这是原版信息,在
http://wikee.iphwn.org/sgold_bootrom:bootneuter
翻译得不好请谅解。对广大疯友,特别是BL被降级的疯友的重大利好消息
----------------------
BootNeuter
by the iPhone Dev Team
http://iphone-dev.org
Overview 概览
BootNeuter gives you total control of your S-Gold bootloader and baseband.
BootNeuter能让你完全掌控你基于S-Gold通讯和多媒体芯片组的iPhone的BootLoader和Baseband(基带)程序。
It's an application you run right on your iPhone that lets you:
这是个应用软件能在你iPhone上运行,来让你:
- Neuter your bootloader
- 阉割你的BootLoader
- Unlock your baseband
- Unlock 你的基带程序
- Reflash your bootloader to 3.9BL or 4.6BL no matter what version you're at now (even if you're at 3.8BL)
- 无论你现在的BL是什么版本(甚至你现在只有3.8版的BL),都可以更新你的BL到3.9或者4.6。
- Fakeblank your bootloader to let you run serial payloads directly on your S-Gold
伪装你的BL,使你能在基于S-Gold芯片组的iPhone上运行系列程序。
Neutering 阉割
A neutered bootloader gives you absolute control over your baseband. The restrictions normally applied by the bootloader are completely lifted! With a neutered bootloader:
一个阉割过的BL使你能完全控制你的Baseband(基带程序)。通常情况下限制Baseband的一切都没有了!有了一个阉割版的BL,你可以:
The baseband is no longer integrity-checked
Can be patched (unlocked or other custom modifications)
可以对Baseband打补丁(解锁或者定制修改)
- 4.6BL will even run with patched baseband – no need to revert to 3.9BL even with most recent firmware
- 4.6BL可以和打过补丁的Baseband一起工作,即使对最新版的固件也没有必要转换成3.9BL。
Secpack restrictions are removed
我们使用的SecPack程序(用于修改Baseband)的限制被取消
You are free to downgrade your baseband using bbupdater without having to run ieraser/ienew first.在使用bbupdater降级你的Baseband之前,已经没有必要先运行ieraser/ienew。
- No longer does the “greater than” (4.6BL) or “greater than or equal” (3.9BL) rule apply. You can arbitrarily go up and down regardless of what secpacks you use.
- 那些所谓“大于”(4.6BL)或者“大于等于”(3.9BL)的规则不再使用。你可以大胆使用所有版本的SecPack程序来升降级你的Baseband。
Secpack signatures are ignored
Secpack数字签名将会被忽略
The RSA encrypted header is no longer checked for correct hash values by the bootloader
Bootloader不再检查RSA加密过的头文件是否有正确的哈希值。
The *.fls files can be patched and fed to bbupdater directly
*.fls文件可以被修改并直接提供给bbupdater
- A copy of the last used secpack will be saved at a03c0000, retrievable via norz or similar dumpers. Not that secpacks even matter anymore.
- 最后被使用的secpack将会保存在a03c0000地址,可以通过norz或其他程序来卸载。
- Your neuter selection survives iTunes restores and updates
- 即使iTunes的恢复和升级操作都不能改变这个阉割操作。
Unlocking 解锁
BootNeuter gives you the option to unlock your 1.1.4 baseband. An unlocked baseband is patched, and would normally fail the integrity check done by the bootloader on recent firmware releases. The anySIM app written by gray forges the token in the baseband, which will trick 3.9BL but not 4.6BL.
With a neutered phone, the integrity check is skipped completely. So now you can run recent firmware releases with a 4.6BL even if you've unlocked your baseband!
Boot中性化使你能有机会来解锁你的1.1.4基带程序。一旦Baseband被修改,最新版本的固件一般会使Bootloader不能让基带程序通过一致性检查。Gary写的anySIM程序伪造了Baseband的标记,这能骗过3.9BL但骗不过4.6BL(这是为什么ZiPhone需要降级BL)。
但中性化的BL将完全跳过一致性检查。所以现在你可以在4.6BL下运行最新的固件,无论你是否已经解锁了你的Baseband。
A neutered bootloader will let you use bbupdater on modified ICE*.fls files, so now you don't even need a separate app to unlock. As discussed on the
simple_unlock page, you can now unlock the baseband before it even gets put on your iPhone!
中性化的BL让你能在修改过的ICE* .fls文件上运行bbupdater,所以现在你不需要另外一个程序来解锁。正如在simple_unlock一页上讨论的,现在你甚至可以在把baseband装到你的iPhone上之前就解锁。
Bootloader Version BL的版本
If you found yourself recently downgraded to 3.9BL (without your consent) by running buggy software, the iPhone Dev Team comes to the rescue. With BootNeuter you can freely go back and forth between bootloader versions. Now you can truly restore your iPhone to its out-of-box condition.
