STEP 7

So here is the first tool release, iEraser. This erases the current
firmware on your modem. Don't worry, you can always put it
back with bbupdater. Here how the bootrom check works; it
reads from 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370
and all these addresses must read as blank, or 0xFFFFFFFF.
When you erase flash, it becoms 0xFFFFFFFF. But you can't
erase those locations, because they are in the bootloader. So
thats where the testpoint comes in. Pulling A17 high hardware
OR's the address bus with 0x00040000(offset one because data
bus is 16 bit) So the bootrom instead checks locations
0xA0040030 0xA004A5A0 0xA0045C58 0xA0047370, which are in
the main firmware and can be erased. Pretty genius :)
To use this tool, you need the secpack from your modems
version. The erase of this section is protected. Check the
modem version in Settings->About. It'll either be 3.12(1.0) or
3.14(1.0.1 and 1.0.2). You need the ramdisk which cooresponds
to your version. Then go into "/usr/local/standalone/firmware"
and get the ICE*.fls file. Extract 0x1a4-0x9a4 and save it in a
file called secpack and place it in the same directory as the
ieraser tool. Run ieraser. This should erase the modem
firmware and leave you one more step on your way to
unlocking

ieraser