After reading my previous post on how to activate baseband core dump function now you can start to dump baseband memory. I told you many times how was essential to dump the memory; you could use it to find some baseband vulnerabilities and try to find your own exploits.

And there is no need to say that you can use it to try to unlock iPhone for example or just to explore it. Since Apple integrated their devices with X-Gold chips by Infineon we can perform iPhone baseband core dump in a very simple way which I show you in my tutorial guide below.

Dump iPhone Baseband Memory

The very first thing you need to do is to create log file of baseband crashes and the stack trace.

Note: Before dumping the memory you should activate the Baseband Core dump function on you iPhone. When done use these simple steps:

Step one: Open Cydia, search for Minicom and install it.

Step two: Configure Minicom to communicate through supported port

Step three: Type following command into the Minicom to trigger an exception.

AT+XLOG=4

In other words this command will dump the baseband memory and that is exactly what we want.

Step four: If you done everything correctly then the message “Baseband Core Dump in Progress” will appear on the iPhone screen. Just wait for couple of seconds or minutes, depends on your baseband processor. It’s basically dumping a bunch of information from memory about the current state of the kernel.

Step five: Your dump info should be saved directly into the iPhone. Just navigate to the following directory:

cd /var/wireless/Library/Logs/CrashReporter/Baseband

All data is formatted like:

log-bb-yyyy-mm-dd-hh-mm-ss-cd

And that’s all you should do to dump iPhone baseband memory. This method is very easy and doesn’t require some special hacker’s skills. Now you have your saved baseband data so just take it and begin to explore it whenever you like and whenever you want.

Also the cool feature the dump is segmented by baseband memory region. You can use alternative methods to dump the memory like OpeniBoot or NORDumper and perform the decryption of the data latter using simple Python script by DogBert.

I hope this info was useful for you. If I’m right share plz this info with others who are interested in iPhone unlock using share buttons below. Also if you have some questions you can use comment form below and I’ll be glad to answer you.

To install minicom from Cydia you should do next things. After installing the package itself check if the folder /usr/etc exists. Connect to your iPhone through SSH and then type in:

minicom -s

after that continue setting up the ports and all the other things as usual. If you’re not sure how to do that or just want to remind yourself of something within the installation process – read this post to get the detailed instructions on how to install and configure minicom.
In /dev folder you can find interfaces like this:

 iPhone4:/dev root# ls /dev   aes_0 io8logmt tty.highland-park   bpf0 klog tty.iap   bpf1 mux.spi-baseband tty.umts   bpf2 null ttyp0   bpf3 pf ttyp1   btreset ptmx ttyp2   btwake ptyp0 ttyp3   console ptyp1 ttyp4   cu.bluetooth ptyp2 ttyp5   cu.debug ptyp3 ttyp6   cu.gas-gauge ptyp4 ttyp7   cu.gps ptyp5 ttyp8   cu.highland-park ptyp6 ttyp9   cu.iap ptyp7 ttypa   cu.umts ptyp8 ttypb   disk0 ptyp9 ttypc   disk0s1 ptypa ttypd   disk0s2 ptypb ttype   disk0s2s1 ptypc ttypf   dlci.spi-baseband.call ptypd ttys000   dlci.spi-baseband.chatty ptype uart.bluetooth   dlci.spi-baseband.cl1 ptypf uart.debug   dlci.spi-baseband.extra_0 random uart.gas-gauge   dlci.spi-baseband.iq rdisk0 uart.gps   dlci.spi-baseband.low rdisk0s1 uart.highland-park   dlci.spi-baseband.pdp_0 rdisk0s2 uart.iap   dlci.spi-baseband.pdp_1 rdisk0s2s1 uart.umts   dlci.spi-baseband.pdp_2 sha1_0 urandom   dlci.spi-baseband.pdp_3 tty vn0   dlci.spi-baseband.pdp_ctl tty.bluetooth vn1   dlci.spi-baseband.reg tty.debug zero   dlci.spi-baseband.sms tty.gas-gauge   io8log tty.gps

The /dev/dlci.spi-baseband.extra_0 worked fine for me but I can’t guarantee it will do the same for you.

Setup minicom properly to make it work:

 iPhone4:/dev root# minicom -s

after that select “Serial port setup” and press A and edit the line of the serial device (for me was that):

 A - Serial Device : /dev/dlci.spi-baseband.extra_0

Type esc and “Save setup as dfl”, then exit and type:

 iPhone4:/dev root# minicom -w

for connecting to the device.

