Baseband 04.03.13_G Secpack

Here is the highly anticipated secpack for iPhone baseband 04.03.13_G:

Secpack 04.03.13_G

With this secpack, any accidentally upgraded 1.1.3 iPhones that have bootloader 3.9 can be fully downgraded to earlier versions. NOTE: starting from OTB 1.1.2, Apple has updated the bootloader to version 4.6.

Brief Steps to Downgrade to 03.14.08_G

1. Downgrade iPhone firmware to 1.0.2, you may have to downgrade in this order: 1.1.3 -> 1.1.2 -> 1.1.1 -> 1.0.2 you need to put iPhone into DFU mode first before downgrading.

If you prefer reflashing on 1.1.1, it’s fine, but keep in mind that 1.1.1 will shutdown WiFi once you issue the ieraser command, so you may have to use MobileTerminal (aka Term-vt100) or initiate a script running in background through SSH. For me, 1.0.2 is my favorite testbench, as the WiFi stays during the whole process.

2. Extract and upload the following files to iPhone, put into /reflash:

ICE03.14.08_G.fls
ICE03.14.08_G.eep
BBupdater
iEraser
Secpack 04.03.13_G

3. If you wanna use SSH (I do), then install these packages:

BSD Subsystem
OpenSSH

If you prefer doing it through Term-vt100, install these packages:

BSD Subsystem
Term-vt100


4. SSH login to iPhone (or use Term-vt100), and enter the following commands in SSH or Term-vt100:

cd /reflash
chmod 755 *
launchctl remove com.apple.CommCenter
./ieraser
./bbupdater -f *fls -e *eep
./bbupdater -v (you should see version 03.14.08_G)
launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist

UPDATE: If you want to do it on 1.1.1:

Write a script similar to the following downgrade.sh:

#!/bin/sh
cd /reflash
chmod 755 *
launchctl remove com.apple.CommCenter
./ieraser
./bbupdater -f *fls -e *eep
./bbupdater -v
launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist
/sbin/reboot

Then issue the command from SSH:

nohup sh downgrade.sh > ~/downgrade.log 2>&1 &

You’ll notice the WiFi disappears and you lost SSH connection during the process, don’t worry, wait some minutes, don’t touch your iPhone, let it go, it will reboot once the process is done, the output is at /var/root/downgrade.log.

P.S. script not tested, use at your own risk.

NOTICE

The above steps have been tested on non-OTB 1.1.3 (modem 04.03.13_G, bootloader 3.9, which means it’s upgrade from OTB 1.0.x or OTB 1.1.1), I upgraded one of my iPhones from 1.0.2 to 1.1.3, and then downgraded it back to 1.0.2 without any problems. Read my experience HERE.

UPDATE: Don’t do this on an OTB 1.1.2, there’s no way to flash a baseband with bootloader 4.6 at this time.

Why A 1.1.3 Upgraded from OTB 1.1.2 Can’t Be Downgraded

The OTB 1.1.2 comes with bootloader 4.6 which has changed the version checking algorithm, the algorithm is like this:

if (secpack version > current baseband version)
    allow to erase
else
    deny it

The above statement indicates with bootloader 4.6, a higher (than current) version of secpack is required to erase the current baseband. So to erase a baseband 04.03.13_G with bootloader 4.6, you have to have a >04.03.13_G secpack. That’s why you can’t downgrade a 1.1.3 iPhone upgraded from OTB 1.1.2, because when an OTB 1.1.2 is upgraded to 1.1.3, the modem is also upgraded to 04.03.13_G, to erase it, a higher version (>04.03.13_G) is required, which means you have to wait till the next baseband update.

UPDATE: Don’t do this on an OTB 1.1.2, there’s no way to flash a baseband with bootloader 4.6 at this time.

Why A 1.1.3 Upgraded From OTB < 1.1.2 Can Be Downgraded

The old iPhone comes with bootloader 3.9, which has a slighly different version checking algorithm, like shown below:

if (secpack version >= current baseband version)
    allow to erase
else
    deny it

Have you noticed the differences? Yes, the >= is the point, which means with bootloader 3.9, you can erase the current baseband using a newer version OR a current version secpack, so you can use a 04.03.13_G secpack to erase a 04.03.13_G with bootloader 3.9.

