Baseband Device

This is the device in the iPhone and iPad that manages all the functions which require an antenna. The baseband processor has its own RAM and firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores their MAC addresses in its NVRAM.

The iPhone's baseband processor is the S-Gold 2. The iPhone 3G, the iPhone 3GS and the iPad make use of the X-Gold 608 chip for this purpose. The iPhone 4 (iPhone3,1) and iPad 2 (iPad2,2) use the XMM 6180, while the iPhone 4 (iPhone3,3) uses the MDM6600 and the iPhone 4S uses the MDM6610. iPad (3rd generation) uses MDM9600. iPad (4th generation), iPad Air, iPad mini, iPad mini 2, iPad mini 3, iPhone 5, iPhone 5c and iPhone 5s use MDM9615 while iPad Air 2, iPad Pro (12.9-inch), iPad (5th generation), iPad mini 4, iPhone 6, iPhone 6 Plus and iPhone SE use MDM9625. Apple Watch Series 3, iPhone 6s, iPhone 6s Plus and iPad Pro (9.7-inch) use MDM9635. The iPhone 8, iPhone 8 Plus and iPhone X use MDM9656 and PMB9948.

See also: Baseband Commands and iOS Baseband Tools.

Seczone
This is the area in the baseband where the lock state is stored.

Layout
0x400--NCK token 0xA00--IMEI signature 0xB00--IMEI 0xC00--Locks table

Encryption
Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits

 * SIM hacks

PMB8876 S-Gold 2

 * Fakeblank
 * IPSF
 * Minus 0x400
 * Minus 0x20000 with Back Extend Erase

PMB8878 X-Gold 608

 * JerrySIM
 * AT+stkprof
 * AT+XLOG Vulnerability
 * AT+XEMN Heap Overflow
 * AT+XAPP Vulnerability
 * AT+FNS

XMM 6180 X-Gold 618

 * AT+XAPP Vulnerability

MDM6600

 * None

MDM6610

 * None

MDM9600

 * None

MDM9615

 * None

MDM9625

 * None

MDM9635

 * None

MDM9645

 * none

PMB9943 X-Gold 736

 * none

MDM9655

 * none

PMB9948

 * none

Theoretical Attacks

 * NCK Brute Force
 * Baseband JTAG

Boot Chain
bootrom->bootloader->firmware