blacksn0w crashes 3.1.2 firmware 05.11.07 baseband 3GS, no shsh on file (Solution)

23/03/2010

Many have reported having a problem where blacksn0w works for a period of time on a 3.1.2 firmware 05.11.07 baseband 3GS, but then crashes and goes into a permanent boot loop. Upon restoration, blacksn0w no longer unlocks the phone, but rather the phone simply says “Searching…”, freezes, and enters into another boot loop. The problem seems to result from a corrupted baseband. Restoring with custom 3.1.2 firmware with blacksn0w included doesn’t fix it, nor does restoring with 3.1 and trying to blacksn0w.

The problem should be fixed by a factory restore to 3.1.2 firmware, which will refresh the baseband to 05.11.07 and allow you to unlock the phone again. However, if you don’t have your 3.1.2 shsh on file, you cannot complete a factory restore and are stuck with custom jailbroken firmwares that don’t include baseband updates¬† (only for non-tethered/old bootrom 3gs’).

Solution: Manually flash to the phone the 05.11.07 baseband update extracted from an official 3.1.2 3GS firmware. You don’t have to have your SHSH on file, but your phone has to be bootable. Use a custom 3.1.2 ipsw from pwnagetool to get up and running if you are still in the boot loop and dont have your shsh (only for old bootrom non-tethered 3gs’). If you are stuck in a recovery loop with a tethered jailbreak/new bootrom and don’t have your 3.1.2 shsh on file, you may be out of luck getting back to 3.1.2.

A specific .dmg ramdisk must be extracted from the firmware and decrypted to reveal the baseband update files, but this is too complicated and has been done for you.

Requirements:

  • MobileTerminal (installed from cydia)
  • OpenSSH or iPhoneBrowser (so you can transfer files to the phone)
  • Baseband update files: http://www.multiupload.com/RBTUJSJEW8 (more mirrors below)

The baseband update files include:

ICE2_05.11.07.fls (MD5: 30443351a76d74fcb3599a631fd910f4)
ICE2_05.11.07.eep (MD5: cdb2b86f15fbf273d74d8e28d61c27ed)
BBUpdaterExtreme (MD5: faeb92dfcccedd2399582698a1a986c0)

Put these 3 files into your /tmp directory on the 3Gs using SFTP, iPhoneBrowser, DiskAid, etc.

As root (enter su first; default password: alpine), run these commands in MobileTerminal (4 separate commands):

cd /tmp
chmod 755 BBUpdaterExtreme
launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
./BBUpdaterExtreme update -f ICE2_05.11.07.fls -e ICE2_05.11.07.eep

Once the updater is finished (takes a few minutes), reboot the phone by entering the command reboot in MobileTerminal or do it manually with the sleep button. When your 3gs loads, you can apply blacksn0w to your fresh 05.11.07 baseband. Good Luck.

Note:
This will only work if you are on the 05.11.07 baseband. If you have a baseband below 05.11.07, I would not recommend updating. If you’ve upgraded to 05.12.01, you will have to wait for another unlock.

WiFi Issues:
After rebooting once or several times, your WiFi may stop working after you install blacksn0w. In this case, uninstall blacksn0w rc1 and try installing blacksn0w rc2 (not an official geohot release, but a patched version by msft.guy @ http://msftguy.blogspot.com).¬† The cydia repo is http://cydia.pushfix.info. The patch is designed for 3.1.3 on 05.11.07 bb, but I’ve confirmed it works on 3.1.2 05.11.07bb and seems to have fixed the Wifi issues even after several reboots. More details: http://msftguy.blogspot.com/2010/03/fixing-blacksn0w-on-313.html

**Update on 14 JUN 2010**
Some have wondered if you can apply the baseband patch to 3.1.3 if the baseband is still on 05.11.07. In reality, what OS firmware you are on shouldn’t matter as long as you are on the 05.11.07 baseband. So yes, if you are on 3.1.3 but still on 05.11.07 bb, go for it.

File Mirrors:
http://www.multiupload.com/RBTUJSJEW8
http://www.multiupload.com/QP9LNY4Y9V
http://www.mirrorcreator.com/files/16XATANC/051107_bbupdate.zip_links
http://www.gazup.com/qddD6-051107_bbupdate.zip-download-mirrors
http://rapidshare.com/files/367091128/051107_bbupdate.zip
http://www.megaupload.com/?d=0EVAL7KD

Credit for the bb flashing details: Olethros

-crazyfool2100