NOTE: the bootloader is the last resort to salvage the phone when something really bad happens, so it never gets flashed during an update. The ieraser erases the secpack, not the bootloader.

The following contents are copied as-is from George Hotz weblog as a backup purpose for my easy access.

Hardware Unlocking

The following contents are from George Hotz (HERE), it downgrades the bootloader from 4.6 to 3.9 so that you can later downgrade you baseband to previous versions. The contents are copied here as-is for my easy local access:

1. Copy all the files to a directory on your phone. It is imperative you do not shut off the phone after ieraser, or you cannot restore wifi, since the only fls which works on 4.6 is 1.1.3

2. Run ienew. This is ieraser, and it erases your 1.1.2 firmware to allow the testpoint to work.

3. Find an old 3.9 nor dump and create a file called “nor” with the first 0x20000 bytes of the old nor dump. This is the 3.9 bootloader.

4. Copy “nor” into the folder and run iunew. This is iunlocker and runs just like the old one. You will need the A17 testpoint on before running this. See the following for info on this testpoint:

A17 TestpointThe red line is covering the A17 trace. In order to trick the chip into thinking the flash is erased in the correct section, you will need to pull this high.

Scrape away at the trace with something like a multimeter probe. Then solder a very thin wire to it. Be very careful. Only scrape away at that solder mask above that one trace. YOU DO NOT WANT TO BREAK THE TRACE. This is the hardest step in the whole process; the rest is cake.

Also solder a wire to the 1.8v line. Connect to wire coming from the trace and the wire coming from the 1.8v to your unlock switch. Be careful, you only get one chance to do this right. Thanks again to Nick Chernyy for the picture.

5. The bootloader is now 3.9!!! Run bbupdater or restore phone with the AnySimmable firmware of your choice.

6. Run AnySim and, as usual, enjoy your unlocked iPhone.

The H/W unlocking required files: OTB 1.1.2 Hardware Unlocking Package
The ready-to-go NOR file for Step 3: First 0×20000 Bytes of 3.9 NOR Dump (Bootloader)


20 Comments

  1. Posted February 7, 2008 at 8:43 pm | Permalink

    Yusuf, sorry no idea, afaik, you can always downgrade the firmware (not modem) regardless of whether it’s bl 3.9 or 4.6 as long as you enter the dfu mode.

    dleo, 你没明白我的意思,我知道怎么硬解,但你的想法没人试过,我也不知道,手里从来没有原生1.1.2.

  2. Yusuf
    Posted February 7, 2008 at 8:56 pm | Permalink

    ok then….can u guide me how to downgrade it…and wat softwares wud i need.
    thanks…appreciate it aalot

  3. Posted February 7, 2008 at 9:00 pm | Permalink

    Yusuf, I said I have no idea, because DFU mode is the only point, if you can’t get it working then I really can’t help.

  4. dleo
    Posted February 7, 2008 at 9:11 pm | Permalink

    sorry我贴错了,事实上我成功了的
    # ./bbupdater -v
    Resetting target…
    pinging the baseband…
    issuing +xgendata…
    firmware: DEV_ICE_MODEM_04.02.13_G
    eep version: EEP_VERSION:208
    eep revision: EEP_REVISION:1
    bootloader: BOOTLOADER_VERSION:3.9_M3S2
    Done

    # ./bbupdater -v
    Resetting target…
    pinging the baseband…
    issuing +xgendata…
    firmware: DEV_ICE_MODEM_03.14.08_G
    eep version: EEP_VERSION:208
    eep revision: EEP_REVISION:1
    bootloader: BOOTLOADER_VERSION:3.9_M3S2
    Done

    现在我已经用AnySIM 1.1.3,Official 1.1.3 Upgrader成功升级到了1.13了,谢谢了

  5. Posted February 8, 2008 at 3:05 am | Permalink

    Dude! I did all the parts but when I typed ./bbupdater -v the version that command reported back was the same version as before. what can I do?

