Baseband Bootrom

From The Apple Wiki

This is the first code that runs on the baseband. It resides in internal ROM.

S-Gold 2[edit source]

The bootrom here is located at 0x400000. It was initially dumped using exploits in java on other S-Gold 2 phones. It allows unsigned code to be uploaded using Baseband Bootrom Protocol. On non debug variants of the chip, it requires Fakeblank to run that code

X-Gold 608[edit source]

The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit