Downgrade iPhone Firmware 1.1.1 to 1.0.2


this tutorial recently viewed alot,hey folks you don’t need to downgrade to 1.0.2 anymore while 1.1.1 completely unlocked it means this tutorial out-dated

These methods will not downgrade your baseband or reunlock your phone. A reunlock is in development and will be made available as soon we can, together with a method to reset your nck attempts, please stand by and watch the forums for further information. And again, DON’T upgrade to 1.1.1 if you are still on 1.0.2. Do all that at your own risk.

You can downgrade the iPhone firmware from 1.1.1 to 1.0.2 using any of the three methods below; however, there are no known methods for reflashing the baseband firmware back to 03.14.08_G like it should be for 1.0.2. However, 1.1.1 iPhones that were previously unlocked at 1.0.2 with methods that fake the bb firmware version will have their firmware version remaining at 03.14.08_G. You cannot simply reflash the baseband to a downgraded version using bbupdate or erase the baseband like iUnlock does either, because there is a version check somewhere, probably the baseband bootloader, that prevents you from downgrading the baseband. Some have even hex edited the FLS file to bump the version and it still does not pass validation.

However, the hacked bbupdater used by the free SIM unlock writes to areas that the stock bbupdater doesn’t. So it won’t “undo” those particular changes. So far, a patched bbupdater remains the best hope.

Force (deleting/replace) the 1.1.1 baseband – by jszeto222/maomaofong2005

By corrupting the BB Firmware during the 1.1.1 restore!

WARNING: This has not been confirmed to work (or shown to be useful). This may/may not damage the iPhone!!! This merely shows that it’s possible to render your baseband non-functional, but not the most important question about whether bbupdater will allow you to then overwrite the non-functional baseband with a lower version.
Method, unplug usb during middle of the Firmware upgrading part! (Could you be a bit more precise on this step)

Result to Corrupt/missing baseband, therefore possible on replacing baseband on to it, at lease 1.1.1, as upgrade from 1.0.2 may not got you a clean 1.1.1 firmware!
Doing this would allow you for a clean firmware for those upgraded from unlocked 1.0.2! If success, it will simply show on display “Repair Needed” iPhone cannot make or receive call!

Also will show no WiFi + no detail made Empty on Baseband version in About page !

Image – No WiFi

Image2 – No Firmware Detail

Confirmed by a Tester: Unplug at the first verify progress … and then update 1.0.2 at next step. Radio is still 4.01 😦 Anyone give another period of unplug pls … I dont dare to unplug at the first Restoring progress.


Any confirmations for this? -timehAndGodThis could be promising, but confirmation would be great!

Any confirmations? Can someone post exactly when you have to remove the cable? Middle of firmware upgrade seems very ambiguous

I bricked my phone with this… it’s totally dead… screes stays black…

I almost bricked mine too… it stay in recovery mode for 20min… but bb firmware still 4.0… i saw someone unlock their iphone incorrectly and come out with no wifi and baseband..if u did before please give instruction..thanks!!!

   ^ You need to restart the Commcenter

My iPhone is now not turning on, but it a good thing! This means that I can get a replacement from Apple w/o them knowing about me putting 3rd party apps on it! There possibly needs to be a specific time to unplug it if the phone won’t turn on as said above.

DO NOT DO THIS

Do not unplug the phone or interrupt the firmware upgrade in any way. I used to at least have WiFi! I did this by accident as my power went out during a restore back to 1.1.1. I now have a totally non functioning iPhone. I used to at least have a disabled one (ie, $500.00 iPod Touch lol) now I have a paperweight!

simon252

To be done

  1. Find alternate methods of downgrading BB firmware to 03.14.08_G

Method A (Instructions)

(from [1])

Here are the steps:

  1. Make sure you have a copy of the 1.0.2 firmware handy and decrypted
  2. Reboot iPhone holding top (power) and home buttons *BUT* release the top button exactly 10 seconds (I recommend to use stopwatch) into it
  3. The iPhone screen will appear to be off, but start iTunes (latest version worked for me on the Mac)
  4. Option+Click restore and select the 1.0.2 firmware ipsw
  5. The phone will restart and error out at the end, this is expected
  6. Shutdown iTunes
  7. Launch the latest iNDpendence
  8. Jailbreak the phone using a decrypted 1.0.2 (it will flash all sorts of error, but stick with it)
  9. Activate the phone
  10. It will show the SIM error but you should be able to get back in
  11. AT&T Users: Reset your iPhone before you start using your phone again. Failure to do so may result in you being charged for your “free services.”
  • Please note: The Sync cable and itunes logo is the new firmware restore screen. The yellow triangle is the old restore screen.