  6. Nelson
    Posted February 9, 2008 at 3:31 am | Permalink

    Hi,I have a iphone which the baseband was 04.01.13_G and was jailbreak. Last week I have tried to upgrade to 1.1.3, but everything went wrong and now I have the baseband 04.03.13_G!! But the phone is blocked and is not working properly. I have tried to downgrade to 1.1.1 but it is not working and I need your help.Please, could you tell me what to do, and how to do it properly?Many Thanks for your help!

  7. OMG
    Posted February 10, 2008 at 3:23 am | Permalink

    Hi to George & the rest of the community!
    I am one of the screwed ones: I’m running 1.1.1 on an iPhone (OOTB 1.1.2.) with 04.03.13_G and Bootloader Version 4.6_M3S2 and at the moment there is no way for me to use the phone functions even though I originally bought a TurboSim aswell. =(
    Now here is my, probably silly, question:
    For those of us who would like to expand there 8GB iphones to 16GB (would 32GB ipod Toch work?) Would putting in a new memory with 16GB mean getting rid of the baseband/bootloader problem?
    Thx for any suggestions
    and an extra big THANK YOU to the people working on the matter!

  8. Felipe
    Posted February 10, 2008 at 3:58 am | Permalink

    Hello to all, I was on the same problem, I have a OTB 1.1.2 (Bootloader 4.6) and I upgraded to the 1.1.3 firmware (that installed the 04.03.13_G base band), with no luck to downgrade…. until now.
    I followed these instructions, but first I needed to do the following:
    1. I used the IPHUC method to downgrade to firmware 1.1.1 and the activation method. (All the time I was dealing with the warning: Sim Incorrect).
    2. I followed these instructions: http://www.iclarified.com/entry/index.php?enid=649 that tells you to add a resource and install it (GeohotUnlock) and It worked!! Now I have a a 04.02.13_G unlocked.

    I hope this helps!!

  9. OMG
    Posted February 10, 2008 at 4:14 am | Permalink

    Wow thanks Felipe! That really looks good!
    I’ve just got one little question before I start: Do I have to soft-upgrade my phone to 1.1.2 in order to use the “iclarified” method?
    I’ll let you guys know if it worked tomorrow.
    @Felipe: Would you be prepared to give out your icq- adress or something in case I have any questions, please.
    Thanks again
    greets OMG

  10. Felipe
    Posted February 10, 2008 at 4:31 am | Permalink

    OMG, I didn’t do the upgrade to 1.1.2, actually, I thought that, and I was waiting for an error, but nothing happens. (I followed the instructions using the 1.1.1 jailbreak and that correct the base band from 04.03.13_G to 04.02.13_G). That method also worked without upgrading to 1.1.2.
    After the GeoHot Unlock install, I did the OktoPrep Install, to get to the upgrade 1.1.2 (using then the jailbreak 1.1.2), that worked too. So now I did the software upgrade to 1.1.3 and still have the 04.02.13_G and it worked, and I remain unlock and happy =)

  11. Miguel
    Posted February 10, 2008 at 2:11 pm | Permalink

    HI help yesterday i tried the method of geohot with the gunlock and all of that then after that, i dont have signal i used the brick tools and then i reboot my iphone, it says need rapair, no wifi, no sound, and now im trying to restore to 1.1.3 or 1.1.2 or 1.1.1 or 1.0.2 and it says the iphone cant be restored, and it shows the error 1012 help me please im desperated. my mail is supersmashbrosgo@gmail.com help me im so sad

  12. OMG
    Posted February 11, 2008 at 4:35 am | Permalink

    It’s unlocked =)

  13. Felipe
    Posted February 11, 2008 at 4:43 am | Permalink

    Miguel, the same happened to me. So the thing I did was:

    1. Normal restore from iTunes using the Update to 1.1.3. (That should restore your phone with the latest update). If you can restore it (that means that you should have the screen for activation), then I don’t know more.
    2. If you get the restore to 1.1.3, then you need to do the iPHUC method in order to do at least downgrade just the firmware to 1.1.1, and put the jailbreak 1.1.1.
    3. After you jailbreak 1.1.1(you should have the 04.03.13_G still), you can do the GeoHot method: http://www.iclarified.com/entry/index.php?enid=649
    4. After that you should have the phone, wifi and everything working. (you should have now the 04.02.13_G now).
    5. You can do the jailbreak 1.1.2 then the jailbreak 1.1.3 (via App Install). and that shoudl keep your phone working.

