Skip to: Site menu | Main content

iPhone Devteam Method

These methods will not downgrade your baseband or reunlock your phone. A reunlock is in development and will be made available as soon we can, together with a method to reset your nck attempts, please stand by and watch the forums for further information. And again, DON'T upgrade to 1.1.1 if you are still on 1.0.2. Do all that on your own risk.

You can downgrade the iPhone firmware from 1.1.1 to 1.0.2 using any of the three methods below; however, there are no known methods for reflashing the baseband firmware back to 03.14.08_G like it should be for 1.0.2. However, 1.1.1 iPhones that were previously unlocked at 1.0.2 with methods that fake the bb firmware version will have their firmware version remaining at 03.14.08_G. You cannot simply reflash the baseband to a downgraded version using bbupdate or erase the baseband like iUnlock does either, because there is a version check somewhere, probably the baseband bootloader, that prevents you from downgrading the baseband. Some have even hex edited the FLS file to bump the version and it still does not pass validation.

However, the hacked bbupdater used by the free SIM unlock writes to areas that the stock bbupdater doesn't. So it won't "undo" those particular changes. So far, a patched bbupdater remains the best hope.

To be done

  1. Check if downgrading to 1.0.2 to 1.0 back to 1.0.2 resolves modem firmware issues.
    I can confirm that this does not work.
  2. Confirmation on what BB Firmware version 04.02.04_G is from
    This seems to be paired with a firmware update 1.1.1 (3B13), which is higher than the current firmware set 1.1.1 (3A109a). There are reports of it available from Google, but it may be the result of a simple Apple mockup.
  3. Find alternate methods of downgrading BB firmware to 03.14.08_G
    Currently underway. Any suggestions or solutions add to this wiki.

Method A (Instructions)

Here are the steps:

  1. Make sure you have a copy of the 1.0.2 firmware handy and decrypted
  2. Reboot iPhone holding top (power) and home buttons *BUT* release the top button exactly 10 seconds (I recommend to use stopwatch) into it
  3. The iPhone screen will appear to be off, but start iTunes (latest version worked for me on the Mac)
  4. Option+Click restore and select the 1.0.2 firmware ipsw
  5. The phone will restart and error out at the end, this is expected
  6. Shutdown iTunes
  7. Launch the latest iNDpendence
  8. Jailbreak the phone using a decrypted 1.0.2 (it will flash all sorts of error, but stick with it)
  9. Activate the phone
  10. It will show the SIM error but you should be able to get back in
  11. AT&T Users: Reset your iPhone before you start using your phone again. Failure to do so may result in you being charged for your "free services."

I installed AppTapp afterwards along with the BSD subsystem and SSH, all working over wireless only. Now we need to see if we can get bbupdate to play ball.

Note: I didn't need to have the firmware decrypted in any way for this to work (just unzipped).

Method B (Slightly Easier Instructions)

This slightly easier version uses AppTapp installer instead of requiring you to decrypt the DMG file yourself.

  1. First, download the iPhone1,1_1.0.2_1C28_Restore.ipsw from Apple. On a Mac, do not unzip the file, iTunes will do this for you in step 4.
  2. Then connect phone to dock, and hold down home button and power button for about 10 seconds or until the screen goes black.
  3. Now release the power button but continue holding the home button. After about 10 seconds the computer will detect the iPhone in restore mode, and iTunes should tell that the phone needs to be restored.
  4. Hold down SHIFT key (Windows) or Option/ALT-key (Mac) when clicking the Restore button, and select the file you downloaded in step 1.
  5. Let the restore complete and ignore the error at the end. (Should be error 1013).
  6. Now your phone should show the "Connect to iTunes" screen with the yellow triangle.
  7. Run AppTap to jailbreak your phone - it will restore it to a working 1.0.2 firmware it even though you will get an error at the end. Just dismiss the error and quit the installer.
  8. Run AppTap again to actually install the installer.app. It should successfully complete. Keep rerunning AppTap if it doesn't work the first time - it may take a few tries.
  9. At this point you will have a jailbroken iPhone that still needs to be activated (as usual). Google is your friend.
  10. AT&T Users: Reset your iPhone before you start using your phone again. Failure to do so may result in you being charged for your "free services."

