I’ve got a BL3.9 iPhone and I often use it to do some experiments, e.g. upgrading / downgrading baseband. I usually do such experiments on firmware 1.0.2 because it gives me WiFi during the whole flashing process, 1.1.1 always cuts WiFi after the ieraser, I never tried to do baseband downgrading on 1.1.2.
But tonight, I wanna try if I can downgrade the baseband on 1.1.2 with Term-vt100. So I took the following steps:
Restored to 1.1.3 with iTunes
Entered DFU mode and downgraded firmware to 1.1.1, activated and installed Oktoprep
Updated to 1.1.2 with iTunes, then activated with iNdependece
Installed SSH through iNdependence, copied Term-vt100 to /Applications
Copied all the needed files (ieraser, secpack040318, bbupdater, ICE files) to /reflash
Started Term-vt100 and entered /reflash folder
Now the interesting thing happened: I entered ./ieraser to erase the baseband, according to my experience on 1.0.2, when ieraser has done its job, it returns to shell, then I can enter other commands to reflash the baseband, but this time, on 1.1.2, it did not return (later someone told me I need to turn on Airplane Mode), instead, a spinner appeared, and after a while my iPhone was rebooted.
I was a bit surprised but not panic because I knew I can always reflash the baseband (thanks the BL3.9). As I felt 1.0.2 is more comfortable, I put the phone into DFU mode and downgraded it to 1.0.2 with iTunes, iTunes happily restored it and didn’t report any error, I was expecting an error 1013 though. So I logged in to check what happened to the baseband, guess what? The baseband had been downgraded by iTunes, it’s now 03.14.08_G.
I tried again, still on 1.1.2, but with modem 04.02.13_G, similar steps as above, this time, the spinner never ended so I had to hard reset the phone, after the reboot, I took the the same steps to downgrade the firmware to 1.0.2, iTunes again restored the baseband to 03.14.08_G.
Seemd like iTunes executed the bbupdater -f *fls -e *eep for me :)
23 Comments
i was trying the same thing, but too scary to reflash 4.03 flash LOL
原来以为你这只能用国际官方语呢,上次把我累的。
那照你这么说,只要modem被清空,bbupdater就会执行了,那把4.6的modem清空,在用1.12固件恢复,modem会不会被刷新呢?还是bbupdater只能用在3.9的BL?
那些硬破失败的,丢失ICCID,好像有尝试过恢复到1.12但是还是没有修复,是不是4.6的不能刷新modem了
我得BL被我降到3.9了,不能试了。
有没有4.6的nor让我在升回去??原理上应该可以吧,呵呵。
iTunes永远都可以恢复 modem, 但有时候它的判断不怎么准确,很可能要试好多次才可以,我经常刷了20几次才成功….有时候却只要一次。
我试过在4.6的机器上用bbupdater,试过两个版本的bbupdater,旧版本的可以刷,但是无法成功,说是无法验证firmware文件的合法性;新版的直接告诉我无法取得独占访问,CommCenter是否还在运行之类的。试这个要花很多时间,而我又懒。。。
我没有原生1.1.2, 所以所有有关BL4.6的仅限于理论知识.
Maybe reading too much into this - but would it be possible therefore to get itunes to reflash a 4.6BL phone’s baseband back to an earlier version?
wow that seems good btw so itunes does use the commands for downgrading baseband, what version of itunes do you have?
thanks
Dudes, it’s normal…. iTunes uses the same command as we use, bbupdater. To be truth, we use the same command that iTunes uses… lol.
It happens because your flash is erased… so, iTunes and everything can write to it without a secpack or something.
我的iphone 在使用你的“Manually Unlock 04.03.13_G (BL3.9)”这个方法时,过程中家里停电后。再开机时就出现没有IMEI 和CCID 用Itunes 恢复1.1.3时。出现1012错误。也无法恢复到1.1.2和1.1.1. 请问一下,我的IPHONE还能修好吗?我的IPHONE的SERIALNO:837512RNWH8
威,很久以前曾经有人做过类似的事情,当时是刻意在iTunes刷Baseband的时候拔掉了连线,造成Baseband写入不完全,从而让iTunes重新写入新的(降级过的)Baseband。做这个实验的人据说是成功了的,但是后来的冒险实验的人无一成功,我从未进行过类似的操作,也不能预测结果。
如果是BL3.9的话,可以尝试用bbupdater重刷Baseband,有可能恢复。
我的是BL3.9的。但我如何用BBupdater 重刷Baseband。问题是我根本就无法进入Iphone 的桌面。还望再回复。万分感谢!
我在线等吧
老实说我也不知道,如果是我,我就尝试让iPhone进入DFU模式,然后用iTunes重新恢复,如果不出意外的话,应该可以恢复固件,然后可以激活。这样就有机会重刷Modem了。
如果是这样的话,那我的iphone就真的没希望了,因为我已经不下10次进入DFU模式,让iTunes重新恢复1.1.3 但每一次都提示:ERROR 1012的错误.哎… 看来是没有希望了.不管怎样还是谢谢George的回复!
如果有新的方法.希望可以告诉我.我的E-mail:joson.xie@gmail.com 非常感谢.
提示101X错误是正常的,表示Modem无法重刷,但是固件已经重刷过了,只要能激活就可以回到SpringBoard,至于Modem即使暂时不能用,也不会影响进入SpringBoard的。
如果不能激活就不知道该怎么办了。
非常感谢George虽然我的Iphone无法修复! 我的iphon就是因为无法激活所以无法做任何动作。因为现在激活1.1.1的方法 是用jailbreakme.com的AppSNapp来激激活的。但我的modem都无法使用,也就无法使用这个方法。也因为modem无法使用,所以用cALL *#307#的方法也是无效的。
另外一个方法就是把1.1.1降到1.0.2 。但我现在的iphone无法降到1.0.2,一直卡在“正在等待iphone…”
还望George帮看看还有没有其它方法,比如:如何用其它方法来激活1.1.1.
谢谢George的热心帮助,再次谢谢!
现在我的iphone可以用了,是用zibree.blogspot.com的 ziphone修复的,但这样修复后,我的IP的IMEI 跟之前的不一样了。
谢谢George.
我机器,刷什么版本都提示1011错误,怎么解决啊?1.0.2版本会一直等待 威是怎么解决的?能把详细步骤告诉我以下么?谢谢
我的iphone恢复1.1.1提示1011错误,也不能进入激活画面
小弟的I PHONE8G用3个号码没有了.IMEI,ICCID,MODEM FIRMWARE显示处为空白.
不能降回1.0.2,在1.1.1破解后,在执行到./ieraser这步的时候,系统显示BASEBAND RESET.16(RESOURCE BUSY),怎么不让它BUSY啊?我把CommCenter stop, remove都没有用,不知道哪个进程还会访问baseband。哪位能告诉我
@利,sometimes “launchctl unload” can’t stop the service. try “launchctl remove com.apple.CommCenter”.
George: 我已经用了launchctl unload, launchctl unload -w launchctl remove,报告我no such process,始终报告Resource Busy。我几乎把任务都停掉了也不好用。对了,我的机器出现过invalid calibration data in device tree这样的错误。用了iLiberty+的fix baseband功能也不行,还能修复吗?
George, I have tried a few of ways to get the ” Grey No wifi “, but still cant get it back.
Any idea how to process to REOPEN the No wifi ?
My baseband now is 03.14.08_G
Bluetooth : 00:00:00:00:00:00
IMEI : 004999010640000
ICCID : (blank)
eep version : EEP_VERSION:207
eep revision: EPP_REVISION:7
bootloader: 3.9_M2S2
Any help is much appriciated !!! thanks.