Since I corrupted my 2nd 1.0.2 iPhone by running the anySIM 1.02 which was supposed to be 1.1. Now I have 2 anySIM-ruined iPhones to test with.
I decide to try a combination which is a 1.1.1 firmware with 03.14.08_G modem. The key point here is how to flash the baseband under 1.1.1. Under 1.1.1, when I’m trying to erase/flash the baseband, the WiFi is shutdown immediately, hence I can’t do any useful (modem related) things using SSH. However, this can be easily overcome by issuing all commands from MobileTerminal which was what I did exactly.
Another problem was how to flash the 04.01.13_G, well, this comes easy when the secpack 4 is released.
So for a successful modem downgrade under 1.1.1, I first jailbreak the 1.1.1, get all neccessary tools ready:
BSD Subsystem
secpack for 04.01.13_G (get it here Secpack 04.01.13_G)
ieraser (get it hereiEraser)
bbupdater (get it here BBupdater)
03.14.08_G’s .fls and .eep files (get it by extracting the 1.0.2’s ramdisk)
I put the above files into /reflash folder on iPhone (excluding BSD Subsystem which is installed on iPhone).
Then I start the MobileTerminal and issue the following commands (you can’t use SSH to do this! The WiFi will be shutdown immediately when you issue the ieraser command):
1. Close the communication center:
launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
2. Erase the new baseband:
cd /reflash ./ieraser
3. Now flash the old 03.14.08_G modem:
./bbupdater -f *fls -e *eep
4. Start the communication center:
lanuchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist
Now I have a hybrid system with 1.1.1 firmware and 03.14.08_G modem. All I need is a patched lockdownd for 1.1.1, without it my iPhone will always report incorrect SIM error. Anyway, it’s now working as a 1.1.1 iTouch ;) I just need to be patient to wait for the coming lockdownd, fingers crossed …
UPDATE: After revirginizing the seczone (which fixed the 0049 IMEI issue), the above combination works perfectly!