[[Preventing baseband update as a last-ditch effort]]
 
You are here: iPhone Dev Team Portal » howto » Preventing baseband update as a last-ditch effort
Table of Contents

Preventing baseband update as a last-ditch effort

What is it?

This page describes a “last-ditch” way to prevent a baseband update for those who ignored the warnings on http://spiritjb.com to not use Spirit if you're using blacksn0w on an iPhone 3GS without 3.1.2 SHSH blobs on file.

This is not a jailbreak or an unlock by itself. It's much safer than the “pull your USB cable during Firmware Update” method that's making its way around the forums (that method has the potential to brick your baseband if your timing is off).

Some people who were using blacksn0w on their iPhone 3GS at 3.1.2 tried to apply the Spirit JB without removing blackra1n despite all the warnings against this. Those who did usually found themselves in a reboot loop or stuck at the Apple or recovery screen. If they did this on an iPhone 3GS without 3.1.2 SHSH blobs on file, they got stuck with an inoperable phone. That's because restoring to stock 3.1.3 (to get out of the loop) also updates the baseband past the point where the currently released unlocks will work.

The number of iPhone 3GS jailbreakers using blacksn0w who do not have 3.1.2 SHSH hashes on file with Cydia is probably very small. Do not use this method if Cydia has your 3.1.2 SHSH hashes on file – it's overkill! Just restore to 3.1.2 using your saved hashes instead. (But if you've already got 3.1.3's baseband on your iPhone, it's already too late for you and you must wait for the next unlock. This method doesn't change that.).

When should I use this method

Only use this method if you meet *all* of these requirements:

  • Using an iPhone 3GS; and
  • No 3.1.2 SHSH blobs on file with Cydia (or locally on your computer); and
  • You've never updated or restored (or bought your iPhone with) stock 3.1.3 before; and
  • Have access to a SIM card that will allow your iPhone 3GS to activate through iTunes. This is an important requirement because if you don't meet it then this method is pointless since you won't be able to use the Spirit JB. Note that you'll only need this SIM card to activate the iPhone before running Spirit, and you don't need to keep it after that.
  • You're currently in a reboot loop or stuck in recovery mode. If you're not, and if the only thing you're trying to do is switch to an untethered jailbreak, then please reconsider what you're about to do. (You may want to leave well enough alone for now.)
  • Please consider this method a “last-ditch” way to undo your previous mistake only.

What is the method

This method “mostly” restores to 3.1.3, but makes the restore process error out at a safe point by removing the LLB image from the stock IPSW. The error will occur before the NOR is erased and before the baseband is reflashed.

  1. Make sure you have rslite or iRecovery handy and that you can run it. You'll need to use it after iTunes errors out.
  2. Unzip the 3.1.3 IPSW. You'll be making three changes to it.
  3. Remove Firmware/all_flash/all_flash.n88ap.production/LLB.n88ap.RELEASE.img3
  4. Edit Firmware/all_flash/all_flash.n88ap.production/manifest. Remove the first line (LLB.n88ap.RELEASE.img3) then save back the file.
  5. Remove the two references to LLB in BuildManifest.plist. You want to remove the lines starting with <key>LLB</key> up to and including the next matching </dict> (this will be 17 lines).
    <key>LLB</key>
<dict>
        <key>BuildString</key>
        <string>iBoot-636.66.33~4</string>
        <key>Info</key>
        <dict>
                <key>IsFirmwarePayload</key>
                <true/>
                <key>Path</key>
                <string>Firmware/all_flash/all_flash.n88ap.production/LLB.n88ap.RELEASE.img3</string>
        </dict>
        <key>PartialDigest</key>
        <data>
        QAAAADgBAQBmTeQNOchSWUN8/P56yjPVrrML
        2w==
        </data>
</dict>

    Do this removal twice…once in the first half of the file, and once in the second half.

  6. Zip it all back up. Keep in mind that the top-level of the zip should be that directory where BuildManifest.plist is. (Don't zip it from the folder one level up from this by mistake).
  7. Restore or update to this modified IPSW (not the stock one from Apple!). It will eventually error out (error #6).
  8. Use rslite or iRecovery to get past the subsequent recovery screen. Using rslite, you'd do:
    % rslite
rslite v0.2 - by the iPhone Dev Team, 2009.
--THIS IS AN UNSUPPORTED TOOL--

Connecting...
[Recovery] setenv auto-boot true
[Recovery] saveenv
[Recovery] reboot
  9. Using your valid (but temporary if need be) SIM, activate the iPhone then use Spirit from http://spiritjb.com to jailbreak. Then use Cydia to install the blacksn0w unlock.

Questions

Feel free to send any general questions about this method to Musclenerd on twitter. (Please read and re-read this page before doing that though). And for general jailbreaking/unlocking tips and help, you can always visit our blog at http://blog.iphone-dev.com and follow our team twitter at http://twitter.com/iphone_dev

howto/removellb.txt · Last modified: 2010/05/10 09:15 (external edit)
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki
Part of the iPhone Dev Team Archive