Afterwards type in AT. If you get an “OK” response – everything should now work like a charm If not – double check the ”serial port setup” settings.

To make a call to the 3931111100 number simply type:

 atd3931111100;

for hanging up:

 ath

To obtain the sim serial number (iccid number) type:

 at+ccid

To get your phone’s imei number put in:

 at+cgsn

That’s basically all the steps you need to make to send AT Commands to iPhone 4. Looks pretty easy if you know at least what minicom and SSH is, right? If you need to connect to iPhone 5 BB use this guide. Let us know how it worked for you in the comment section under the article.

You can access iPhone Sim card to get info and use it to decipher your SIM while your iPhone is connected to the network. It is good method if you don’t have handy Sim card reader.

Here I’ll show you AT+ commands and examples which you can use to access iPhone Sim card but first read what you need for successful access.

Requirements

• First you need to jailbreak your iPhone to get SSH access.
• The second thing you should do is to install Minicom on your iPhone.
• After you install Minicom, set Serial Device to read the port. Just add this:

/dev/tty.debug

After you have done all these requirements you can access iPhone Sim card to be sure that it works. Here below I give you what AT+ commands you need to use and examples how it would look like.

How to Access iPhone Sim Card

Note: Successful iPhone Sim card access depends on version of iOS firmware. If you are on iPhone 4 or newer one please use this guide to connect to iPhone baseband using minicom and Signal app.

1. Run GSM Algorithm

Commands:

AT+CSIM=14,"A0A40000027F20"  AT+CSIM=42,"A088000010FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

Where the 16 0xff are the RAND

Here is an example:

AT+CSIM=14,"A0A40000027F20"  +CSIM: 48,"000010247F20020000000000091100160800838A838A9000"    OK  AT+CSIM=42,"A088000010FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"  +CSIM: 28,"A5975E88E0940FC09AEFA0009000"  OK

And in the response you will find this:

sres: A5 97 5E 88  Kc: E0 94 0F C0 9A EF A0 00

2. Read EF files from the SIM

Here you can read some interesting parameters which are saved on your Sim card by the ME.

Read Kc 0x6F20

Commands:

AT+CSIM=14,"A0A40000026F20"  AT+CSIM=10,"A0B0000009"

Here is the sample run:

AT+CSIM=14,"A0A40000026F20"  +CSIM: 34,"000000096F2004001100BB010200009000"    OK  AT+CSIM=10,"A0B0000009"  +CSIM: 22,"E0940FC09AEFA000009000"    OK

And you find the last Kc used here: E0 94 0F C0 9A EF A0 00, the key sequence number would be 00.

Read IMSI 0x6F07

Commands:

AT+CSIM=14,"A0A40000026F07"  AT+CSIM=10,"A0B0000009"

Here is the sample run:

/* FIXME: Do one */

Also you can read IMSI adding this command:

AT+CIMI

Here is the sample run:

AT+CIMI   250997001138203    OK

You can find out more about IMSI number here if you don’t know what it is.

Read LOCI 0x6F7E

You can decomposed LOCI here:

• TMSI[0:3]
• LAI[4:8]
• TMSI Time[9]
• status[10]

Commands:

AT+CSIM=14,"A0A40000026F7E"   AT+CSIM=10,"A0B000000B"

And the sample run is:

/* FIXME: Do one */

That’s it. Now you know how access iPhone Sim card and use it in everything you wish. For example to find another iPhone Sim card unlock. Or just use it in Sim card deciphering to know more about your SIM.

AT+ command and examples was taken from here.

We will talk about WildcardTicket which is also called Activation ticket (record).

When your iPhone is locked to some carrier then you need official (wildcard) activation from Apple to unlock your device. After your iPhone is unofficially unlocked by the fruit company then you can’t to connect it to iTunes for updating, syncing and stuff like this. You need to be sure that you’ve got the unlock before connecting to iTunes because when iTunes locates your iPhone it sends its data to Apple. Company’s servers analyse your baseband information like IMEI, ICCID, IMSI and generate Activation Ticket. This ActivationTicket is bound to a specific SIM card. If Apple sees that something is wrong then it locks iPhone again. In other words you can’t use iTunes if your iPhone is unlocked unofficially. SAM unlock is work with the same Wildcard Ticket Activation method to fool Apple Activation server. But you’ve heard SAM not working now. But actual thing is SAM is do working for now if you have Activation ticked but if Apple re-lock the device somehow in that case it will not work. The simple reason is the baseband Seczone not accessible.