  14. Posted February 13, 2008 at 2:02 am | Permalink

    Latest news: 1.1.3 OTB is now fully unlocked.. All iPhones with 1.1.3 OTB or upgraded from 1.1.2 OTB to 1.1.3 can now be unlocked, even the 1.1.3 16gb version of iPhone.. check this URL for more information: http://zibree.blogspot.com/2008/02/ziphone-updated.html

  15. Posted February 13, 2008 at 2:06 am | Permalink

    Old news :) I’m sure you didn’t check other NEWER articles on the blog, this article was posted on Jan 18 ;) Thanks anyway.

  16. Ahimsa
    Posted February 14, 2008 at 8:13 pm | Permalink

    Hi George,
    Congrats for your awesome work you have done!
    I have a problem which is, I have upgraded my iPhone [8GB] v1.1.2 baseband 4.6 and firware 04.03.13_G to v1.1.3 baseband 4.9 and firware 04.03.13_G using iTunes and my iPhone is now SIM locked and says Connect to iTunes and when I do so, it says that wrong SIM or invalid sim and I can get an AT&T sim but as I am in India the GSM Network won’t support. and in it I have no more options or bottons on that Connect to iTunes screen except “Slide for EMERGENCY CALL” and a small ” (i) ” which when I tap it shows the IMEI an the ICCID codes. I gave my phone to an Apple Software Engineer in India, he said that now we can’t do anything to the phone because the bootloader is 4.9. You are the only person whom I can get help from. So please reply soon!! :)

  17. Ahimsa
    Posted February 14, 2008 at 8:36 pm | Permalink

    Hi George,
    I have an iPhone [8GB]
    Info:
    + Bootloader – 4.6
    + Firware – 04.02.13_G
    + Version – 1.1.2

    I upgraded it using iTunes and now it is

    + Bootloader – 4.9
    + Firware – 04.03.13_G
    + Version – 1.1.3

    My iPhone says that “Connect to iTunes”
    As I did it, it said “incorrcet SIM” in the iTunes screen and also in the iPhone
    And the iphone is fully locked
    I have no other options or buttons on the iPhone screen to tap except “Slide for Emergency Call” and a small button ” (i) ” when I press that (i) It shows the ICCID an the IMEI codes.
    I gave my iPhone to an Apple Software Engineer, He said that “Now nothing can be done because the bootloader is 4.9 and we need to downgrade it, which is not possible !”
    And one more thing, I am in India where Apple is not so known
    What shall I do please help me :(

  18. Posted February 15, 2008 at 12:46 pm | Permalink

    Ahimsa, it’s normal, please read “Real Jailbreak 1.1.3 with ZiPhone”, your “phone” will soon become a phone :)

  19. Peter
    Posted March 3, 2008 at 10:46 am | Permalink

    George,

    How and where to put “secpack” file? I have an iPhone of 1.1.3 orginally and accidently upgraded (not complete) to 1.1.4.. now in General-Setting-About, ther eis no information below WiFi (no address either), even no IMEI. No Modem inforamtion etc…Of course, can’t recognize any sim card.. Thanks in advance for your help.

    Regards,
    Peter
    peterxiongsr@yahoo.com

  20. Shuja
    Posted October 15, 2008 at 12:43 am | Permalink

    Hi George:
    You are doing a good job for the guys like me, i should really thank you for all this and the stuff u keep on this site.

    my iphone’s baseband is corrupt nothing seems to work… no imei, no iccid, no wifi….no modem firmware…. i am currently on 1.1.4….
    tried almost everything but all in vain

    ieraser stucks at “waiting for data”
    could you please help me out to make my iphone work again
    BootNeuter stucks at “Determing Current Settings”

    is there any way i can restore my baseband
    i have tried all versions from 1.1.1 to 2.0.1

    any help will be appreciated
    thanx