I installed AppTapp afterwards along with the BSD subsystem and SSH, all working over wireless only. Now we need to see if we can get bbupdate to play ball.

Note: I didn’t need to have the firmware decrypted in any way for this to work (just unzipped). —0p


Method B (Slightly Easier Instructions)

This slightly easier version uses AppTapp installer instead of requiring you to decrypt the DMG file yourself.

(from [2])

  1. First, download the iPhone1,1_1.0.2_1C28_Restore.ipsw [3] from Apple. On a Mac, do not unzip the file, iTunes will do this for you in step 4.
  2. Then connect phone to dock, and hold down home button and power button for about 10 seconds or until the screen goes black.
  3. Now release the power button but continue holding the home button. After about 10 seconds the computer will detect the iPhone in restore mode, and iTunes should tell that the phone needs to be restored.
  4. Hold down SHIFT key (Windows) or Option/ALT-key (Mac) when clicking the Restore button, and select the file you downloaded in step 1.
  5. Let the restore complete and ignore the error at the end. (Should be error 1013).
  6. Now your phone should show the “Connect to iTunes” screen with the yellow triangle.
  7. Run AppTap to jailbreak your phone – it will restore it to a working 1.0.2 firmware it even though you will get an error at the end. Just dismiss the error and quit the installer.
  8. Run AppTap again to actually install the installer.app. It should successfully complete. Keep rerunning AppTap if it doesn’t work the first time – it may take a few tries.
  9. At this point you will have a jailbroken iPhone that still needs to be activated (as usual). Google is your friend.
  10. AT&T Users: Reset your iPhone before you start using your phone again. Failure to do so may result in you being charged for your “free services.”
  • Please note: The Sync cable and itunes logo is the new firmware restore screen. The yellow triangle is the old restore screen.
  • Error: The iphone “xxx” could not be restored. An unknown error occured (1).

Some user experienced the above error message and iTunes won’t update the iphone firmware. Anyone know how to solve this issue? This problem is 2 fold… people goto the restore screen instead of letting the blank screen load on the iPhone. Also, I encountered this error on Vista on 3 separate machines. Using an XP box fixed this problem for me.

  • The Error on Vista is down to timing, using a stop watch I held in the power and home buttons for precisely ten seconds, I then released the power button but kept the home button depressed for precisely another 10 seconds then released it, a few seconds later Vista appeared with the “Detected new hardware message” the the iTunes restore worked. If you hold in the home button too long it will fail. Also this was on an OOTB 1.1.1 iPhone.

I had this error, too. I reinstalled iTunes (now at 7.4.3), restored to 1.1.1, and then restored to 1.0.2 as above.

Method C (Easiest Instructions)

Guaranteed to work with iTunes 7.3.2. Apple didn’t think of everything (J).

Confirmed working with a locked iPhone that had been upgraded to 1.1.1. Downgrade using these instructions was successful. Phone is activated and all apps and 3rd-party software working.

NOTE: You must delete the 7.4 version of iTunes before you install 7.3. Go to finder and search for iTunes and then delete all associated software, but make sure you don’t touch the file where your music is stored!!!! Move that to the side so you can add to iTunes 7.3

  1. Install iTunes 7.3.2, which you can download from the links below.
  2. Download the 1.0.2 iPhone restore file if you don’t have it already.
  3. Shift + Click Restore (Windows) or Option + Click Restore (Mac), then point to the file below (use .dmg file in download file).
  4. Use AppTap Installer you will be back to normal with EDGE and Wi-Fi support.
iTunes 7.3.2 download file (All rights and content belong to Apple)
Mac: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iTunes7/Mac/061-3608.20070802.im8t3/iTunes7.3.2.dmg
Windows: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iTunes7/Win/061-3610.20070802.x4r9j/iTunesSetup.exe
iPhone 1.0.2 restore file (All rights and content belong to Apple)
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3823.20070821.vormd/iPhone1,1_1.0.2_1C28_Restore.ipsw

Note: this method as previous ones, does not downgrade the baseband.

NOTE: If you don’t delete 7.4 you will get error messages when you install iTunes 7.3. iTunes will say you need 7.4 to talk to the phone.

You might want to turn off auto update in iTunes 7.3

Baseband issues

Currently, bbupdater will only flash bb upgrades, not downgrades. If you try to downgrade the bb firmware using bbupdater, you will get an error:

Error: Failed to download .FLS: Could not verify downloaded image.