Some user experienced the above error message and iTunes won't update the iphone firmware. Anyone know how to solve this issue? This problem is 2 fold... people goto the restore screen instead of letting the blank screen load on the iPhone. Also, I encountered this error on Vista on 3 separate machines. Using an XP box fixed this problem for me.

I had this error, too. I reinstalled iTunes (now at 7.4.3), restored to 1.1.1, and then restored to 1.0.2 as above.

Method C (Easiest Instructions)

Guaranteed to work with iTunes 7.3.2. Apple didn't think of everything.

Confirmed working with a locked iPhone that had been upgraded to 1.1.1. Downgrade using these instructions was successful. Phone is activated and all apps and 3rd-party software is working.

  1. Install iTunes 7.3.2, which you can download from the links below.
  2. Download the 1.0.2 iPhone restore file if you don't have it already.
  3. Shift + Click Restore (Windows) or Option + Click Restore (Mac), then point to the file below (use .dmg file in download file).
  4. Use AppTap Installer you will be back to normal with EDGE and Wi-Fi support. 
iTunes 7.3.2 download file (All rights and content belong to Apple)
Mac
Windows

iPhone 1.0.2 restore file (All rights and content belong to Apple)
Here

Note: this method as previous ones, does not downgrade the baseband.

Baseband issues

Currently, bbupdater will only flash bb upgrades, not downgrades. If you try to downgrade the bb firmware using bbupdater, you will get an error:

Error: Failed to download .FLS: Could not verify downloaded image.

Work on reversing a bb upgrade is ongoing.

This is a list of known bb firmware versions:

  1. 03.12.06_G (1.0)
  2. 03.14.08_G (1.0.1/1.0.2)
  3. 04.01.13_G (1.1.1)
  4. 04.02.04_G (new UK phones? can someone confirm?)

Info on the modem firmware on 2 phones:

From a 1.1.1 free SIM unlocked phone downgraded to 1.0.2: 

# bbupdater -v                                                            
# Resetting target...
# pinging the baseband...
# issuing +xgendata...
#     firmware: DEV_ICE_MODEM_04.01.13_G
#  eep version: EEP_VERSION:207
# eep revision: EEP_REVISION:7
#   bootloader: BOOTLOADER_VERSION:3.9_M3S2

From a stock 1.0.2 phone never unlocked or upgraded to 1.1.1: 

# bbupdater -v                                                            
# Resetting target...
# pinging the baseband...
# issuing +xgendata...
#     firmware: DEV_ICE_MODEM_03.14.08_G
#  eep version: EEP_VERSION:207 
# eep revision: EEP_REVISION:7
#   bootloader: BOOTLOADER_VERSION:3.9_M3S2

This is not completly true....i downgraded the phone from firmware 1.0.2 to 1.0, and i didn't get any error. then i updated again to 1.0.2 and all worked fine. nick

Nick: Can you confirm that your modem firmware downgraded from 03.14.08G to 03.12.06G in Settings -> General -> About when you went from 1.0.2 to 1.0?

Regardless of Nick's answer, feedback from Operator/Tom say that all downgrades from v1.1.1 don't downgrade the baseband (stays at 04.01.13_G). This is through bbudater and alt-click iTunes restore/select v1.0.0. -Neorich

MP> Rather than downgrading the baseband, wouldn't it be possible to upgrade from 1.1.1 to 1.1.2 where 1.1.2 would be a modified image of 1.0.2?

Just found an interesting command in the bbupdater -F instead of -f and it returns this:

  1. ./bbupdater -F test

Resetting target... pinging the baseband... issuing +xgendata... no appropriate firmware found Done

Downgrading the baseband

So far all attempts to downgrade the baseband have been unsuccessful. There have been several reports of successful baseband downgrades online, but these haven't been confirmed.

