Anyway this is how the main story goes. Today one of my aunt approached me for a favor; To restore her iPhone 3GS back to factory default. Of course I agreed, I thought to myself how hard could a firmware restore be? After she passed me the phone, I realized the phone is a jailbroken phone. It would be nice if I jailbreak the phone for her. Even though I haven't jailbroken a iOS device for more than a year and has already lost touch with developments in the jailbreaking scene. I thought to myself again, how hard can jailbreaking be? Having DFU mode in the iPhone, I thought iPhone is practically unbrickable, right? No! 

Restoring the iPhone's firmware back to factory default is easy. Done within 10 minutes! After I finished restoring iPhone back to  factory defaults, I attempted jailbreak it. I used redsn0w to jailbreak it. This is where I made the biggest mistake, maybe because I always had the misconception that the iPhone is unbrickable and if anything goes wrong, Just enter DFU mode to restore firmware. Or maybe I was a bit too greedy and naïve, I blindly checked the "install iPad baseband" option without fully understanding what that means.

For some reason which until now I still don't understand. Cydia wasn't installed properly on the phone. Cydia just crashed immediately upon launching. So I thought to myself, maybe I should try again, just restore the firmware back to factory default and try the redsn0w jailbreak tool again. I went ahead to restore the firmware back to factory default by simply pressing the restore button in iTunes. For the most part of the process everything went smoothly until when the restore was just about to finish, I was greeted with this dreaded message.

I tried to restore several times. Time and time without fail, I would be greeted by this dreaded message. By then I'm starting to panic as the iPhone seems to be be stucked permanently in recovery mode! I just can't get the firmware on the phone!

After several hours of googling, I've started to understand what's the problem. I should have paid more attention to redsn0w's warning dialog in the first place which states that after updating iPhone's baseband with iPad's baseband and starting with iOS firmware 4.2.1. I'll need to restore the iPhone using custom firmware if there's ever a need to. 

If I had read the warning carefully and knew that custom firmware is needed to restore the phone in the future, I would not have checked that option. Anyway installing iPad baseband is just to unlock the phone from cellphone carriers. I actually don't need that feature. But, I must say that using iPad's baseband firmware in iPhone is a very clever method to undermine Apple's effort to lockdown phones to carriers by using another Apple product. The baseband processor is a dedicated processor for processing digital communication signals (telephony, 3G, EDGE, etc..). The baseband processor also have its own firmware. Apple locks the phone to certain carriers by programming the baseband processor to only talk to certain carrier's base stations. But iPad is sold from Apple retail store and not tied directly to any telco. Customers can choose to get 3G service from whichever telco they wish therefore iPad's baseband processor can talk to any carrier base station as long as the proper SIM card is inserted. The hackers realized (not surprisingly) that iPhone and iPad is using the same baseband chip. So to "upgrade iPhone's baseband to iPad" means loading iPad's baseband processor firmware onto iPhone in a way reprogramming the iPhone's baseband processor into iPad baseband processor. I guess with a different baseband firmware loaded, iPhone 3GS's iOS probably doesn't recognize the baseband processor anymore (probably by design) as iPhone 3GS iOS v4.2.1 dosen't contain the faux iPad baseband processor "driver". So this explains the need for a custom firmware (that probably contains the iPad baseband processor "driver").

But wait... the story dosen't end here just yet! If you are designing iPhone, a device that allows the end user to update its firmware. You'll definitely want to make sure there are safeguards in place to ensure if the user uploaded a corrupted firmware, the device will not accept and run it. So you'll want the device to run integrity and authenticity checks on the the firmware before accepting it. This is where pwned DFU mode comes in. In pwned DFU mode, those safeguards to ensure firmware integrity and authenticity are gone so custom firmwares can be loaded. 

This is how a simple firmware restore that usually takes 10 minutes ended up taking hours.