Work on reversing a bb upgrade is ongoing.

This is a list of known bb firmware versions:

  1. 03.12.06_G (1.0)
  2. 03.14.08_G (1.0.1/1.0.2)
  3. 04.01.13_G (1.1.1)
  4. 04.02.04_G (1.1.1 see below)

04.02.04_G: Is this real or a mockup?) This seems to be paired with a firmware update 1.1.1 (3B13), which is higher than the current firmware set 1.1.1 (3A109a).

Info on the modem firmware on 2 phones:

From a 1.1.1 free SIM unlocked phone downgraded to 1.0.2:

# bbupdater -v
# Resetting target...
# pinging the baseband...
# issuing +xgendata...
#     firmware: DEV_ICE_MODEM_04.01.13_G
#  eep version: EEP_VERSION:207
# eep revision: EEP_REVISION:7
#   bootloader: BOOTLOADER_VERSION:3.9_M3S2

From a stock 1.0.2 phone never unlocked or upgraded to 1.1.1:

# bbupdater -v
# Resetting target...
# pinging the baseband...
# issuing +xgendata...
#     firmware: DEV_ICE_MODEM_03.14.08_G
#  eep version: EEP_VERSION:207
# eep revision: EEP_REVISION:7
#   bootloader: BOOTLOADER_VERSION:3.9_M3S2

This is not completly true….i downgraded the phone from firmware 1.0.2 to 1.0, and i didn’t get any error. then i updated again to 1.0.2 and all worked fine. nick

Nick: Can you confirm that your modem firmware downgraded from 03.14.08G to 03.12.06G in Settings -> General -> About when you went from 1.0.2 to 1.0?

Regardless of Nick’s answer, feedback from Operator/Tom say that all downgrades from v1.1.1 don’t downgrade the baseband (stays at 04.01.13_G). This is through bbudater and alt-click iTunes restore/select v1.0.0. -Neorich

MP> Rather than downgrading the baseband, wouldn’t it be possible to upgrade from 1.1.1 to 1.1.2 where 1.1.2 would be a modified image of 1.0.2?

Just found an interesting command in the bbupdater -F instead of -f and it returns this:

  1. ./bbupdater -F test

Resetting target… pinging the baseband… issuing +xgendata… no appropriate firmware found Done

Downgrading the baseband

So far all attempts to downgrade the baseband have been unsuccessful. There have been several reports of successful baseband downgrades online, but these haven’t been confirmed.

NOTE: CooKooMan’s method does not work and neither does instructions on virginizing the baseband. Several attempts have been made to follow these instructions on IRC, but so far no one has had any luck

Tried anySIM unlock. Get error the firmware version is already patched.

Working functions

If you have a valid AT&T SIM and have used an unlock other than the free SIM unlock, activated with iTunes, then everything is reported to work fine.

  1. Functions that do work: Calling, EDGE, SMS, Bluetooth, Wi-Fi, and everything else.
  2. Functions that don’t work: nada

If you have a valid AT&T SIM and have used the free SIM unlock, activated with iTunes, there are no working phone functions.

  1. Functions that do work: Wi-Fi, jailbreak, installing third party apps through Installer.app, iPod, Mail, Safari and all other functions not dependent on the phone modem firmware.
  2. Functions that don’t work: Calling, Voicemail, SMS, EDGE, etc.

If you DO NOT have a valid AT&T SIM, there are no working phone functions. You can use internet functions ONLY through Wi-Fi!

  1. Functions that do work: Wi-Fi, jailbreak, installing third party apps through Installer.app, iPod, Mail, Safari and all other functions not dependent on the phone modem firmware.
  2. Functions that don’t work: Calling, Voicemail, SMS, EDGE, etc.

If you used an *SIM (Super, Turbo, Hyper …) to unlock without patching the baseband firmware, then everything is reported to work fine.

  1. Functions that do work: Calling, EDGE, SMS, Bluetooth, Wi-Fi, and everything else.
  2. Functions that don’t work: nada

NOR dump of 04.01.13_G

Several NOR dumps are now floating around the Internet; steps for dumping your own NOR are on the talk page.

The NOR dump is a portion of copyrighted software, and is illegal to distribute without permission. Therefore, copies of the 04.01.13_G will not be hosted nor linked to from the iPhone Dev Wiki.

If you are looking for this NOR dump, contact phponrails via AIM. Please don’t message with questions about the iPhone or anything technical; this person knows as much or less than you do.

