The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "JerrySIM"
(Spruced up the article a bit.) |
m |
||
(4 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | This was the [[iPhone Dev Team]]'s approach to unlocking [[Bootloader 4.6]]. |
+ | This was the [[iPhone Dev Team]]'s approach to unlocking [[Baseband Bootloader|Bootloader 4.6]]. |
− | As noted during the [[25C3 presentation Hacking the iPhone|25C3 talk that the iPhone Dev Team members gave]], this exploit was actually never fixed in [[X-Gold 608]] baseband [[ |
+ | As noted during the [[25C3 presentation "Hacking the iPhone"|25C3 talk that the iPhone Dev Team members gave]], this exploit was actually never fixed in [[X-Gold 608]] baseband [[01.45.00]], only in the next rev, so they were able to use it as an injection vector for some of the earlier hacks that they did on the [[X-Gold 608]] (downgrading the baseband version to [[01.43.00]], backing up their [[seczone]], etc.) |
==Credit== |
==Credit== |
||
Line 7: | Line 7: | ||
==Exploit== |
==Exploit== |
||
− | This relied on a buffer overflow in the STK. |
+ | This relied on a buffer overflow in the STK. The command AT+CSIM=XX caused an overflow that allowed the injection of an unlock exploit without jailbreaking |
+ | AT+CSIM=XX,"A0DC0104XXA53001..." |
||
==Leaked Source== |
==Leaked Source== |
Latest revision as of 23:42, 22 January 2013
This was the iPhone Dev Team's approach to unlocking Bootloader 4.6.
As noted during the 25C3 talk that the iPhone Dev Team members gave, this exploit was actually never fixed in X-Gold 608 baseband 01.45.00, only in the next rev, so they were able to use it as an injection vector for some of the earlier hacks that they did on the X-Gold 608 (downgrading the baseband version to 01.43.00, backing up their seczone, etc.)
Contents
Credit
Exploit
This relied on a buffer overflow in the STK. The command AT+CSIM=XX caused an overflow that allowed the injection of an unlock exploit without jailbreaking
AT+CSIM=XX,"A0DC0104XXA53001..."
Leaked Source
Note
Zibri removed it from the Google Code page, but the source is still easily available via google cache, or the fact that Google Code wiki pages are svn based and you can easily just look at an earlier rev :)
On the page before the source got deleted, Zibri referred to it as C source, although by the looks of it he may have failed to realize that it is a payload meant to be run off of a TurboSIM