Dev-Team Blog
To find yourself, think for yourself © Socrates 469 BC
Baseband Freedom 

Happy 4th of July!  Today’s release of redsn0w 0.9.14b2 improves the iPad baseband downgrade and should cover anyone who couldn’t downgrade with 0.9.14b1.  This version covers 3 different types of NOR chips in the iPhone 3G and 3GS (the earlier version covered only the most prevalent NOR chip).  We’ve also simplified the process and added logging to help diagnose any remaining stubborn iPhones.

The revised steps are:

  1. Connect your iPhone in normal mode, then click “Jailbreak” after redsn0w identifies its model and BB version (you needn’t pre-select the IPSW anymore).
  2. Choose the “Downgrade from iPad baseband” option (you needn’t worry about de-selecting Cydia anymore).
  3. Do a controlled “slide to power off” shutdown of your phone and proceed through the normal DFU ramdisk steps.

Should the downgrade fail to take, feel free to leave the redsn0w log in the comments below.  Use the “Extras->Even more->Backup” button to grab a copy of /var/mobile/Media/redsn0w_logs, then extract the log text file(s) from the zip and paste them into the comments (currently that log file is generated only during baseband downgrade runs).

NOTE: The original warning about 3GS units manufactured in early 2011 or later still holds!  They have a NOR chip that’s incompatible with 06.15.00 and so trying to install it will brick the device.  Please read and re-read the warning in our earlier post. 

Thanks to bobmutch, @healeydave and @dilbert4life for lending us their iPhones to improve the baseband downgrade!


DFU IPSW

We’ve gotten a lot of feedback from users who can’t launch a DFU ramdisk because their iPhone home/power buttons are broken or intermittent.  We’ve added a new redsn0w feature that lets you enter DFU mode as long as your phone is healthy enough to restore to a normal, everyday IPSW.  You don’t need to be already jailbroken to use this method.

In redsn0w, go to “Extras->Even More>DFU IPSW” and select an IPSW that is currently being signed for your device and that you’d normally be able to restore to without any hacks.  redsn0w will create an “ENTER_DFU_” version of the IPSW that you can restore to just like any other IPSW, except that now you’ll be dumped into DFU mode towards the end of the restore (WARNING, your screen will remain completely black…the only way to even know its on is that iTunes and redsn0w will detect it!).  The technique used by this feature is 3 years old but surprisingly still works today!

Update #1 7/25/12: redsn0w is compatible with today’s retail release of Mountain Lion OS X 10.8.  Until we start using an official developer ID for it (!), you’ll need to use the new Ctrl-Click-Open security bypass the first time you run it after downloading.

Here are the download links.  Enjoy!

0615 fun 

The iPhone Dev Team is happy to announce a baseband downgrade option in redsn0w for those who are using the iPad’s 06.15 baseband on the iPhone3G or iPhone3GS.

Typically you’d have the 06.15 baseband if you unlock with ultrasn0w but updated your iPhone baseband past 05.13.04.  With this new capability, you can now downgrade specifically from 06.15 to 05.13.04 (even if you never had 05.13.04 on that device before).  This gives you the best of both worlds: ultrasn0w compatibility and a normal iPhone baseband with full GPS and the ability to use stock IPSWs again.

Here are the steps:

  1. Use the “Extras->Select IPSW” button in redsn0w to tell it which firmware version you have installed (new-bootrom 3GS users can usually skip this step but it doesn’t hurt for them to do it too).
  2. Do a controlled shutdown of your iPhone (“slide to power off”).  This step is very important to avoid mount problems when the ramdisk is running!
  3. Go back to the first screen and click “Jailbreak”.  Enable the “Downgrade from iPad baseband” checkbox, disable Cydia if you already have it installed, and click Next to proceed through the normal DFU ramdisk steps.

After the ramdisk gets launched and you see the Pwnapple running on your iPhone, you’ll eventually get to the “Flashing Baseband” step.  THIS STEP TAKES A VERY LONG TIME to complete and there won’t be any feedback while its running.  Please just let it be for the next 3-8 minutes!  When the ramdisk has done its job it will reboot the phone on its own.