1.1.1 stock iPhone unlocking

It has been confirmed several times that this method DOES NOT work, either on phones that were upgraded to 1.1.1 from 1.0.2 or that came stock with 1.1.1. Conclusion: We require a secpack from the 1.1.1 firmware first, as the old 1.0.2 secpack fails to allow write access to the 1.1.1. baseband.

A hackint0sh member, pspsully, is reporting that he have unlocked a iPhone that he bought with 1.1.1: [[4]]

“I Just did it guys, 1.1.1 firmware straight out of the box! First i used kMACs guide to downgrade, however i think i made it a bit simpler, i used iTunes version 7.3.0.5 that DVD John hacked!”

  1. Dock iPhone and open iTunes, you will get a message saying you need iTunes 7.4 to activate. Just click OK.
  2. Hold the Power and Menu buttons for 10 seconds until the iPhone turns off and then let go of the power button leaving only the menu button pressed.
  3. iTunes will now recognize the iPhone is in restore mode although the iPhone screen will be blank.
  4. Hold Shift(PC) and click the restore button and choose the 1.02 firmware. After it restores, you will get an error, just click OK.
  5. If you have used DVD Johns tool, when the iPhone restarts after the restore, iTunes version 7.3.0.5 will recognize it and activate it straight away.
  6. Install SSH on iPhone using installer.app or ibrickr or whatever you want. In ibrickr, i created a new folder called unlock, in this folder i uploaded bbupdater, ICE03.14.08_G.eep and ICE03.14.08_G.fls.
  7. I then used Putty to connect to the iPhone and ran the following commands:
# chmod +x bbupdater
# launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
# ./bbupdater -f *.fls -e *.eep
# launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist
  1. After doing this i got an error saying failed to download FLS image, could not verify or something like that. EDIT: Error message was probably “Failed to download .FLS: Could not verify downloaded image.”
  2. I restarted the iPhone and did the same thing again, the exact same commands as above and this time got no error.
  3. Just use the Unlocking method of your choice, i used iBrickr and anySIM1.02. Thats it!!

Hi, can anyone confirm this method??? i try couple time with the 1.1.1 out of box and it keep come back with a error message when i refresh my baseband..thanks!!! -> yeah, it has been confirmed to be non working 🙂 See the bold paragraph —Zf 13:02, 1 October 2007 (EDT)

Actually I just finished doing this for both my, and my dad’s new iPhones. It actually seems to work. I was looking at the boot-loader on an old one, and saw that Apple is using a completely different version of it within different 1.1.1 iPhones. Hmm…..

I can confirm that the first time i did this it worked, i ran the commands in putty until i got the error, i DID NOT run the last command:

  1. launchctl load /System/Library/LaunchDaemons/com.apple.CommCenter.plist

i just restarted the iPhone and tried again, this time i got no error, ran anySIM 1.02 and the iPhone is completly unlocked. However, i got 6 iPhones that night, all FW Ver 1.1.1, and this method worked on ONLY ONE of them. I have been tryng for 5 days straight now to figure out what i did the first time but i cannot get it working again.

If anyone has a bricked iPhone that they are willing to donate or give, that would be very much appreciated, and maybe we can come up with a good fix on our own. Anyone interested please email ayeleswarapu@gmail.com. Thanks.

I bought 4 new 1.1.1 phones yesterday, and I already owned 8 old ones. I updated 3 of them to 1.1.1 to test. One was unlocked, and it bricked. I fixed it by reverting to 1.0.2. The next (old) one was also unlocked and it bricked, and I have not yet done surgery on it. The third old one was unlocked using a turbo sim and 1.1.1 made no change to it. Finally, the fourth old one was as is from time of purchase, and obviously 1.1.1 was a smooth transition. The rest are still boxed. As for the new ones. I overdid one of the new ones with 1.0.2 for the heck of it, and it did not work. It is now officially bricked, worse than I have ever seen an iPhone. That one is my current project. The second new one is unlocked using turbo sim. Finally, the last two new ones haven’t been opened yet, as I have not come up with experiments for them yet. Oh yeah, I also took apart an old one (1.0.2) and did the hard-wiring unlock for a friend, and 1.1.1 didn’t brick his phone. Post here if anyone needs help.

I have one that I unlocked with SimFree, but then got it Restore to 1.0.2, then did the update to 1.1.1 and now it just showing “Incorrect SIM insert an unlocked and valid SIM to activate iPhone” with a replacement SIM card from AT&T, can you help?.

mine says the same thing incorrect SIM insert an unlocked and valid SIM to activate iphone

Advertisements