Difference between revisions of "S5L8720"

From The iPhone Wiki
Jump to: navigation, search
m (Kernel)
m
Line 2: Line 2:
   
 
== Exploits ==
 
== Exploits ==
=== [[iBoot]] ===
+
=== [[iBoot (Bootloader)|iBoot]] ===
'''Note''': [[iBoot]] on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares
+
'''Note''': [[iBoot (Bootloader)|iBoot]] on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares
   
 
* [[ARM7 Go]] - Works on [[iOS]] 2.1.1
 
* [[ARM7 Go]] - Works on [[iOS]] 2.1.1
Line 11: Line 11:
 
=== [[S5L8720 (Bootrom)|Bootrom]] ===
 
=== [[S5L8720 (Bootrom)|Bootrom]] ===
 
* [[0x24000 Segment Overflow]] - only in [[iBoot-240.4]] (old bootrom)
 
* [[0x24000 Segment Overflow]] - only in [[iBoot-240.4]] (old bootrom)
* [[usb_control_msg(0xA1, 1) Exploit]] - in [[iBoot-240.4]] and [[iBoot-240.5.1]]
+
* [[usb_control_msg(0xA1, 1) Exploit]]
   
 
=== [[Kernel]] ===
 
=== [[Kernel]] ===
Line 24: Line 24:
   
 
==Boot Chain==
 
==Boot Chain==
[[VROM]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[Firmware|System Software]]
+
[[VROM]]->[[LLB]]->[[iBoot (Bootloader)|iBoot]]->[[Kernel]]->[[Firmware|System Software]]
   
It is definitely worthy to note that the [[Pwnage]] exploit is fixed because the images are now flashed to the [[NOR]] in their encrypted [[IMG3 File Format|IMG3]] containers, and the [[S5L8720 (Bootrom)|bootrom]] can properly check [[LLB]]'s signature. That being said, unsigned images can still be run using the [[0x24000 Segment Overflow]], provided the [[S5L8720 (Bootrom)|bootrom]] is [[iBoot-240.4|old enough]].
+
It is definitely worthy to note that the [[Pwnage]] exploit is fixed because the images are now flashed to the [[NOR]] in their encrypted [[IMG3 File Format|IMG3]] containers, and the [[S5L8720 (Bootrom)|bootrom]] can properly check [[LLB]]'s signature. That being said, unsigned images can still be run using the [[0x24000 Segment Overflow]], provided the bootrom is [[iBoot-240.4|old enough]].
   
 
==See Also==
 
==See Also==

Revision as of 04:35, 26 April 2011

This is the Application Processor used on the iPod touch 2G.

Exploits

iBoot

Note: iBoot on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares

Bootrom

Kernel

Userland

Boot Chain

VROM->LLB->iBoot->Kernel->System Software

It is definitely worthy to note that the Pwnage exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly check LLB's signature. That being said, unsigned images can still be run using the 0x24000 Segment Overflow, provided the bootrom is old enough.

See Also

External Links