|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Talk:Ultrasn0w"
(→About AT+STKPROF exploit: new section) |
ChronicDev (talk | contribs) (→RE: About AT+STKPROF exploit: new section) |
||
| Line 19: | Line 19: | ||
Does only 2.28 vulnerable to at+stkprof exploit? |
Does only 2.28 vulnerable to at+stkprof exploit? |
||
| + | |||
| + | == RE: About AT+STKPROF exploit == |
||
| + | |||
| + | afaik all versions 1.45 through 2.28 are vulnerable, but devteam only designed a payload for 2.28. not 100% on that though. |
||
Revision as of 16:03, 2 January 2009
Thinking about this, I know how I could've done the unlock. I'm so lazy. This might be what yellowsn0w does already; theres a little object code in your source, so I don't know :-)
1. copy task_sim into memory 2. patch task_sim in the usual way(too bad i don't really understand the baseband at all) 3. modify the nucleus task struct to use the in memory task_sim(although idk why theres no execute on the stack, normal ram seems ok) 4. reset the sim card
no real reversing required. i could've had this in july dammit :-P
i also think this approach might solve some peoples problems with it dying after 10 minutes
~geohot
nx
heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x)
About AT+STKPROF exploit
Does only 2.28 vulnerable to at+stkprof exploit?
RE: About AT+STKPROF exploit
afaik all versions 1.45 through 2.28 are vulnerable, but devteam only designed a payload for 2.28. not 100% on that though.
