|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8922"
(→Exploits) |
(SHAtter only affects A4.) |
||
| Line 1: | Line 1: | ||
| − | This is the processor used in the [[N18ap|iPod |
+ | This is the processor used in the [[N18ap|iPod touch 3G]]. |
== Exploits == |
== Exploits == |
||
| Line 6: | Line 6: | ||
=== [[S5L8922 (Bootrom)|Bootrom]] === |
=== [[S5L8922 (Bootrom)|Bootrom]] === |
||
| − | + | [[User:Geohot|Geohot]] discovered an exploit for this [[bootrom]] that does not have publicly revealed technical details yet. |
|
=== [[Kernel]] === |
=== [[Kernel]] === |
||
| Line 18: | Line 18: | ||
==Information== |
==Information== |
||
| − | The load address is at 0x41000000 (same as the |
+ | The load address is at 0x41000000 (same as the [[S5L8920]]). |
== Boot Chain == |
== Boot Chain == |
||
Revision as of 00:00, 8 October 2010
This is the processor used in the iPod touch 3G.
Contents
Exploits
iBoot
- usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2
Bootrom
Geohot discovered an exploit for this bootrom that does not have publicly revealed technical details yet.
Kernel
- BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
- IOSurface Kernel Exploit - Works up to iOS 4.0
Userland
- MobileBackup Copy Exploit - Works up to iOS 3.1.3
- PDF CFF Font Stack Overflow - Works up to iOS 4.0
Information
The load address is at 0x41000000 (same as the S5L8920).
Boot Chain
Bootrom->LLB->iBoot->Kernel->System Software
The entire boot chain (except the bootrom) resides on the NAND flash (instead of part of it on NOR flash as in earlier devices). This is the only main difference from the S5L8920 used in the iPhone 3GS.
