwayaround,

Step #7. Click here for detail ...
Can you edit the post in put in the link ?

Hey Bro I Have Fixed Mine With That..but Better For Some Of Our Friends..
We Should Try Software Method..why Dont U Try Geohots Unlock Code For 1.1.2..he Has Given Source Coide Also..may Be It Can Help U..

Originally Posted by dtube

@newwayaround,

Step #7. Click here for detail ...
Can you edit the post in put in the link ?

Both links are edited. I copied my post from other thread and forgot to edit it.

+ For those that can't restore to 1.0.2 with problem "waiting for iphone"
You could try iBrick
Restore to 1.1.1 twice, kick out of recovery. Then use Ziphone to jailbreak and activate only,
Open iBrick, it will ask you to restore to 1.0.2.
then use iBrick to restore to 1.0.2 see if it works. It might be a risk. If anyone tried this before could let us know if it does work or not.

I will try this tomorrow
or the days to come.
I trust in this one.

hey friends i found one more info, when i tried geohots customized bootloader, its saying me no bootloader found..all the three phonee i have with error 1011, even tried by ilibertys boot loader flashing its been near abt 10 hours..its stuck on checking bootloader version..and at bootneuter its telling determining current settings..
anyone can guide me abt that so i can further work for software method..

As for now, those softwares that are available can only flash the bootloader if it can determine your baseband or your bootloader until someone could patch those software. Sorry, I don't have that much knowledge to patch them for you guys.
So in this case, the test point is the way to flash the bootloader to 3.9.

What I think is that you might not have to use 1.0.2. I think 1.1.4 should be fine too since the software can't determine the bootloader and the baseband in this case to reset.

Like I said, you could make a test on 1.1.4 before opening the phone. Try ienew and when you get stuck at waiting for data. Try iunew, if you get to "please connect the testpoint."
Then it might work.
Opening your phone is not as hard as many people think. Don't buy the famous tool from HongKong, it's not gonna work well. Use the swiss army tool or something similar, and phillips #00 screwdriver. It should do it.
Here is the video: click here
One thing is that you need to take out the sim tray first. You might make some dent on the back though. And be careful on the antenna cable (little white cable).aseband in this case to reset.

hey but alot of friends are suffering from this problem, i dont think so everyone will be able to dis assemble the phone and though they do, testpoint is hard enough..thats why i was seggesting any software method..i know for sure..if we will be able to flash bootloader 3.9 then it will be sorted out...help from anyone on the forum is appreciated!!

Hi there,

Firstly thanks for putting all this info up - very helpful.
I have the 1011 errors, same symptoms, no wifi, or baseband etc, I believe bootloader + baseband are corrupt.

All the normal tools see me stuck at "waiting for data.." or similar. bootloader upgrade/downgrades just hang.

Heres what i've done.

-DFU restore to 1.1.4 (it was 1.1.4 out of the box).
-jailbreak, activate & copied BSD,Terminal with iliberty.
-unloaded CommCenter & ran killall.
-uploaded & chmodded the files in your zip pack

ran ienew - got stuck at waiting for data...as you posted.

ran iunew, got the following :

connection established to bootrom
file size 1688
checksum 0xBF
Attempting to read[1]...c1
Did you erase the flash first?


And it aborts there.

I understand that ienew should do the erase, but that got stuck waiting for data.

At this point i figured maybe the files in your zip are no good for 1.1.4, as you were instructing to use 1.1.2. I have obtained the 1.1.4 secpack, .eep, & .fls files from George Zhu's blog page.

Started again, restore to 1.1.4 in DFU

same as above, but copied the 1.1.4 secpack & eep/fls files.

Same problem, ienew is waiting for data, iunew saying did I erase the flash first.

Tried copying over ieraser, that says I need a secpack matching my current firmware in the same folder ( it is) and then sticks at waiting for data. Im assuming this is what ienew runs anyway.


Any advice on how to get past the "did you erase flash" error? I've checked other resources for that error, and they pretty much just say ienew should do it.