|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8920"
(copied over from to-be-deleted page) |
m (fix link) |
||
| Line 11: | Line 11: | ||
== Exploits == |
== Exploits == |
||
| − | === [[ |
+ | === [[Bootrom]] === |
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]] |
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]] |
||
* [[Limera1n Exploit]] |
* [[Limera1n Exploit]] |
||
Revision as of 21:29, 15 October 2012
This is the processor used in the iPhone 3GS.
S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.
S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.
Contents
Bootrom
Bootrom Version: Bootrom 359.3
Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.
Exploits
Bootrom
Related iOS Exploits
iBoot
- iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
- usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2
Kernel
- BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
- IOSurface Kernel Exploit - Works up to iOS 4.0.1
- Packet Filter Kernel Exploit - Works up to iOS 4.1
- HFS Legacy Volume Name Stack Buffer Overflow - Works up to iOS 4.2.1
- ndrv_setspec() Integer Overflow - Works up to iOS 4.3.3
- HFS Heap Overflow - Works up to iOS 5.0.1
Userland
- MobileBackup Copy Exploit - Works up to iOS 3.1.3
- Malformed CFF Vulnerability - Works up to iOS 4.0.1
- T1 Font Integer Overflow- Works up to iOS 4.3.3
- Racoon String Format Overflow Exploit - Works up to iOS 5.0.1
Boot Chain
Bootrom→LLB→iBoot→Kernel→System Software
