Page 1 of 2 12 LastLast
Results 1 to 10 of 13
Discuss [3.1.3][Baseband] 7e18 > repair corrupted firmware tutorial request at the iPhone 3G - Hackint0sh.org; First let me thank everyone here and at Redmondpie for helping me figure out what ...
  1. #1
    Newbie Array

    Join Date
    Apr 2010
    Location
    Concord, CA
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default [3.1.3][Baseband] 7e18 > repair corrupted firmware tutorial request

    First let me thank everyone here and at Redmondpie for helping me figure out what my iPhone 3g 8GB 3.1.3 7e18 05.12.01 problem is.

    History:
    I was given this phone over a year ago and had to jailbreak it to use it. I was already using AT&T so it seemed like a good idea. Everything was fine until two weeks ago I was talking on it and it glitched, just repeating the last few milliseconds of the conversation over and over for about 30 seconds and then died. I tried to reboot it a bunch but I could get no signal.

    Being an overconfident idiot, I installed the latest firmware planning to jailbreak it as easily as I had before. That's when I learned that 3.1.3 wasn't breakable yet. I tried to jailbreak it with redsn0w, blackra1n, tried PwnageTool and then AutoInstalled ultrasn0w but that hung the phone. So I restored with just PwnageTool, the only tool that worked, but now I get no wifi, no cellular, and I don't even get the firmware version information listed in Settings.

    Theories:
    I think I've set up the phone OS right, and that isn't the problem with my device. I've either corrupted the baseband with all my jailbreak attempts, or the modem was dead in the first place and all this foolishness could have been avoided by replacing a chip.

    The next step:
    I've been looking at how to extract the modem NOR/NVRAM from the stock restore and manually flash the modem to get to some workable point. I can decrypt the deb files using a key I found on an Asian wiki using vfdecrypt, but from what I've read the files you need to actually do the flashing are signed by apple, and I'd have to do another restore and try to snatch the signed files from /tmp/ as the post is running before they get deleted. Even if I got those files I haven't found a recent tool to do the flashing...

    My questions:
    1. How do I tell if it's the NOR/NVRAM that's corrupted, or if the chip itself is actually broken?
    2. Is flashing the modem chip NOR/NVRAM the answer, or even possible with 05.12.01?
    3. If it's not the NOR/NVRAM that's corrupted from all the jailbreak attempts, how would I go through the process of replacing the chip itself, and once it's replaced how do I get the iPhone OS to use it?
    4. If I end up having to replace the chip, are there schematics to the 'motherboard' of the phone and for the chip anywhere? I'm not afraid of doing a little soldering and multimeter testing.
    5. if I have to replace the chip, where are the best places to buy one, and will it cost less then replacing the whole phone?


    Summary:
    So, I am truly asking for a tutorial, you anyone can give it, for people in my situation that answers the five questions above. If you post one here I'll be happy to post it elsewhere so that the chances of people asking the same question are lessened.

    If I've posted this in the wrong forum, or with wrong or incomplete info, I apologize, and please let me know where I should direct my questions.

    Thank you again!



  2. #2
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    See http://www.hackint0sh.org/f203/90394-2.htm#post455536 and http://www.hackint0sh.org/f203/90394-3.htm#post500077

    The decryption keys can be found by navigating to the correct firmware on this page Firmware - The iPhone Wiki If the Build text is a link, then decryption keys should be available. Also note that the baseband files are 100% identical for 3GS and 3G for the same OS version.

    This allows you to legally extract the baseband files from a specific firmware.

    Depending on how screwed up the baseband is, you might not be able to reflash. There have been quite a few reports of restore errors 23, 29 and 1012 which all seem to be hardware issues. These can't be fixed by reflashing baseband on the iPhone. In these cases, one hopes you have warranty or Applecare to rely on.