如果你最近发现你的BL因为运行什么软件被未经你允许降级到3.9,DevTeam现在来拯救你了!(伟大阿!)BootNeuter程序使你能自由地在BL版本之间来回升降级。现在你可以真正把你的iPhone恢复到出厂(OTB)状态。
Fakeblank 伪造(FB)
For iPhone hackers who want to be able to run serial payloads
directly at S-Gold reboot time, BootNeuter lets you choose a
fakeblank bootloader. If BootNeuter detects that your iPhone is currently fakeblanked, it will do all of its bootloader operations via serial payload and won't need to erase/reprogram the baseband to make bootloader changes.
如果iPhone破解者向在S-Gold启动的时候运行serial payload,BootNeuter会让你选择一个伪造(FB)版的BL。如果BootNeuter探测到你的BL已经是FB版的,它将会通过serial payload直接做BL的操作,不需要清除/改写基带程序。
For a real-world example of a serial payload utility that can be run on a fakeblanked iPhone, see
the wifi fixer
现实生活中的一个能在FB版BL下工作serial payload程序:例如wifi修理程序
Tips 技巧
Do not interrupt the flashing process. Some of the operations take a long time to complete, so don't jump the gun by exiting the application. Don't let your iPhone turn off either! It is very important to not interrupt the flashing process.
BootNeuter在擦写的过程中不能中断。有些操作会花费很长时间来完成,所以不要冒冒失失随便退出程序。也不要关闭你的iPhone!这点十分重要:不要中断擦写程序。
BootNeuter needs to run with root permissions to unload the CommCenter and access the interactive bootloader. So, it needs to be installed either via Pwnage or via a method that gives it suid-root privileges.
BootNeuter需要有root权限来解锁CommCenter和修改BL。所以需要通过Pwnage之类有root权限的程序来安装。
The optimal settings for end users are Neuter=On, FakeBlank=Off, Unlock=On. If you are a developer, set FakeBlank=On. Don't worry though, it's all reversible via BootNeuter.
最终用户的最佳设置是:Neuter=On,FakeBlank=Off,Unlock=On。如果你是系统开发者,可用选择FakeBlank=On。不过不用担心,BootNeuter的操作是可逆的。
- During long flashing operations, you'll sometimes see WiFi dialog boxes pop up. Those can be safely canceled.
- 在较长的擦写过程中,你有时候可以看到Wifi的对话框会弹出,只要不理它就可以了。
Credits and stuff
致谢和开发人员
BootNeuter is brought to you by MuscleNerd, gray, chris, wizdaz, and the entire iPhone Dev Team. Thanks to geohot for the extended secpack erase method.
BootNeuter来自MuscleNerd, gray, chris, wizdaz和整个iPhone Dev Team。感谢geohot提供了secpack的清除方法。
BootNeuter is completely reversible (as is all of Pwnage).
BootNeuter完全可逆(Pwnage下)
This tool demonstrates that an application with root privileges can erase and reflash any bootloader. Be careful what applications you run, and never run them from a ramdisk (which is disintegrating as its being used). Unlike the main s5l8900 CPU, the S-Gold
can actually be
bricked
这个工具证明了有root权限的应用程序可以清除和改写任何版本的BL。在选择具体的运行程序时你要十分小心,并且不要在虚拟盘上运行(虚拟盘在被使用时没有被整合进系统)。
不象iPhone的s5l8900主CPU,S-Gold芯片会变“砖”。
A neutered bootloader survives iTunes updates, even updates to 1.2.0 (aka 2.0). Unlike unlocking which requires a new patch for each firmware version, you only need to neuter once.
iTune升级不会影响中性化的BL,即使你升级到1.2.0固件(即2.0版)。不象以前你每次升级固件都要重新解锁,现在你只要阉割一次就可以了。
- As effortless as BootNeuter makes it seem, bootloader flashing should not be taken lightly. BootNeuter won't reflash your bootloader if it detects that your desired bootloader settings match the current settings (for instance, if you are only changing the baseband lock status).
- 不要因为BootNeuter使用这么简单轻易来改写BL。如果BootNeuter发现你新的Bootloader设定和你现有的BootLoader一样(比如你只是想改变你基带的锁定状态),那BootNeuter就不会改写你的BL。
[
本帖最后由 gnr2000 于 2008-4-7 10:26 编辑 ]
运行中]
