Results 1 to 10 of 10
Discuss Baseband downgrade on iPhone 4 at the iPhone 4 - Hackint0sh.org; Did anyone else notice that the baseband firmware is being downgraded when going from firmware ...
  1. #1
    Professional Array

    Join Date
    Oct 2007
    Location
    Netherlands
    Posts
    95
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default Baseband downgrade on iPhone 4

    Did anyone else notice that the baseband firmware is being downgraded when going from firmware 4.1 to 4.0.1?
    Yesterday i installed iOS 4.1 (beta) on my iPhone 4 and my baseband was upgraded to 02.07.01 and today after installing iOS 4.0.1 on my iPhone the baseband was downgraded to 1.59.00.



  2. #2
    Senior Professional Array

    Join Date
    Oct 2007
    Posts
    139
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    I think that is normal because 4.0.1 preceeds 4.1 hence the baseband has to be lower than the 4.1s firmware

  3. #3
    Professional Array

    Join Date
    Oct 2007
    Location
    Netherlands
    Posts
    95
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    It's not normal, on the previous iPhone's you could only upgrade the baseband. Now it's possible to downgrade it.
    I went from iOS 4.1 - BB 02.07.01 to iOS 4.0.1 BB 1.59.00, Resulting in a lower version of the baseband which wasn't possible on the previous iPhone's.

  4. #4
    Newbie Array

    Join Date
    Oct 2007
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    i think it relates to the signing window that is still open for 4.0.1. 4.1 is beta, so they are not closing the 4.0.1 window yet.

  5. #5
    Super Moderator Array n1ckn4m3's Avatar

    Join Date
    Mar 2009
    Location
    USA
    Posts
    2,717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    145

    Default

    Quote Originally Posted by baygins View Post
    i think it relates to the signing window that is still open for 4.0.1. 4.1 is beta, so they are not closing the 4.0.1 window yet.
    That's not really the point he was trying to make, though you're right, they're still signing 4.0.1 and that's why he can restore it, that has nothing to do with the baseband itself -- historically, the way it worked is that if you installed a newer OS on your device, then downgraded, you kept the new baseband. There was no "Apple supported" way to downgrade the baseband on the phone on previous models, without using third party tools like BBExtremeUpdater / Fuzzyband.
    The preceding forum post has been brought to you by the letter "N" and the number 42.

    iPhone 4, 32GB (iOS 6.1.2 | evasi0n | SHSH: 4.0 - 6.1.2)
    iPad 2 3G, 64GB (iOS 6.1.2 | evasi0n
    |
    SHSH: 4.3 & 4.3.3 - 6.1)

    Restore problems? Read this: http://www.hackint0sh.org/f137/130802.htm

    Did we solve your problem? Got a dollar or two spare? Please Donate!



  6. #6
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    This is a specific feature of the new baseband platform used in the iPhone 4 and build by Infineon. This is the X-Gold 618.

    Firmware files are signed for a specific device by Apple during the restore process. As a result, the baseband will allow downgrades provided that Apple is still signing the firmware.

    This means Apple will be even more strict about rapidly closing the current SHSH window for the iPhone 4 when they release a new (non beta) iOS version.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  7. #7
    Super Moderator Array n1ckn4m3's Avatar

    Join Date
    Mar 2009
    Location
    USA
    Posts
    2,717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    145

    Default

    Quote Originally Posted by Olethros View Post
    This is a specific feature of the new baseband platform used in the iPhone 4 and build by Infineon. This is the X-Gold 618.

    Firmware files are signed for a specific device by Apple during the restore process. As a result, the baseband will allow downgrades provided that Apple is still signing the firmware.

    This means Apple will be even more strict about rapidly closing the current SHSH window for the iPhone 4 when they release a new (non beta) iOS version.
    Does this mean that with SHSH, we can now restore old basebands too? That would be wicked sweet.
    The preceding forum post has been brought to you by the letter "N" and the number 42.

    iPhone 4, 32GB (iOS 6.1.2 | evasi0n | SHSH: 4.0 - 6.1.2)
    iPad 2 3G, 64GB (iOS 6.1.2 | evasi0n
    |
    SHSH: 4.3 & 4.3.3 - 6.1)

    Restore problems? Read this: http://www.hackint0sh.org/f137/130802.htm

    Did we solve your problem? Got a dollar or two spare? Please Donate!


  8. #8
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by n1ckn4m3 View Post
    Does this mean that with SHSH, we can now restore old basebands too? That would be wicked sweet.
    Not yet.

    The baseband is signed with an at+nonce which is a random string generated on every bootup. Therefore, it is not possible to cache the SHSH signatures with a replay attack
    See Twitter / MuscleNerd: Kudos to @Bomans for notic ...

    The only real way around this would be to somehow find an exploit that allows the "random string" to be controlled or predicted. Then request and cache the baseband SHSH from Apple based on the now non-random seed value.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  9. #9
    Super Moderator Array n1ckn4m3's Avatar

    Join Date
    Mar 2009
    Location
    USA
    Posts
    2,717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    145

    Default

    Gotcha. Any chance Apple is going to change the SHSH requirement for the 3GS and 4 and base it on a combination of ECID + at+nonce and stop us from using the replay attack for our device firmware? When saurik announced the SHSH caching server, I was surprised to find that Apple hadn't put any protection in place against the replay attack -- if this is any indicator, it looks like they may have learned their lesson and are trying to tighten up in the future.
    The preceding forum post has been brought to you by the letter "N" and the number 42.

    iPhone 4, 32GB (iOS 6.1.2 | evasi0n | SHSH: 4.0 - 6.1.2)
    iPad 2 3G, 64GB (iOS 6.1.2 | evasi0n
    |
    SHSH: 4.3 & 4.3.3 - 6.1)

    Restore problems? Read this: http://www.hackint0sh.org/f137/130802.htm

    Did we solve your problem? Got a dollar or two spare? Please Donate!


  10. #10
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    That was what I thought would happen with iPhone4 but it seems that Apple hasn't gone so far yet. Any ipsw wide anti replay technique will not rely on a unique value from baseband as there are plenty of iOS devices that have no GSM radio.

    However they have just rigged a soft-SHSH for 3G and 2nd gen iPod touch in iTunes. So a a software only anti-replay technique could be added to a future version of iTunes.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!


 

 

Similar Threads

  1. Downgrade baseband 6.15 on iPhone 3G
    By weizen in forum General
    Replies: 3
    Last Post: 03-13-2011, 01:49 PM
  2. Downgrade Baseband on Iphone 3G - BL 5.08
    By bjcb in forum Ultrasn0w (3G(S)/iPhone 4 unlock)
    Replies: 4
    Last Post: 12-05-2010, 11:33 PM
  3. iPhone downgrade to OS 2.2.1 (from 3.0 beta 3) AND w/ baseband 04.20.01
    By nathanmohan in forum iOS 3.x (iPhone OS 3.x)
    Replies: 5
    Last Post: 06-02-2009, 02:14 AM
  4. Replies: 0
    Last Post: 06-02-2009, 12:45 AM
  5. Replies: 0
    Last Post: 09-30-2007, 05:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 03:39 PM.
twitter, follow us!