The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+XEMN Heap Overflow"
(added possible heap overflow via AT+XEMN) |
|||
Line 1: | Line 1: | ||
+ | AT+XEMN is a command on baseband 5.11.07, which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject the Ultrasn0w Payload to provide a coveted Software Sim Unlock on Official 3.1.2 running 5.11.07 |
||
− | AT+XEMN is a command, that when issued in minicom, causes a non-exploitable crash for 5.11.07. |
||
== Exception Dump == |
== Exception Dump == |
||
Line 41: | Line 41: | ||
*GeoHot attempts to use this command, but later finds out aswell that it is non-exploitable - http://twitter.com/geohot/status/4979506974 |
*GeoHot attempts to use this command, but later finds out aswell that it is non-exploitable - http://twitter.com/geohot/status/4979506974 |
||
*The hunt for another exploit continues as New 3G/3G[S] users join or if 3G/3G[S] users upgrade to Official Apple Firmware. |
*The hunt for another exploit continues as New 3G/3G[S] users join or if 3G/3G[S] users upgrade to Official Apple Firmware. |
||
− | *Geohot does more investigation and discovers that this command |
+ | *Geohot does more investigation and discovers that this command is indeed exploitable - http://twitter.com/geohot/status/5196861045 |
Revision as of 08:06, 28 October 2009
AT+XEMN is a command on baseband 5.11.07, which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject the Ultrasn0w Payload to provide a coveted Software Sim Unlock on Official 3.1.2 running 5.11.07
Exception Dump
+XLOG: Exception Number: 1 Trap Class: 0xDDDD (SW GENERATED TRAP) Identification: 140 (0x008C) Date: 22.10.2009 Time: 00:30 File: atform/text/_malloc.c Line: 1036 Logdata: 2E 0C 76 ED 40 14 31 64 61 74 63 3A 31 00 64 63 ..v.@.1datc:1.dc 20 44 F4 E9 20 20 20 20 20 20 20 20 20 20 20 20 D.. 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
July 2009
- Oranav discovers this command.
- Shortly after discovered, The iPhone Dev Team, confirms that the command is non-exploitable.
- There was no talk about this command.
September 2009
- iH8sn0w discovered this command but kept it a secret for about a month - http://twitter.com/iH8sn0w/status/4353547726
October 2009
- When the Dev-Team stated that iH8sn0w did not have a unlock, he posted the command on Twitter - http://twitter.com/iH8sn0w/status/4954333558.
- Shortly after, Oranav discovered this, and posted his Hash from July - http://pastebin.ca/1485104.
- MuscleNerd tells iHacker that the command was received awhile ago and was non-exploitable - http://twitter.com/MuscleNerd/status/4978871033 | http://twitter.com/iHacker/status/4978821448
- GeoHot attempts to use this command, but later finds out aswell that it is non-exploitable - http://twitter.com/geohot/status/4979506974
- The hunt for another exploit continues as New 3G/3G[S] users join or if 3G/3G[S] users upgrade to Official Apple Firmware.
- Geohot does more investigation and discovers that this command is indeed exploitable - http://twitter.com/geohot/status/5196861045