For those who are wondering if you can update your 3G or 3GS to 06.15 solely for the purposes of downgrading to 05.13.04, the answer is “yes” for 3G owners, and “maybe” for 3GS owners.  The iPad baseband is not compatible with 3GS units manufactured week 34 of 2011 or later.  If you have an iPhone3GS and if digits 3-5 of its Serial Number are 134 or later (xx134…), then you should NOT try to install the 06.15 baseband on your 3GS!  It will brick your radio, preventing both the downgrade from working and normal iPhone software from using it as a phone!  Be warned!

Thanks very much to @dilbert4life for graciously loaning us his 3GS at 06.15 (we had no such devices because we always prevent BB updates!)

If you have any questions or comments, please use our comments section below!

Here are the download links.  Enjoy!

Update #1: If you’re still using ultrasn0w after going down to 05.13.04, many people have reported that re-installing Mobile Substrate and/or ultrasn0w fixes crashes and “No Signal”.

Update #2: There’s a subset of 3GS iPhones that won’t take the downgrade.  We now understand why (they use a slightly different NOR chip), and should be receiving a loaner of such a phone on Thursday the 28th.  After we have one in hand we’ll tweak the redsn0w payload to handle that variation too! The improved downgrader is now available here.
Pre-DC 

With only a week to go before WWDC 2012 and the surprises Apple will announce there, today seems like a good time to release updates to our suite of free software to include the rocky-racoon jailbreak and untether developed by @pod2g and @planetbeing!  Today’s updates are:

  • PwnageTool 5.1.1
  • redsn0w 0.9.12b1
  • cinject 0.5.4 (version 0.5.3 also had rocky-racoon but this includes some updates)
  • ultrasn0w 1.2.7 (5.1.1 compatibility only - no new baseband support)

If you’ve already installed rocky-racoon, don’t bother reinstalling it unless you’ve had problems and would like to try a different tool.  The underlying untethered jailbreak (rocky-racoon) is identical to what is already installed by last week’s tools like Absinthe, cinject-0.5.3, and the rocky-racoon Cydia package — only the injection method offered by the above tools differs.

redsn0w allows owners of A4+earlier devices to install rocky-racoon two different ways:

  • backup/restore method similar to Absinthe and cinject
  • its traditional limera1n-based ramdisk install.  If you have a lot of media on your A4 device (music, movies, TV shows, etc), then the ramdisk method is preferrred because it avoids any possibility of later problems related to syncing to iCloud (including Photo Stream and Music Match).  The ramdisk method is not available for A5 devices or later because limera1n can’t be used.  If you’d like to use redsn0w’s ramdisk method, just be sure to put the A4 device in DFU or Recovery mode before starting redsn0w (otherwise it will immediately start to use the backup/restore method).

We’ve also added a new redsn0w feature specifically for those who got in on the SAM unlock: you can now include your SAM tickets as part of your initial ramdisk jailbreak of iPhone4 or earlier, or alternatively you can upload your SAM tickets to any device after its been jailbroken.  redsn0w accepts either the individual SAM activation ticket plist file, or the entire zip file created by redsn0w’s “Backup” button.  As usual, redsn0w continues to cover all of its previous jailbreaks and untethers (so redsn0w-0.9.12b1 covers everything from 5.1.1 all the way back to 4.1). 

PwnageTool also avoids any possible sync issues, but again it applies only to A4+earlier devices.  If you unlock your iPhone with ultrasn0w or a commercial method, you must use PwnageTool to avoid updating your baseband otherwise you’ll lose the unlock.  PwnageTool will also jailbreak+untether the AppleTV2,1 5.0_2B206f (unless you customize the IPSW further, you’ll have just basic SSH access to the device).

If you’d like to contribute to those that actually developed rocky-racoon, please visit here (any other links you may see are not going to the actual rocky-racoon developers, they’re being diverted to other “related” or fraudulent accounts).

This particular jailbreak brought an unusual amount of fanfare and hoopla to the table, including “press releases” and other haughty silliness.  We’d just like to take this opportunity to remind everyone that jailbreaking is about freedom, not fame and donations!

Here are the download links.  Please use our comment section below to give feedback.  Enjoy!

Update #1: Starting with version 0.9.12b2, redsn0w will now explicitly ask users with limera1n-able devices whether they want to inject rocky-racoon using the DFU ramdisk method or the backup/restore method (the ramdisk method is better for those with lots of media on their device that would create very large backups, and it’s required for those with unactivated iPhones).  If you’ll always want to use limera1n, you can select that in the Preferences pane.  It also fixes an iBooks issue on old-bootrom 3GS iPhones, and provides more useful error messages when things go wrong.