How to Downgrade screwed up baseband 4.0 (after anySIM and 1.1.1 firmware upgrade).
Note: this will not help those waiting to upgrade from anySim/iunlock/geohot hw unlocked to 1.1.1 without bricking. Stay tuned for an updated 1.0.2/1.1.1 unlock to allow you to upgrade and keep all functionality.

HOW TO

0. Download iPhone 1.0.2 firmware from Apple [Only Registered users can see links . Click Here To Register...]
1. Change ipsw to zip then unpack it.
2. Extract the ramdisk file from it by typing
(or remove the first 2048 bytes by using a hex editor)
3. Mount the ramdisk by double-clicking it (on Mac). On Windows use some HFS tools to peek inside it or get the files from someone who extracted it already.

4. Put your phone into DFU mode and do option-restore in iTunes. This will reflash everything to 1.0.2. You will get an error at the end because it couldnt reflash the baseband. You will end up with a yellow triangle.

5. Quit iTunes, launch iNdependence then quit it again. Now relaunch iTunes. Press the power button on the iPhone for 3-4 seconds. After about 10 seconds you end up on the activation screen.

6. Complete the baseband downgrade by jailbreaking/activating, installing SSH on to the iPhone etc. There are tons of wiki's about that so I won't repeat. (Probably also true for step 4 and 5.)

7. Extract the baseband firmware and EEPROM files of 3.14 from the ramdisk of firmware 1.0.2. The files are named ICE03.14.08_G.eep and ICE03.14.08_G.fls and are located under /usr/local/standalone/firmware.

8. Get the secpack of baseband firmware 4.0 (some people have that, I have no idea how they got it but its needed). Name it "secpack". (maybe [Only Registered users can see links . Click Here To Register...] will help)

9. Download iEraser2 [Only Registered users can see links . Click Here To Register...] or from Geohot's blog.

10. Install all the tools onto the iPhone (I use the location /usr/local/bin.) You need to have SSH access to the 1.0.2 firmware iPhone and upload iEraser2, the secpack, ICE03.14.08_G.eep, ICE03.14.08_G.fls and anySIM 1.0.2.

11. SSH to the phone. Stop CommCenter by typing:
12. Now run:
It will tell you you run version 4.01 of the baseband. "bbupdater" is a tool by Apple which is also on the ramdisk.
13. Execute this in the console, to give iEraser executable rights:
14. Run iEraser2. This will WIPE your baseband, given a file "secpack" is in the same directory and this is a version 4 secpack.

15. Run the bbupdater command again:
This time it will not find any baseband firmware
This will flash the 3.14.08 baseband firmware back to the iPhone.
17. Now check to make sure it worked:
16. Now do:
It should tell you the version is 3.14
At this point you will still have an IMEI number starting with 004999... and its not of use yet. So still bricked but at least downgraded to version 3.14.

18. Now run anySIM Version 1.0.2 (note: older versions might not be good here as 1.0.2 has a lot of fixes for this kind of stuff).

19. Start commCenter again:
Now you have an unlocked 3.14 baseband with IMEI being your original one!
Congratulations you now fully recovered from your botched update to 1.1.1 and are back to 1.0.2.

Do you want to return to factory-locked state?

NOTE: This will not fix the NOR seczone corruption problem caused by anySIM/iUnlock so will therefore not "virginize" your phone. This is only useful to remove the anySIM patch from the baseband firmware.

Simply do:
This will reflash the "locked" version of the baseband.
Now restart commCenter:
Enjoy!

__________________
-
-