|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Bootrom Dumper Utility"
m (formatting bugfixes) |
(→Info / Instructions) |
||
| Line 13: | Line 13: | ||
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing: |
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing: |
||
* the offset to the call of usb_wait_for_image in payload.S |
* the offset to the call of usb_wait_for_image in payload.S |
||
| + | |||
| + | 0x7ef @ A4 |
||
| + | 0x30E9 @ iPod 2G, old bootrom |
||
| + | 0x8b7 @ iPod 3G, iPhone 3Gs new bootrom |
||
| + | |||
* exploit offsets in bdu.c |
* exploit offsets in bdu.c |
||
| + | |||
| + | // A4: |
||
| + | #define EXPLOIT_LR 0x8403BF9C |
||
| + | #define LOADADDR_SIZE 0x2C000 |
||
| + | // iPod 2G: |
||
| + | #define EXPLOIT_LR 0x22000000 |
||
| + | #define LOADADDR_SIZE 0x24000 |
||
| + | // iPod 3G: |
||
| + | #define EXPLOIT_LR 0x84033F98 |
||
| + | #define LOADADDR_SIZE 0x24000 |
||
| + | // iPhone 3Gs new bootrom: |
||
| + | #define EXPLOIT_LR 0x84033FA4 |
||
| + | #define LOADADDR_SIZE 0x24000 |
||
== Links == |
== Links == |
||
Revision as of 16:14, 2 January 2012
Credit
Info / Instructions
- you need a mac or linux box to use it / build it
- libusb > 1.0.8 required
- execute it with root privileges (sudo ./bdu)
- by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2)
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing:
- the offset to the call of usb_wait_for_image in payload.S
0x7ef @ A4 0x30E9 @ iPod 2G, old bootrom 0x8b7 @ iPod 3G, iPhone 3Gs new bootrom
- exploit offsets in bdu.c
// A4: #define EXPLOIT_LR 0x8403BF9C #define LOADADDR_SIZE 0x2C000 // iPod 2G: #define EXPLOIT_LR 0x22000000 #define LOADADDR_SIZE 0x24000 // iPod 3G: #define EXPLOIT_LR 0x84033F98 #define LOADADDR_SIZE 0x24000 // iPhone 3Gs new bootrom: #define EXPLOIT_LR 0x84033FA4 #define LOADADDR_SIZE 0x24000