    To answer the questions you had

    Quote Originally Posted by aproximation View Post
    My questions:
    1. How do I tell if it's the NOR/NVRAM that's corrupted, or if the chip itself is actually broken?
    2. Is flashing the modem chip NOR/NVRAM the answer, or even possible with 05.12.01?
    3. If it's not the NOR/NVRAM that's corrupted from all the jailbreak attempts, how would I go through the process of replacing the chip itself, and once it's replaced how do I get the iPhone OS to use it?
    4. If I end up having to replace the chip, are there schematics to the 'motherboard' of the phone and for the chip anywhere? I'm not afraid of doing a little soldering and multimeter testing.
    5. if I have to replace the chip, where are the best places to buy one, and will it cost less then replacing the whole phone?
    1. Some of the NVRAM values can be checked via iRecovery (getenv). There are two copies of the NVRAM (for security in case one gets corrupted). iRecovery might give some idea of the state of the NOR.
    2. I am quite unsure if you will be able to reflash the baseband successfully.
    3. You could have a professional de-solder the chip, re-flash your baseband bootloader and baseband then re-solder it
    4. Need a professional surface mount desoldering/soldering equipment and experience to do this. I would not recommend trying yourself. Plus you need a NOR reprogrammer (HW + SW)
    5. You can't just buy a new chip (as far as I know), you could maybe buy an iPhone 3g that was broken in some other way and salvage the chip from there.
    Last edited by Olethros; 04-24-2010 at 08:25 AM.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  3. #3
    Newbie Array

    Join Date
    Apr 2010
    Location
    Concord, CA
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Thank you! Two more questions.

    Thanks for taking the time to reply!

    The xpwn/xpwntool will definitely help me get the files I need, and there is the correct version of BBUpdaterExtreme within the restore ipsw as well. Nice! I was worried about using the wrong version.

    My problem now is that I can't seem to connect to the phone with ssh - iTunnel doesn't find it and I can't find it's IP address via USB to do it without iTunnel. And MobileTerminal just opens and loads the keyboard and then closes right away - no error messages (but I still need to look at the phone logs to see if there are any there). So I'm stumped on how to make BBUpdaterExtreme executable and run it without some sort of terminal access.

    Two more questions:
    1. Is there a way to stick a Perl script or bash script in the AutoInstall directory and get around the need for terminal access?
    2. Do you have links to posts that describe how to replace the chip itself if the hardware is indeed fried?


    Thanks again for your time and help!

  4. #4
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by aproximation View Post
    My problem now is that I can't seem to connect to the phone with ssh - iTunnel doesn't find it and I can't find it's IP address via USB to do it without iTunnel. And MobileTerminal just opens and loads the keyboard and then closes right away - no error messages (but I still need to look at the phone logs to see if there are any there). So I'm stumped on how to make BBUpdaterExtreme executable and run it without some sort of terminal access.

    Two more questions:
    1. Is there a way to stick a Perl script or bash script in the AutoInstall directory and get around the need for terminal access?
    2. Do you have links to posts that describe how to replace the chip itself if the hardware is indeed fried?
    I would try and solve the mobileterminal problem.

    The AutoInstall directory is designed for Cydia packages. You would need to package the script up as a Cydia package to get it to work this way.

    I explained the hardware side of things in an update to my previous post.

    Do you not have warranty on this device? Applecare is always a good investment on an iPhone/iPad/iPod.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  5. #5
    Newbie Array

    Join Date
    Apr 2010
    Location
    Concord, CA
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default denial is not just a river in egypt

    No warranty. The phone was given to me by someone who was given the phone by someone else. It's either fix the phone myself or buy a new one I think.

    I was really hoping to be able to fix this one. I hate being defeated by my own inabilities.

    It looks like you have confirmed what I was trying to deny - repairing the hardware is most likely going to break things worse if I try to do it myself, and flashing the NVRAM is a one in a million shot.

    I'll give flashing the ram a shot and then if that doesn't work I guess I'll have to bite the bullet and get a new one. How much blood would I have to donate to get enough for a phone I wonder.

    Thanks again for your help!


  6. #6
    Newbie Array

    Join Date
    May 2010
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Please keep us updated on the reflashing!!! If we could reflash the baseband down to a version which is unlockable by sn0w then we wouldn't have to wait till the end of June for the next unlocking. This would be perfect for those of us who are stuck on the latest baseband with no way to go back (5.0.9 bootloader).

    I created an account just to keep up with this. I accidentally updated today to 3.1.3 after using my iPhone for all of two weeks on T-mobile.

