Difference between revisions of "S5L8920"

This is the processor used in the iPhone 3GS.

S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.

S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.

Bootrom

Bootrom Version: Bootrom 359.3

Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.

Exploits

Bootrom

• 0x24000 Segment Overflow - only in Bootrom 359.3
• Limera1n Exploit

Related iOS Exploits

iBoot

• iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
• usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2

Kernel

• BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
• IOSurface Kernel Exploit - Works up to iOS 4.0.1
• Packet Filter Kernel Exploit - Works up to iOS 4.1
• HFS Legacy Volume Name Stack Buffer Overflow - Works up to iOS 4.2.1
• ndrv_setspec() Integer Overflow - Works up to iOS 4.3.3
• HFS Heap Overflow - Works up to iOS 5.0.1

Userland

• MobileBackup Copy Exploit - Works up to iOS 3.1.3
• Malformed CFF Vulnerability - Works up to iOS 4.0.1
• T1 Font Integer Overflow- Works up to iOS 4.3.3
• Racoon String Format Overflow Exploit - Works up to iOS 5.0.1

Boot Chain

Bootrom→LLB→iBoot→Kernel→System Software

See also

• S5L8920 (Bootrom)
• S5L8920 (Hardware)
• S5L8920 (Hardware - Quick Notes)

External Links

• Technical Reference Manual: Cortex A8