|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8720"
| Line 4: | Line 4: | ||
===[[iBoot]] / [[Kernel]] Level=== |
===[[iBoot]] / [[Kernel]] Level=== |
||
* [[ARM7 Go]] - Firmware v2.1.1 |
* [[ARM7 Go]] - Firmware v2.1.1 |
||
| − | * [[iBoot Environment Variable Overflow]] - Firmware v3.1b1 and below (Note: [[iBoot]] on the S5l8720 can be downgraded allowing the exploit to be used on future firmwares) |
+ | * [[iBoot Environment Variable Overflow]] - Firmware v3.1b1 and below (Note: [[iBoot]] on the S5l8720 can be downgraded allowing the exploit to be used on future firmwares, but ''only if'' a backup of the device-specific Apple-signed 3.0 iBSS with unique [[ECID]] was made.) |
===[[VROM (S5L8720)|Bootrom]]=== |
===[[VROM (S5L8720)|Bootrom]]=== |
||
Revision as of 21:26, 16 July 2009
This is the Application Processor used on the iPod Touch 2G.
Exploits
iBoot / Kernel Level
- ARM7 Go - Firmware v2.1.1
- iBoot Environment Variable Overflow - Firmware v3.1b1 and below (Note: iBoot on the S5l8720 can be downgraded allowing the exploit to be used on future firmwares, but only if a backup of the device-specific Apple-signed 3.0 iBSS with unique ECID was made.)
Bootrom
Boot Chain
VROM->LLB->iBoot->Kernel->System Software
It is definitely worthy to note that the Pwnage exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly sigcheck LLB. That being said, unsigned images can still be run using the 0x24000 Segment Overflow.
