- iOSUSBEnum (Utility to enumerate USB (HSIC) devices on iOS)
- BBTool (Tool for communicating with AppleBaseband Kext on iOS)
- DBLTool (Tool for communicating with Sahara protocol (DBL) on iPhone4 CDMA, iPhone4s, and iPhone5 (Apple SAH Protocol)
- DLOADTool (Tool for communicating with QHSDLOAD protocol on iPhone4 CDMA, iPhone4s, and iPhone5 (Qualcomm DLOAD protocol)
- Before we start you need to install iOSOpenDev and iOS SDK with Xcode.
- Open the terminal and switching each directory just build the tool typing xcodebuild.
How to Boot Up iPhone baseband Files Using Hacking Tools
Step 1. Download CommCenter to use BBTool, DLOADTool, DBLTool and iOSUSBEnum. To perform this you need to SSH your device and add this command:launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plistStep 2. Make Qualcomm baseband to be not shown in the device list – type:
iosusbenumStep 3. Now you need to access iPhone filesystem, because bb hasn’t internal flash to keep a firmware. Unzip these firmware files and access file system using the command below:
cd /usr/local/standalone/firmware/Baseband/Trek unzip Trek-personalized.zipIf your device is still running iOS 5.x, just type the following:
cd /usr/standalone/firmware/Trek unzip Trek-personalized.zipThere are will be various files but bbticket.der, dbl.mbn, osbl.mbn, and amss.mbn files you need.
Step 3.1. Now use BBTool to put iPhone in DLOAD mode (DFU mode). Enter the command below:
bbtool enter-dloadTo make sure that your device entered DLOAD mode you will see the following using iosusbenum command:
Device Name: QHSUSB_DLOAD Vendor ID: 0x5c6 Product ID: 0×9008 Version: 0×0 Location: 0×1200000 Configuration: 0 Length: 0×9 Descriptor Type: 0×2 Total Length: 0×20 Num Interfaces: 0×1 Configuration Value: 0×1 …………………………………….. Endpoint Length: 0×7 Descriptor Type: 0×5 Endpoint Address: 0×1 Attributes: 0×2 Transfer Type: Bulk Max Packet Size: 0×200 Interval: 0×0Step 4. Now you need DLOADTool to boot iPhone into DBL (SAH) mode. to make it work just enter the following:
dloadtool -f /usr/local/standalone/firmware/Baseband/Trek/dbl.mbnAfter receiving and sending a bunch of messages you can use iosusbenum to verify if your device is in the DBLmode and get something like this:
Device Name: Qualcomm CDMA Technologies MSM Vendor ID: 0x5c6 Product ID: 0x900e Version: 0×0 Location: 0×1200000 Configuration: 0 Length: 0×9 Descriptor Type: 0×2 Total Length: 0×20 Num Interfaces: 0×1 Configuration Value: 0×1 …………………………………….. Endpoint Length: 0×7 Descriptor Type: 0×5 Endpoint Address: 0×1 Attributes: 0×2 Transfer Type: Bulk Max Packet Size: 0×200 Interval: 0×20Step 5. You can also use DBLOADTool to enter the normal operating mode after DBL mode. As you may guess you will need to step to bbticket, osbl, and amss into DBLTool entering the following command to hack iPhone baseband:
dbltool -b /usr/local/standalone/firmware/Baseband/Trek/bbticket.der -o /usr/local/standalone/firmware/Baseband/Trek/osbl.mbn -a /usr/local/standalone/firmware/Baseband/Trek/amss.mbnStep 6. Wait up to 30 seconds because AMSS loading may take some time. To see if the iPhone baseband was booted up, you can use iosusbenum command without CommCenter been loaded. The command output should be like these below:
Device Name: Qualcomm CDMA Technologies MSM Vendor ID: 0x5c6 Product ID: 0×9001 Version: 0×0 Location: 0×1200000 Configuration: 0 Length: 0×9 Descriptor Type: 0×2 Total Length: 0×118 Num Interfaces: 0xd Configuration Value: 0×1 ……………………………. ……………………………. ……………………………. ……………………………. Endpoint Length: 0×7 Descriptor Type: 0×5 Endpoint Address: 0×8 Attributes: 0×2 Transfer Type: Bulk Max Packet Size: 0×200 Interval: 0×20Step 7. To reset the iPhone baseband to its original settings use command:
bbtool resetSeeing this bunch of information you can be sure that you have just hacked iPhone baseband and fully boot it up even without CommCenter. The last thing left is to send commands to iPhone baseband using DIAGTool and QMITool and explore the modem firmware and filesystem in general. Use comment section below to share your experience with booting up iPhone bb.
Source: iPhone Wiki. Via: P0sixninja GitHub
Tks very much for your post.
ReplyDeleteYou also find all Wallpaper iphone at link at the end of this post.
For more info please click on the following link: Free Wallpaper iPhone
Best rgs