iPhone baseband is very interesting part of the iDevice. If you need to unlock iPhone, you need to unlock its baseband. All previous unlocks were depended on the version of iPhone modem firmware and every iPhone user was looking to find the solution for his iPhone modem firmware. Each unlock solution based on finding exploit.  In order to find it you need to establish the connection between iPhone BB and your PC. So in this article I'm briefly going to show you how to connect to different iPhone  BB Chipset versions.

Old Devices [iPhone 3g / 3 / 2 - S-Gold and X-Gold]

On iPhone 2 / 3 / 3gs you can easily use Minicom or sendmodem tools to successfully "communicate" with device baseband by sending AT commands. Luckily the command's list is very big and many commands are well-known. Here are the basic possibilities you can perform when using minicom.

• manipulate the baseband in parallel with the system
• enable trace and debuger to see what the iPhone does
• send text messages (including fake RAW PDU DATA)
• redirect /dev/tty.debug on a bluetooth connection
• and much more

iPhone 4 X-Gold 618 Chip

Here is the guide about sending commands to X-Gold baseband using Minicom. Generally,  Minicom is a modem control and terminal emulation text-based program for operating systems based on Unix. Minicom emulates ANSI and VT102 terminals, has a dialing directory and is available to automatically download zmodem.

iPhone 4s Qualcomm MDM6610 MDM6600 Baseband Chips

When you trying to choose baseband device port you'll  see: There is no device nodes like:

/dev/*baseband*

But the other baeband node

/dev/tty.debug

Is always available for you to send commands to any iPhone baseband chip models and firmware versions. There is one painful problem when using minicom on the iPhone 4s: in order to connect to bb, you have to spam AT (e.g. AT ENTER AT ENTER AT ENTER...)  until you get a response. Only then you can type your command hoping the connection doesn't fail. This happens because CommCenter is used to connect to baseband very often and terminates your session. Also when using the /dev/tty.debug node the OFFLINE message in the bottom is pretty normal.

iPhone 5 Qualcomm MDM9615 Baseband Chip

Now it's time to try to connect to the most undiscovered iPhone 5 baseband chip. The connection to /dev/tty.debug connects* doesn't work with iPhone 5 baseband even of you try to shut down the CommCenter by using this command:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.CommCenter.plist

Also spamming the AT[Enter] as I mentioned before has no success here. Another bb node  /dev/tty.wlan-debug was tested by one user and he successfully retrieved some info about active nodes:

aes_0 klog random ttyp9 bpf0 null rdisk0 ttypa bpf1 pf rdisk0s1 ttypb bpf2 pfm rdisk0s1s1 ttypc bpf3 ptmx rdisk0s1s2 ttypd btpoweroff ptyp0 tty ttype btwake ptyp1 tty.bluetooth ttypf console ptyp2 tty.debug ttys000 cu.bluetooth ptyp3 tty.debug-console uart.bluetooth cu.debug ptyp4 tty.gas-gauge uart.debug cu.debug-console ptyp5 tty.iap uart.debug-console cu.gas-gauge ptyp6 tty.wlan-debug uart.gas-gauge cu.iap ptyp7 ttyp0 uart.iap cu.wlan-debug ptyp8 ttyp1 uart.wlan-debug disk0 ptyp9 ttyp2 urandom disk0s1 ptypa ttyp3 vn0 disk0s1s1 ptypb ttyp4 vn1 disk0s1s2 ptypc ttyp5 zero fsevents ptypd ttyp6 io8log ptype ttyp7 io8logmt ptypf ttyp8

I'm not sure this node can be used in order to create future unlock exploit, but it's still very important for discovering new AT commands.

Testing iPhone 5 Baseband Connection by using Signal2.app [Updated Version]

You will need to SSH into your iPhone 5 by using Terminal or any other SSH client on a remote PC. Signal must be open to successfully execute the backgrounder AT+CMGS commands. I'll tell you how to access the iPhone 5 baseband through tty.debug node, which is the actual port to the baseband. I was searching all over the internet for anything related to this node but nothing.  And then I realized that planetbeing just recently updated his Signal app [Signal2]. The unofficial feature of the Signal.app allowed you to send commands to the baseband, but only when the app is running. So I decided to test it and got the Signal2 from Cydia. I opened it, SSH into my device, set up the minicom serial port to dev/tty.debug. But when I ran minicom by using command: minicom -w It was unable to start because of "device is busy" error. Anyway you can watch the video to see how to install minicom on iPhone 5 and also my try to establish the connection with the iPhone5 bb using Signal2 app. Here are the list of all /dev/ nodes provided by best iPhone wiki source: theiphonewiki. I hope this guide will help you to find out more about your iPhone baseband and you will use it to possibly find unlock in the future. You can follow us on Facebook and Twitter as well as on Google+ and receive all latest updates regarding iPhone news.