But there is a question. How does actually Ultrasn0w works? Because when unlocking device by Dev Team Ultrasn0w you are able to connect and restore it many times as long as don’t update the baseband. The trick is: when using Ultrasn0w it unlock the iPhone baseband on the fly or in other words every time the iPhone boot => Ultrasn0w is sending its exploit to the baseband and unlocks it.

So here I am going to show you one of the possible activation exploits which can be used to find a way to unlock iPhone. Below you will see bunch of AT commands which you need to send to your baseband using Minicom. For more information on Minicom and program installation use this link.

The AT commands like ones shown below should be used for receiving information about Wildcard unlock.

The most important command is:

at+xlck

which permits a properly signed WildcardTicket to allow all ICCIDs+IMSIs. Those unlocks are the “carrier” or “IMEI” unlocks. Those are the unlocks that Apple can theoretically revoke at their discretion. Incidentally, these “Wildcard” unlocks are the only possible exploits these days. SAM unlock functioning principle is very similar to Wildcard unlock as it also uses ICCID and IMSI along with some other data to trick Apple’s servers sending them data that says iPhone is unlocked. When using at+xlck or at+xsimstate commands the Unlocked baseband sends return like this:

+ XLOCK: "PN", 1,0  + XSIM: 2 or (7)

If iPhone is locked then at+xlck returns:

+ XLOCK: "PN", 1,2

Here is the list off all known codes presented in at+xlck and at+xsimstate commands. So lets do some analyse:

Continue to analyze the results before and after the record of this return

at + xlck = 0

OK

at + xlck = 1,1, "key 1"

OK

at + xlck = 1,2, "key 2"

OK

at + xlck = 1,3, "key 3"

OK

at + xlck = 1,4, "key 4"

OK

at + xlck = 2

Should get you:

+ XLOCK: "PN", 1,0  + XSIM: 7

So the baseband is unlocked.

Keys List

Key 1:

020000009a136738e8274df334fca53d6e9e758b0b5af0024d753ed3a9407eae9d8685c027a4cd5f812500bb91bb088b42315b06fed148569c3d81170e9ae9549681457fe8e25dc9232535dc90f2bcaea63aba2b10996fdde753292230b6ea35f6c29d125ca93109d4a14f27d24dc42dbbac66b3154cbbce5734b4f4f52ea4278289f9c8d99619099a0212d707765da387766a50d6e79cca4ffac87cf6d7fd195627a5e2d6b32be2dfec286c510dea4b9448c2617479fc9684b70b3fe080a902101c04ae215c46f4cf27ff2f97b9335cebcc0567bee51075b4b23a8fdcbd8da3aec9d6cf44bf10bf645e7cf7db1fbfd9b88aa829e868e59d1368f05ef5a5c3b6

Key 2:

c0e4b460e4960fa688e722b85101a3cb64a1519f8d7dd731cb4d07692cba4908884cdcb82073b6f6ac2dd6852c5359d5b934340347b460ba08ea2b187f3b7477d8bb0f2eab5116529b5a5da7854a9c2c0c15d2a3ce8a8daa87e01f2ecc66de34a7ed846dfb79266f8497fcb0d4b56bb2329fbe548270f9934b85f3b7987ac0ecfaeb71a2e2b748e5625beb90d92d916591cfdd3e31beef134b51e1441813e362c969c8a41d39105b227025961431897c5914c0ece5d33844c14e7ed32b6ea1496910912d3696d710deb62362ed2706596e1c4fb619e80ddbb7de74385b00eb4d6be0dc49ccdd6455d92b882814afbd0200d8ebbb2ab7441f9b50427dc174c972

Key 3:

532c9e9210c76a6164a2aab9055c8c2bee5f6a7dd79dc1b2fb2bb5f4ea2a918b6865e8c29a1c62b9b0be507f46e8c993629d44443996bdce37aae47e3fb36dbb06f225f7001fa47d8c489a14000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Key 4:

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

So if you have read all the info above and understood nothing here’s the simpler explanation of what’s going on in general steps:

Step 1. You need to send – at + xlck = 0 to receive information about unlock data.

Step 2. Send – at + xlck = 1, x, sending four 512-byte lenth unlock key.

Step 3. Send at + xlck = 2, the implementation of unlock verify operation.

