LLB

The LLB is the Low Level Bootloader, also referred to as “iBoot first-stage loader” in the source code. It runs several setup routines and on firmware versions 2.0 and higher it checks the signature of iBoot before jumping to it.

Those same setup routines are present in iBEC and iBSS, which is why they can be launched directly from DFU Mode.

On A10 and above SoCs, the LLB image is identical to the iBoot image, but still has the  tag so that the BootROM knows to jump to it.

Disassembly
LLB can be disassembled in a similar manner to the one described for iBoot. The base address for LLB 5.1 is 0x84000000 and the disassembly should yield the following:

ROM:84000000 loc_84000000                           ; CODE XREF: ROM:84000078�j ROM:84000000                                        ; DATA XREF: ROM:_reset�o ... ROM:84000000                B               _reset ROM:84000004 ; --- ROM:84000004                LDR             PC, =_undef ROM:84000008 ; --- ROM:84000008                LDR             PC, =_swi ROM:8400000C ; --- ROM:8400000C                LDR             PC, =_prefabt ROM:84000010 ; --- ROM:84000010                LDR             PC, =_dataabt ROM:84000014 ; --- ROM:84000014                LDR             PC, =_halt ROM:84000018 ; --- ROM:84000018                LDR             PC, =_irq ROM:8400001C ; --- ROM:8400001C                LDR             PC, =_fiq ROM:8400001C ; --- ROM:84000020                DCD _reset ROM:84000024 off_84000024   DCD _undef              ; DATA XREF: ROM:84000004�r ROM:84000028 off_84000028   DCD _swi                ; DATA XREF: ROM:84000008�r ROM:8400002C off_8400002C   DCD _prefabt            ; DATA XREF: ROM:8400000C�r ROM:84000030 off_84000030   DCD _dataabt            ; DATA XREF: ROM:84000010�r ROM:84000034 off_84000034   DCD _halt               ; DATA XREF: ROM:84000014�r ROM:84000038 off_84000038   DCD _irq                ; DATA XREF: ROM:84000018�r ROM:8400003C off_8400003C   DCD _fiq                ; DATA XREF: ROM:8400001C�r ROM:84000040 ; --- ROM:84000040 ROM:84000040 _reset                                 ; CODE XREF: ROM:loc_84000000�j ROM:84000040                                        ; DATA XREF: ROM:84000020�o ROM:84000040                ADR             R0, loc_84000000 ...

LLB and iBoot likely share a common code base, as is evident by similar symbols and strings for the FTL, Image_Load, and others. LLB is specialized, however, to load iBoot, which it does by looking for the Img3 tagged "ibot", as can be seen here:

ROM:84000880 _do_boot                               ; CODE XREF: _LLB_Start+A6�p ROM:84000880                PUSH            {R7,LR} ROM:84000882                MOVW            R0, #'ot' ROM:84000886                MOV             R7, SP ROM:84000888                 MOVT.W          R0, #'ib' ROM:8400088C                MOVS            R1, #2 ROM:8400088E                BL              _boot_flash_probably ; First argument is "ibot", second argument is "2" ROM:84000892                MOV.W           R0, #0xFFFFFFFF ROM:84000896                POP             {R7,PC}

If iBoot cannot be found, LLB instructs the i-Device to identify itself as Apple Mobile Device (DFU Mode):

ROM:84019297 aAppleMobileDev DCB "Apple Mobile Device (DFU Mode)",0

Patched LLB
Restoring or flashing an LLB patched with Pwnage or 0x24000 Segment Overflow can lead to these changes:
 * ECID checks on boot-up are cancelled
 * A restored firmware is no longer integrity-checked
 * RSA Signature Hash blobs (SHSH) and APTicket are ignored
 * Jailbreak is always untethered for a pwn-able device
 * Custom boot logos and recovery logos can be applied