Baseband Device

the Baseband Device is the chipset that all iPhones and cellular models of the Apple Watch, iPad, iPad Air, iPad mini, and iPad Pro use that manages all the functions which require a cellular antenna. It has its own RAM and Firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores it's MAC addresses in its NVRAM.

See also: Baseband Commands and iOS Baseband Tools.

PMB8876 S-Gold 2

 * iPhone

PMB8878 X-Gold 608

 * iPad
 * iPhone 3G
 * iPhone 3GS

XMM 6180 X-Gold 618

 * iPad 2 (iPad2,2)
 * iPhone 4 (iPhone3,1) and (iPhone3,2)

MDM6600

 * iPad 2 (iPad2,3)
 * iPhone 4 (iPhone3,3)

MDM6610

 * iPhone 4S

MDM9600

 * iPad (3rd generation)

MDM9615

 * iPad (4th generation)
 * iPad Air
 * iPad mini
 * iPad mini 2
 * iPad mini 3
 * iPhone 5
 * iPhone 5c
 * iPhone 5s

MDM9625

 * iPad (5th generation)
 * iPad Air 2
 * iPad Pro (12.9-inch)
 * iPad mini 4
 * iPhone 6
 * iPhone 6 Plus
 * iPhone SE (1st generation)

MDM9635

 * Apple Watch Series 3
 * iPad (6th generation)
 * iPad Pro (9.7-inch)
 * iPhone 6s
 * iPhone 6s Plus

MDM9645

 * iPad Pro (10.5-inch)
 * iPad Pro (12.9-inch) (2nd generation)
 * iPhone 7
 * iPhone 7 Plus

PMB9943 X-Gold 736

 * iPhone 7
 * iPhone 7 Plus

MDM9655

 * iPhone 8
 * iPhone 8 Plus
 * iPhone X

PMB9948 X-Gold 748

 * iPhone 8
 * iPhone 8 Plus
 * iPhone X

PMB9955 X-Gold 756

 * Apple Watch Series 4
 * Apple Watch Series 5
 * Apple Watch SE
 * Apple Watch Series 6
 * Apple Watch Series 7
 * iPad (7th generation)
 * iPad (8th generation)
 * iPad Air (3rd generation)
 * iPad Pro (11-inch)
 * iPad Pro (12.9-inch) (3rd generation)
 * iPad mini (5th generation)
 * iPhone XR
 * iPhone XS
 * iPhone XS Max

PMB9960 X-Gold 766

 * iPad Air (4th generation)
 * iPad Pro (11-inch) (2nd generation)
 * iPad Pro (12.9-inch) (4th generation)
 * iPhone 11
 * iPhone 11 Pro
 * iPhone 11 Pro Max
 * iPhone SE (2nd generation)

SDX55M

 * iPad Pro (11-inch) (3rd generation)
 * iPad Pro (12.9-inch) (5th generation)
 * iPhone 12 mini
 * iPhone 12
 * iPhone 12 Pro
 * iPhone 12 Pro Max

SDX60M

 * iPad mini (6th generation)
 * iPhone 13 mini
 * iPhone 13
 * iPhone 13 Pro
 * iPhone 13 Pro Max

Seczone
This is the area in the baseband where the lock state is stored.

Layout
0x400--NCK token 0xA00--IMEI signature 0xB00--IMEI 0xC00--Locks table

Encryption
Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits

 * SIM hacks

PMB8876 S-Gold 2

 * Fakeblank
 * IPSF
 * Minus 0x400
 * Minus 0x20000 with Back Extend Erase

PMB8878 X-Gold 608

 * JerrySIM
 * AT+stkprof
 * AT+XLOG Vulnerability
 * AT+XEMN Heap Overflow
 * AT+XAPP Vulnerability
 * AT+FNS

XMM 6180 X-Gold 618

 * AT+XAPP Vulnerability

MDM6600

 * None

MDM6610

 * None

MDM9600

 * None

MDM9615

 * None

MDM9625

 * None

MDM9635

 * None

MDM9645

 * None

PMB9943 X-Gold 736

 * None

MDM9655

 * None

PMB9948 X-Gold 748

 * None

PMB9955 X-Gold 756

 * None

PMB9960 X-Gold 766

 * None

SDX55M

 * None

Theoretical Attacks

 * NCK Brute Force
 * Baseband JTAG

Boot Chain
bootrom->bootloader->firmware