The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Diags (iBoot command)"
ChronicDev (talk | contribs) |
ChronicDev (talk | contribs) (→Exploit) |
||
Line 5: | Line 5: | ||
==Exploit== |
==Exploit== |
||
− | + | This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the processor. |
|
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work. |
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work. |
Revision as of 18:27, 28 November 2008
This was an exploit in pre 2.0 versions of iBoot
Credit
Exploit
This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the processor.
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.