BB can't downgrading, why?

[cncrim]

My question is howcome we can upgrade the baseband, but not easy downgrade it, like 3Gs with 5.9bootloader and later? somebody explained that.

I'm sure there are reason why Dev Team go on this round upgrade baseband to 6.15. But 6.15 will disable GPS function....... it's a big lost. I don't care about the warranty too much, but future of the phone when she not work right it does bother me. Anyway, somebody explain why we can upgrade but not downgrade.

[iYeow]

Look at it as like a ticking clock. Time goes forward and not backwards.

[Simon]

Because that is the way Apple has made the baseband work. For 5.8 bootloader there was a exploit that allowed it, but apple patched it in 5.9 bootloader and up. They made it this way to stop people from unlocking.

[cncrim]

Look at it as like a ticking clock. Time goes forward and not backwards.

Time Vs BB are two diffirent matter. Time made by native BB made by man, anything made by man it can break by a man period and alway will be.

If the modem can flash to higher BB it got to have a way to flash it back down.

[iYeow]

Time Vs BB are two diffirent matter. Time made by native BB made by man, anything made by man it can break by a man period and alway will be.

If the modem can flash to higher BB it got to have a way to flash it back down.

Only get back to us if you found a way to downgrade baseband, atleast not through software . However, you can do it through the hardware, with special equipment and tools.

[Orby]

Time Vs BB are two diffirent matter. Time made by native BB made by man, anything made by man it can break by a man period and alway will be.

If the modem can flash to higher BB it got to have a way to flash it back down.

Sure you can. Change the version number in the seczone of the .fls and .eep files and resign them correctly. Or do a change coupled with a second-preimage attack on either the bootloader or baseband. Or find a way to flash the bootrom. Or find the correct testpoints and enable JTAG on the baseband processor. Or break the private key used to sign wildcard activations.

Good luck.

Less jerk-ish answer: the bootrom in the baseband (X-Gold 608 or 618) has no known exploits for running unsigned code. The bootloaders subsequent to 5.8 have no known exploits for patching the bootloader itself as it runs, to have the bootloader run unsigned shellcode, or allowing unsigned code to run in the baseband firmware from NOR.

All the exploits thus far for the 3G (5.9) and later have been "userland" exploits--overflows of various sorts stemming from tasks in Nucleus or ThreadX that in some way allow on-the-fly patching in RAM.