The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8720"
m (→Kernel: Added HFS Legacy Volume Name Stack Buffer Overflow.) |
m ("Touch" in lower case.) |
||
Line 1: | Line 1: | ||
− | This is the Application Processor used on the [[n72ap|iPod |
+ | This is the Application Processor used on the [[n72ap|iPod touch 2G]]. |
== Exploits == |
== Exploits == |
Revision as of 02:04, 14 February 2011
This is the Application Processor used on the iPod touch 2G.
Contents
Exploits
iBoot
Note: iBoot on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares
- ARM7 Go - Works on iOS 2.1.1
- iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
- usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2
Bootrom
- 0x24000 Segment Overflow - only in iBoot-240.4 (old bootrom)
- usb_control_msg(0xA1, 1) Exploit - in iBoot-240.4 and iBoot-240.5.1
Kernel
- BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
- IOSurface Kernel Exploit - Works up to iOS 4.0
- Packet Filter Kernel Exploit - Works up to iOS 4.1
- HFS Legacy Volume Name Stack Buffer Overflow - Works up to iOS 4.2.1
Userland
- MobileBackup Copy Exploit - Works up to iOS 3.1.3
- Malformed CFF Vulnerability - Works up to iOS 4.0
Boot Chain
VROM->LLB->iBoot->Kernel->System Software
It is definitely worthy to note that the Pwnage exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly check LLB's signature. That being said, unsigned images can still be run using the 0x24000 Segment Overflow, provided the bootrom is old enough.