The S5L8900 in the technical name of the application processor shared between the iPhone 2G, iPod touch 1G, and the iPhone 3G. Not much is known about it, even through official sources. According to saurik, this is an
arm1176jzf-s. This processor was succeded by the S5L8720 used in the iPod touch 2G and the S5L8920 in the iPhone 3GS. Those have subsequently been succeded by newer processors.
One of the many goals of the iDroid project is to modify the boot chain immediately after the bootrom:
This is possible thanks to the Pwnage and Pwnage 2.0 exploits discovered by the iPhone Dev Team. The exploit in a nutshell exploits the fact that the VROM (Bootrom Rev.2) doesn't signature check the LLB, and as such, by uploading a maliciously crafted LLB, one can gain control of the entire device.
The restore process of the processor is:
- VROM (Bootrom Rev.2)
- DFU Mode
- Kernel (wait for Restore Ramdisk upload)
- Restore Ramdisk
- Restore Mode
In order to flash an older version of iPhone OS onto the device, you need to enter DFU Mode. The entry into DFU Mode is in the device's circuitry and the processor itself. This allows a non-responsive device to enter DFU Mode nearly anywhere, essentially making it improbable to brick the device.
Once in DFU Mode, iTunes will notify you of a device in Restore Mode, even though it isn't. This is common across all devices. In iTunes, you just hold the Option key (⌥) on OS X or the shift key on Windows while clicking the "Restore" button. Just navigate to the IPSW for the specific version you want. As SHSH blobs didn't exist before iPhone OS 3.0 with the S5L8920 on the iPhone 3GS, you are only limited by your ability to obtain the firmware IPSW.
The boot chain is a very simple one: