The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8920"
m (fix link) |
(→Related iOS Exploits: This needed an update pretty badly.) |
||
Line 18: | Line 18: | ||
* [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] 4.1 |
* [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] 4.1 |
||
* [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] 4.2.1 |
* [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] 4.2.1 |
||
+ | * [[ndrv_setspec() Integer Overflow]] - Works up to [[iOS]] 4.3.3 |
||
+ | * [[HFS Heap Overflow]] - Works up to iOS 5.0.1 |
||
=== [[Userland]] === |
=== [[Userland]] === |
||
* [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
* [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
||
* [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0.1 |
* [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0.1 |
||
+ | * [[T1 Font Integer Overflow]]- Works up to [[iOS]] 4.3.3 |
||
+ | * [[Racoon String Format Overflow Exploit]] - Works up to iOS 5.0.1 |
||
== Boot Chain == |
== Boot Chain == |
Revision as of 17:49, 30 May 2012
This is the processor used in the iPhone 3GS.
S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.
Contents
Exploits
Bootrom
Related iOS Exploits
iBoot
- iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
- usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2
Kernel
- BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
- IOSurface Kernel Exploit - Works up to iOS 4.0.1
- Packet Filter Kernel Exploit - Works up to iOS 4.1
- HFS Legacy Volume Name Stack Buffer Overflow - Works up to iOS 4.2.1
- ndrv_setspec() Integer Overflow - Works up to iOS 4.3.3
- HFS Heap Overflow - Works up to iOS 5.0.1
Userland
- MobileBackup Copy Exploit - Works up to iOS 3.1.3
- Malformed CFF Vulnerability - Works up to iOS 4.0.1
- T1 Font Integer Overflow- Works up to iOS 4.3.3
- Racoon String Format Overflow Exploit - Works up to iOS 5.0.1
Boot Chain
Bootrom→LLB→iBoot→Kernel→System Software