NOTE: CooKooMan's method does not work and neither does instructions on virginizing the baseband. Several attempts have been made to follow these instructions on IRC, but so far no one has had any luck

Tried anySIM unlock. Get error the firmware version is already patched.

Working functions

If you have a valid AT&T SIM and have used an unlock other than the free SIM unlock, activated with iTunes, then everything is reported to work fine.

  1. Functions that do work: Calling, EDGE, SMS, Bluetooth, Wi-Fi, and everything else.
  2. Functions that don't work: nada

If you have a valid AT&T SIM and have used the free SIM unlock, activated with iTunes, there are no working phone functions.

  1. Functions that do work: Wi-Fi, jailbreak, installing third party apps through Installer.app, iPod, Mail, Safari and all other functions not dependent on the phone modem firmware.
  2. Functions that don't work: Calling, Voicemail, SMS, EDGE, etc.

If you DO NOT have a valid AT&T SIM, there are no working phone functions. You can use internet functions ONLY through Wi-Fi!

  1. Functions that do work: Wi-Fi, jailbreak, installing third party apps through Installer.app, iPod, Mail, Safari and all other functions not dependent on the phone modem firmware.
  2. Functions that don't work: Calling, Voicemail, SMS, EDGE, etc.

If you used an *SIM (Super, Turbo, Hyper ...) to unlock without patching the baseband firmware, then everything is reported to work fine.

  1. Functions that do work: Calling, EDGE, SMS, Bluetooth, Wi-Fi, and everything else.
  2. Functions that don't work: nada

NOR dump of 04.01.13_G

Several NOR dumps are now floating around the Internet; steps for dumping your own NOR are on the talk page.

The NOR dump is a portion of copyrighted software, and is illegal to distribute without permission. Therefore, copies of the 04.01.13_G will not be hosted nor linked to from the iPhone Dev Wiki.

1.1.1 stock iPhone unlocking

It has been confirmed several times that this method DOES NOT work, either on phones that were upgraded to 1.1.1 from 1.0.2 or that came stock with 1.1.1. Conclusion: We require a secpack from the 1.1.1 firmware first, as the old 1.0.2 secpack fails to allow write access to the 1.1.1. baseband.

A hackint0sh member, pspsully, is reporting that he have unlocked a iPhone that he bought with 1.1.1: [ here]

"I Just did it guys, 1.1.1 firmware straight out of the box! First i used kMACs guide to downgrade, however i think i made it a bit simpler, i used iTunes version 7.3.0.5 that DVD John hacked!"

  1. Dock iPhone and open iTunes, you will get a message saying you need iTunes 7.4 to activate. Just click OK.
  2. Hold the Power and Menu buttons for 10 seconds until the iPhone turns off and then let go of the power button leaving only the menu button pressed.
  3. iTunes will now recognize the iPhone is in restore mode although the iPhone screen will be blank.
  4. Hold Shift(PC) and click the restore button and choose the 1.02 firmware. After it restores, you will get an error, just click OK.
  5. If you have used DVD Johns tool, when the iPhone restarts after the restore, iTunes version 7.3.0.5 will recognize it and activate it straight away.
  6. Install SSH on iPhone using installer.app or ibrickr or whatever you want. In ibrickr, i created a new folder called unlock, in this folder i uploaded bbupdater, ICE03.14.08_G.eep and ICE03.14.08_G.fls.
  7. I then used Putty to connect to the iPhone and ran the following commands: 
# chmod +x bbupdater
# launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist 
# ./bbupdater -f *.fls -e *.eep 
# launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist
  1. After doing this i got an error saying failed to download FLS image, could not verify or something like that. EDIT: Error message was probably "Failed to download .FLS: Could not verify downloaded image."
  2. I restarted the iPhone and did the same thing again, the exact same commands as above and this time got no error.
  3. Just use the Unlocking method of your choice, i used iBrickr and anySIM1.02. Thats it!!


[ Back to top ]