|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Diags (iBoot command)"
| Line 5: | Line 5: | ||
==Exploit== |
==Exploit== |
||
| − | The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the |
+ | The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the processor |
| − | In 2.0 iBoots, they check the permission register. |
+ | In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work. |
Revision as of 01:08, 28 July 2008
This was an exploit in pre 2.0 versions of iBoot
Credit
Exploit
The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the processor
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.