If everything goes right then baseband return  + XLOCK: “PN”, 1,0, if not then it returns to + XLOCK: “PN”, 1,2

Wildcard Ticket wildcard_record.plist

Here is the source of the 4 strings of 512 bytes unlock keys where file with activation information generated its key. I have saved activation ticket manually. Also you can use Redsn0w to do that.

You can find your activation file in the following directory:

 /var/root/Library/Lockdown/activation_records/

Here you can find an .plist file with ICCID which is used to be unique for each SIM. You can use the plist editor to open plist file. There you should find AccountToken field. This is actually activated base64 encoding of the information you need. Decoded base64 encoded string of information, get activated.

ActivationTicket is sent to the baseband unlock key. The key is based on Apple’s server side where it confirms validation of the activation file. If it is not activated then => send Activation ticket to the baseband to get + XLOCK: “PN”, 1,0, and then activate it. You don’t need your original Sim card to be activated. Current activation vulnerability to unlock iPhone is possible when you backup the activation file and don’t update the baseband. After baseband updating your saved activation ticket will failure because it belongs to other baseband firmware version.

I hope this information was helpful for you. Now you have the possibility to use this WildCardTicket exploit as you want. You use of this info is done on your own risk.

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist  launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

When using sendmodem you can execute the commands directly from the command line. Really great feature.

How to install SendModem to your iPhone:

Step One: Upload sendmodem file to your iDevice’s /usr/bin directory. For doing that you can use any SSH client you like: WinSCP, iFunBox or else. Or you can open mobile terminal and download the SendModem file using this command:

cd /usr/bin/  wget http://www.letsunlockiphone.com/scripts/sendmodem.zip  unzip sendmodem.zip

Step Two: Execute the next commands on your iPhone (use mobile terminal, SSH, Mosh etc.):

cd /usr/bin  chmod +x sendmodem

Step Three: Test sendmodem by typing in:

sendmodem

It should respond with:

usage: sendmodem <at command>

Here are the examples of some other sendmodem commands:

Querying the baseband version:

sendmodem “AT+XGENDATA”

Querying the lock state:

sendmodem “AT+XSIMSTATE=1?

Querying the battery capacity:

sendmodem “AT+CBC”

Note: if you want to use double quote in AT command, avoid it like in C language (\”):

sendmodem “AT+CLCK=\”PN\”,2?

Use my AT + commands list here for iPhone 3 – 4s.

Please note that sendmodem always communicates with baseband/modem with “AT” command and waits for receiving “OK” response. It will write “-” to your screen until the connection is established and the process may take some time so the amount of dashes can vary dramatically.

The original modem state will be saved before any operations take place and is restored after your commands are executed.

Caution: do not send any commands through sendmodem you’re not sure about and if you don’t know what effect they will make.

Download SendModem Source Code:

wget http://www.letsunlockiphone.com/scripts/sendmodem_source

And have fun. Also you can try iGSM that helps you to perform the same actions as Sendmodem. However many says that iGSM is more powerful then Sendmodem.

If you don’t have Minicom installed on your gadget then you can easily install it here and follow my steps below.

How to check iPhone’s lock state

Step One: If you use Minicom, you need to disable the CommCenter first. To do that enter in Minicom:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

If you are using sendmodem or igsm tools just skip this step.

Launch minicom by typing:

minicom -w

Please use this articles to check all available iPhone dev nodes to connect through.

Step Two: Enter the command:

AT+XSIMSTATE=1

Step  Three: You’ll see the following characters:

+XSIM: SS

+XLOCK: "PN",X1,X2,"PU",X1,X2,"PP",X1,X2,"PC",X1,X2,"PS",X 1,X2

Note: The only lock present on iPhone is the PN lock

Step Four: Use the following list to decrypt the iDevice’s response:

SS:

0=No SIM Inserted

2=SIM Ready

6=SIM Busy

X1:

0=Unlockable(probably without attempt counter)

1=Unlockable

2=Signature check failed

3=Attempt Limit Reached

4=Unlocked and Lockable

5=Unlocked

X2:

0=SIM Valid

1=Unknown(this gets set for PN when unlock is attempted)

4=SIM Not Valid

Note: You can view these logs later in /Library/Logs/Baseband. Use any text editor to open them.

Step Five: Don’t forget to enable CommCenter by typing in:

launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

This is basically how you can check your device’s lock state and unlocking possibility by using AT+ commands. For the full list of other AT+ commands use this link and find the command you need.

