Difference between revisions of "Pwnage 2.0"

From The iPhone Wiki
Jump to: navigation, search
m (Change category to match other similar pages)
Line 1: Line 1:
This exploit in the [[VROM]] is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It can be patched out '''only''' by a new hardware revision.
+
This exploit in the [[S5L8900]] bootrom is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It is available in all S5L8900 devices - iPhone, iPod Touch and iPhone 3G.
   
 
==Credit==
 
==Credit==
Line 11: Line 11:
 
*[[QuickPwn]]
 
*[[QuickPwn]]
 
*[[WinPwn]]
 
*[[WinPwn]]
  +
*[[redsn0w]]
 
*[http://lpahome.com/geohot/iran.rar iran]
 
*[http://lpahome.com/geohot/iran.rar iran]
   

Revision as of 16:39, 18 July 2009

This exploit in the S5L8900 bootrom is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It is available in all S5L8900 devices - iPhone, iPod Touch and iPhone 3G.

Credit

The dev team

Exploit

There is a stack overflow in the certificate parsing code. By passing a malformed certificate, unsigned code can be run.

Implementations