  7. #7
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by Slurms Mckenzie View Post
    Please keep us updated on the reflashing!!! If we could reflash the baseband down to a version which is unlockable by sn0w then we wouldn't have to wait till the end of June for the next unlocking. This would be perfect for those of us who are stuck on the latest baseband with no way to go back (5.0.9 bootloader).
    The devteam have surely been looking for holes to allow baseband downgrade. Apple was incredibly fast in closing off the baseband bootloader 05.08 hole. Nothing has been found in the two years since. I really doubt there will be another downgrade solution via an exploit in 05.09 or higher.

    Hardware reflashing has been demonstrated to work.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  8. #8
    Newbie Array

    Join Date
    May 2010
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    It seems that if BBUpdaterExtreme won't take downgrades, however, what's stopping us from convincing it that the firmware we're applying is a newer version? What sort of checks does BBUpdaterdo to verify the version number? We're not trying to put a modified baseband on there, just an older version renamed to an newer or "current" version, then using Ultras0w to unlock.

    Looking at the command used to force 2.28 from 2.30 (from here 3G iPhone BaseBand Downgrader!! (go from 02.30.03 to 02.28.00 baseband) - Demonoid)
    ./BBUpdaterExtreme update -f ICE2_02.28.00.fls -e ICE2_02.28.00.eep

    That -f tag looks like "force" to me. I wouldn't mind trying to force 5.11 on there, but I want to make sure I can get back to 5.12 if it ends up corrupting my flash. Does anyone know the parameters associated with BBUdaterExtreme and what checks it does on the firmware before flashing it? Again, I'd be putting apple signed stuff on there, so the bootloader shouldn't complain once its on there. Since the bootloader is "permanent" it won't complain about having an older firmware on it that is genuine. I don't see how its possible for it to fail integrity checks simply because its an older version then what was previously on there.

    If the bootloader accepts the old code once its on there, then we can unlock using ultrasn0w as before, and all the 3g users can once again rejoice.

    Perhaps we could look into modifying the BBUpdaterExtreme binary? Does the bootloader check the BBUpdater? I'd imagine so, and that's where the problem is.

    I'm probably going through the thought process that the Dev team did a few years ago, however, seeing that hardware flashing seems to work... I think that if we could convince the updater the older firmware is a newer version, or otherwise force the "update," then unlock is a hop and a skip away.

  9. #9
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by Slurms Mckenzie View Post
    Does the bootloader check the BBUpdater? I'd imagine so, and that's where the problem is.

    I'm probably going through the thought process that the Dev team did a few years ago, however, seeing that hardware flashing seems to work...
    Hardware flashing focuses on just flashing the bootloader down to 5.8 version. Then the existing software based bootloader exploit is used to flash/downgrade the baseband

    It's my understanding that the bootloader does check the baseband is correctly signed and is a higher version than currently loaded before it allows bbupdater to flash the baseband.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  10. #10
    Newbie Array

    Join Date
    May 2010
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Well, looking at this it seems that you can flash the current firmware:
    Manually flash iphone to 05.11.07 baseband

    Of course they mention that you shouldn't try if you're on 5.12...
    I guess the only way to get around this would to be to defeat the sign checks done by the bootloader.... which is how the 5.8 one lets you downgrade. Ugh. If only I had an early build of the 3g.

    I think then the only way to get around this is to modify bbupdater to convince the bootloader that it's a later version. I think a good way to go about this is to pull the 4.0 beta baseband, 5.13, and have the bootloader "check" that, but have bbupdater flash the older firmware. Sort of like a card trick.

    Forgive my ramblings, this is my way of getting out my frustration on having accidentally updated. My brain won't stop thinking about ways around it!


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Corrupted Baseband
    By trappleye in forum iPhone 3G
    Replies: 9
    Last Post: 01-20-2011, 08:24 PM
  2. need help for repair corrupted imei
    By SLIPLOCK in forum iPhone 3G
    Replies: 4
    Last Post: 05-28-2009, 08:58 PM
  3. [1.1.1 OTB] corrupted baseband
    By shiz1 in forum iPhone "2G" (Rev. 1)
    Replies: 12
    Last Post: 02-23-2008, 05:47 PM
  4. [1.1.x] baseband corrupted
    By rgonzalez in forum General
    Replies: 7
    Last Post: 01-19-2008, 08:16 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 05:07 PM.
twitter, follow us!