Baseband Device

the Baseband Device is the chipset that all iPhones and cellular models of the Apple Watch, iPad, iPad Air, iPad mini, and iPad Pro use that manages all the functions which require a cellular antenna. It has its own RAM and Firmware in NOR flash, separate from the ARM core resources. The baseband is a resource to the OS. The Wi-Fi and Bluetooth are managed by the main CPU, although the baseband stores it's MAC addresses in its NVRAM.

See also: Baseband Commands and iOS Baseband Tools.

Device List[edit source]

Seczone[edit source]

This is the area in the baseband where the lock state is stored.

Layout[edit source]

0x400--NCK token
0xA00--IMEI signature
0xB00--IMEI
0xC00--Locks table

Encryption[edit source]

Many of the sections are encrypted using TEA based off the CHIPID and NORID. See NCK Brute Force for more info.

Exploits[edit source]

• SIM hacks

PMB8876 S-Gold 2[edit source]

• Fakeblank
• IPSF
• Minus 0x400
• Minus 0x20000 with Back Extend Erase

PMB8878 X-Gold 608[edit source]

• JerrySIM
• AT+stkprof
• AT+XLOG Vulnerability
• AT+XEMN Heap Overflow
• AT+XAPP Vulnerability
• AT+FNS

XMM 6180 X-Gold 618[edit source]

• AT+XAPP Vulnerability

MDM6600[edit source]

• None

MDM6610[edit source]

• None

MDM9600[edit source]

• None

MDM9615[edit source]

• None

MDM9625[edit source]

• None

MDM9635[edit source]

• None

MDM9645[edit source]

• None

PMB9943 X-Gold 736[edit source]

• None

MDM9655[edit source]

• None

PMB9948 X-Gold 748[edit source]

• None

PMB9955 X-Gold 756[edit source]

• None

PMB9960 X-Gold 766[edit source]

• None

SDX55M[edit source]

• None

SDX57M[edit source]

• None

SDX60M[edit source]

• None

SDX65M[edit source]

• None

Theoretical Attacks[edit source]

• NCK Brute Force
• Baseband JTAG

Boot Chain[edit source]

bootrom->bootloader->firmware