Minicom is a tool cross-platform program which can be used on Unix-based systems. It can emulate ANSI and VT100. ANSI escape sequences are characters that are embedded in the text which is used to control formatting, color, and other output options on video text terminals. Most of the terminal emulators can show text output from a computer that is connected remotely. They also can show text output from local software, as well as interpret some ANSI’s escape sequences. VT100 (video terminal) was made by Digital Equipment Corporation (DEC). Its detailed attributes became the de facto standard for terminal emulators or tty for short. You can read more about this tool here and install it.

Sendmodem – another tool to access iPhone’s baseband/modem directly developed by PmgRiPhone. It uses /dev/tty.debug path and doesn’t require the CommCenter to be turned off to send and receive commands from the baseband. The commands from sendmodem are executed directly from command line. The tool uses standard AT+ list of commands that can be found by following this link. Sendmodem can be used to perform various actions with iDevice’s modem. You can:

• query the baseband for your firmware and bootloader version
• query the phone’s lock state
• query the battery capacity
• etc.

More info about sendmodem in this article.

IGSM is a tool to communicate with baseband developed by Marcio C. Almeida. This simple application allows you to sent AT+ commands to your iPhone easily. It can also be used for countries where the carrier doesn’t set the phone number on the SIM card to set that number. Can be used on iPhone running firmware 2.x or higher. You can also download igsm here and find more info about this tool.

So now you equipped with this three tools. Now you can use each of them and send commands to your baseband.

Also you can read about Minicom. You can use this link to go there. But today I want to introduce you another program for this which is called iGSM.

The new iGSM tool was developed to send AT commands. This tool was created by Marcio’s iPhone Apps and uses /dev/tty.debug without need to disable the commcenter during the process and has function to perform these jobs which means that you don’t need to manually enter:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

which will unload CommCenter process from iPhone Baseband RAM.

You may hear about Sendmodem tool which has the same possibilities as iGSM and if you would like to use Sendmodem then go here for instruction. But I must tell you that iGSM tool is more powerful then Sendmodem, however they are the same in general.

Download iGSM

You can download iGSM tool using this command:

wget http://www.letsunlockiphone.com/scripts/igsm.zip  unzip igsm.zip

Usually, the iPhone baseband is accessed via minicom which add commands to /dev/tty.baseband. To make sure that minicom functions, the commcenter first must be disabled, after that your can run minicom, and after you are completed with minicom you again have to enable the CommCenter.plist file.

How to run iGSM

Open terminal and navigate to the directory where you have downloaded the igsm file. Then perform this command:

sudo +x igsm

Now you are ready to run the tool. You can see that igsm tool is more convenient. So let’s begin but first look at the meanings of the shortens that you need to issue using this script:

igsm [-p pin] [-c command ... -c command] [-l] [-L] [-u] [-d] [-v] [-r]

-p pin SIM pin (if needed)  -d dump IMEI IMSI …  -c cmd command to be executed (more than 1 is supported)  -l load commcenter  -L list all jobs loaded into launchd  -u unload commcenter  -r reset baseband  -m string modem init string  -M num max lines on any command  -v verbose mode  -vv verbose mode and hex dump  -h this help  -hh extended help

Also with igsm commands to iPhone baseband (modem) can be directly carried out from the commandline. Here below you can see my example of usage igsm tool to get the baseband info for your needs.

Example of usage iGSM to get the baseband info

igsm -c AT+CPBS?   Opened: /dev/tty.baseband   > ATE0 – set echo OFF   < OK

> AT   < OK

> AT+CPIN? – SIM requires PIN ?   < +CPIN: READY   < OK

> AT+CPBS?   < +CPBS: “SM”,34,150   < OK   Done

And that’s it now you have entered your baseband and can see all its info that can be needing for making unlock or see bootloader version or something that can be needed by you from your iPhone baseband.

Also you can see this list soon of AT commands to use it for your needs.

How to Install Minicom on iPhone 4s , iPhone 4, iPad 3G

Launch Cydia =>Go to Search and type Minicom =>Press Install => Confirm =>Return to Cydia.

Note: If there is no Minicom app in Search then go to Manage =>Settings and pick Developer. Now try to find Minicom app in the Search again. Here’s a video tutorial that will help you to install Minicom:

Setting up Minicom 2.2 on older devices: iPhone 3gs, iPhone 3g, iPhone 2g

This section is for installing Minicom on older devices. For the instructions on newer ones see the section below.

