To all those curious as to why and what: There is NO known software unlock for the baseband that comes with stock Apple 3.1.3 firmware. That baseband is 5.12.01. The older version, 5.11.07 that came with 3.1.2 can be unlocked using blacksn0w RC2 available from the Pushfix Cydia repo.
As described on extechblog by crazyfool2100 which only applies for re-flashing a corrupted 5.11.07 baseband, this was applied instead to a fresh 3.1.3/5.12.01. It was bound to fail, I was just curious to see the output to find out at what point it actually fails. Guess?
Validating parameters...OK
Disabling thermal Notifications...OK
Disabling sleep...OK
Configuring Hardware Mux...OK
Opening device path /dev/cu.debug, using initial baud 115200
- Ping failed, trying again, 56 tries left
- Ping failed, trying again, 55 tries left
- Ping OK
Gathering modem information...OK
Checking Static EEP backup...
- backup is OK
Checking Static EEP backup -- All OK
Firmware Version: ICE2-05.12.01
EEP Version: EEP_VERSION:708
EEP Revision: EEP_REVISION:1
Boot Loader Version: ICE2_BOOT_06.04_G2M3S2
FLS/EEP Mismatch: Match
Configuring Hardware Mux...OK
-------------------------------------------------------------------------------
BEGINNING BOOT
-------------------------------------------------------------------------------
Sending boot code...- GKEY: 0x21
OK
Reading Reference file ICE2_05.11.07.fls...OK
Sending EBL Loader...
Sending EBL Loader Length...OK
Sending EBL Loader Data...OK
Sending EBL Loader Checksum...OK
Sending EBL Loader -- All OK
Sending EBL...
Sending EBL Length...OK
Sending EBL Data and Checksum...OK
Sending EBL -- All OK
Getting EBL Version......OK
- Boot Mode 0xCC
- EBL Version Major/Minor: 6.2
- EBL Version 'ICE2_RAM_B'
- Flashing Compression: 0, CRC Type: 0, CRC Method: 1
Reading Reference file ICE2_05.11.07.fls...OK
Sending Protocol configuration...OK
Sending Flash ID...OK
Doing CFI Stage 1...OK
Doing CFI Stage 2...OK
-------------------------------------------------------------------------------
DONE BOOT
-------------------------------------------------------------------------------
Getting software version of file ICE2_05.11.07.fls...OK
Increasing baud rate to 921600...OK
Validating EBL Version...OK
-------------------------------------------------------------------------------
SENDING FLS FILE: ICE2_05.11.07.fls
-------------------------------------------------------------------------------
Loading FLS file ICE2_05.11.07.fls...OK
>> Sending Block of type CodeClass(0) from file ICE2_05.11.07.fls...
Beginning Dynamic EEP erase at 0x20E40000 to 0x20EBFFFE...
Progress: 0 percent, 0 of 524286
Progress: 100 percent, 524286 of 524286. OK
Sending Security Block...OK
Erasing Load Area from 0x20040000 to 0x20693196 (this will take some time)...OK
Sending data for mapping 0: progress: 0 percent, 0 of 6631832
...
progress: 100 percent, 6631832 of 6631832. -- OK
Checking validation result... - Warning: Validation result code indicates failure, result code = 0x0
OK
>> Sending Block of type CodeClass(0) from file ICE2_05.11.07.fls -- All OK
-------------------------------------------------------------------------------
DONE SENDING FLS FILE
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
SENDING EEP FILE: ICE2_05.11.07.eep
-------------------------------------------------------------------------------
Loading EEP file ICE2_05.11.07.eep...OK
>> Sending Block of type StaticEEPClass(0) from file ICE2_05.11.07.eep...
Sending Security Block...OK
Erasing Load Area from 0x20FC0000 to 0x20FC57FE ...OK
Sending EEP Payload...progress: 9 percent, 2048 of 22528
...
progress: 100 percent, 22528 of 22528. -- OK
Checking validation result...OK
>> Sending Block of type StaticEEPClass(0) from file ICE2_05.11.07.eep -- All OK
-------------------------------------------------------------------------------
DONE SENDING EEP FILE
-------------------------------------------------------------------------------
Powering radio down...OK
Doing a hardware reset through AppleBaseband
Waiting for baseband power-up...
- Ping failed, trying again, 56 tries left
- Ping failed, trying again, 55 tries left
- Ping failed, trying again, 54 tries left
- Ping failed, trying again, 53 tries left
- Ping failed, trying again, 52 tries left
- Ping failed, trying again, 51 tries left
- Ping failed, trying again, 50 tries left
- Ping failed, trying again, 49 tries left
- Ping OK
- Baseband took 8.210041 seconds to power up
Powering off radio...
Powering off radio -- All OK
Waiting for baseband power-up -- All OK
Re-enabling thermal Notifications...OK
Re-enabling sleep...OK
The only thing that seems wrong is the line in red... but it's a warning, with status code zero, which usually means nothing went wrong?
So the flashing process reported an error... almost nowhere (captured both stdout and stderr). From the output, it seems that you've just flashed a 5.12.01 with 5.11.07. It's important to note that the files were taken from stock 3.1.2 firmware, any altered file will just not pass signature validation.
When you reboot (or re-enable CommCenter) after this operation, what modem firmware does Settings -> General -> About show? 5.12.01!
It's a well known fact that you cannot downgrade a baseband like you can downgrade OS firmware. Back in the days of baseband bootloader 5.8 on the iPhone 3G, an exploit was discovered which allowed the bootloader to be compromised. An older version of the baseband could then be flashed (that's what Fuzzyband does – iPhone 3G only).
Who's looking forward to the next Fuzzyband for 3GS?! Hope something comes out...
0 people discussing -:
Post a Comment