Step 1: After installing Minicom software from Cydia, launch SSH Terminal or other similar software like Mosh, connect to your iPhone  and make sure the folder /usr/etc/ exists. If not – create one. To connect to your device you need to select destination port first. To make this, type into the terminal:

minicom -s

Step 2: Now, select “Serial Port Setup” in the Menu and press Enter. Then, press “a” and set Serial Device to read the port:

/dev/tty.debug

However another baseband port also works great and appears to be more reliable than the other device:

/dev/dlci.spi-baseband.extra_13

Step 3: Now Press Esc, and in the Main Menu, select “Save setup as dfl”. Now, select “exit”.

Setup Minicom on iPhone 4s, iPhone 4 and iPad

Step 1: The process of installing Minicom to newer devices is the same as written above but has some differences.

Step 2: Setup the port. In newer iDevices there are following ports to connect to:

/dev/tty.debug

and

/dev/dlci.spi-baseband.extra_0

Step 3: Save your dfl setting.

Also there are two others programs similar (or even better) then Minicom. You can use iGSM and Sendmodem to control your baseband.

How to run Baseband AT Commands using Minicom:

Launch Minicom, connect to your device using SSH and type into terminal:

minicom -w

You should see Minicom working interface. Now you are ready to send commands to iPhone’s baseband, but the first command entered in minicom should be:

at

After entering at press Enter. Now you can type any commands you want to explore the bb.

Note: If you don’t know many AT command then you can use this link to find the command you need.

Working on the iPhone 4

Many peolpe reported that they couldn’t use any of the ports on X-Gold 618 baseband (iPhone 4).

One way around this is to install Signal iPhone app from Cydia:

Signal was designed for iOS 4, and contacts /dev/tty.debug in an iOS 4 compatible way. It works this way to receive baseband information, one of them being, the exact measurement in dBm. This opens the port to /dev/tty.debug.

You will need to SSH into your iPhone 4 from a Terminal emulator or SSH client on a remote host. At the same time Signal app must be opened to successfully execute the backgrounded AT+CMGS commands or check your iPhone’s lock state With AT+XSIMSTATE Command (Here is more info).

The tty.debug does not actually require CommCenter to be shut down, but you have to spam AT[enter] until you get a reply and then issue your command hoping the connection doesn’t fail as CommCenter is using the baseband pretty much all the time making you unable to connect.

Note about tty.debug port

While using this port to connect to the baseband you have to dissable/shutdown CommCenter. Remember that shutting it down disables Wi-Fi and GPS signal until the next reboot. So type into terminal:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

Reboot your iPhone until you can’t get signal as per the status bar + get the non-visual voicemail indicator the empty badge over Phone icon. Then connect to Minicom using tty.debug port.

And don’t forget to turn the CommCenter ON when you are done using Minicom. Just type:

launchctl load -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

Trouble with Minicom

Problem: Executing AT commands on iPhone 4:

Fix: If you have trouble with executing AT commands with Minicom on iPhone 4 you can try to do following:

• Install Minicom and set the serial to tty.debug. Try to run it through puTTY
• Try to disable CommCenter
• Try to click Ctrl+A for setting echo ON

Common problems:

Problem: Cannot wtire to /usr/etc/your-setting-name.dfl

Fix: Please make sure that folder /usr/etc exists. For this error usually there is no /etc folder in the /usr directory. If it is so just create /etc folder. You can do that by using iFile, iFunBox or SSH sotware. You can create the folder by typing into terminal:

cd /usr  mkdir etc

Problem: No termcap entry for vanilla

About this error: This happens on a jailbroken iPhone 4 and 4s on iOS 5.0.1 and higher. This error happens right after one enters the username but before entering the password there’s no time to complete the login process. Also when trying SSH connect via iFunBox, you could be unable  to login but receive a different message when trying to run Minicom: “No termcap entry for vanilla”

Fix: you have to install Ncurses (New Curses) package from Cydia. If it doesn’t help please use another SSH client software. iFunBox software was claimed to receive such type of errors earlier.

Problem: Minicom can’t input commands:

Fix: If you can’t see any command you’ve entered, then just type in following when in minicom interface:

Ctrl+A then E

That command will set echo to ON and you will be able to see what commands are you entering.

And don’t forget to install OpenSSH package here or from Cydia because you won’t be able to connect to your Device using SSH.