The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "N72AP"
ChronicDev (talk | contribs) (→Bootrom exploit = No Go) |
m |
||
(45 intermediate revisions by 14 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[File:iPod touch (2nd generation).png|thumb|right|iPod touch (2nd generation)]] |
||
− | This is the 2nd Generation iPod Touch |
||
+ | This is the second generation [[List of iPod touches|iPod touch]]. It has two different [[bootrom]] revisions. |
||
− | Model: n72ap |
||
− | Application Processor (OS Chip): s5l8720x |
||
+ | '''Model''': N72AP |
||
− | == Decryption of it's Ramdisks, iBoot, LLB, Kernel, and friends == |
||
− | The application processor has a new [[GID]] key in it, so you can't decrypt kbags from it on any other device than itself. So, you pretty much will not even be able to make a pwned IPSW, let alone decrypt the RootFS, unless a low level (like, bootrom/kernel/iBoot) exploit is found. From there, it can be used to run code to decrypt the kbags so that we can in turn decrypt the files, and then to run code to actually pwn the device. |
||
+ | '''Application Processor (OS Chip)''': [[S5L8720]] |
||
− | == Bootrom exploit = No Go == |
||
− | DFU in the iPod Touch 2 is now [[0x1227]], so basically they took the patched up WTF and burned it into the bootrom, meaning the bootrom stack overflow is a no go...other methods are being tested though, no word on if they work yet... |
||
+ | The name used in firmware is iPod2,1. |
||
− | == Notes == |
||
− | -It has a new [[GID]] key. |
||
+ | ==Hardware== |
||
− | -[[iBoot]] seems to map itself at 0xFF00000. |
||
+ | See the [[S5L8720 (Hardware)]] for hardware details |
||
+ | ==Device IDs== |
||
− | -[[LLB]] is encrypted, which is new. |
||
+ | '''0x1227''' = [[DFU Mode]] 2.0 (Basically WTF 2.0 burned into bootrom) |
||
+ | '''0x1281''' = [[Recovery Mode]] 2.0 ([[iBEC]]/[[iBSS]]/[[iBoot (Bootloader)|iBoot]]) |
||
− | -The s5l8900 [[WTF]] is still in the firmware strangely enough, but there is no [[n72ap]] WTF. |
||
+ | '''0x1293''' = Normal Mode (comm with [[iTunes]] / MobileDev framework) |
||
− | -It uses the same [[KBAG]] method, but as previously stated, it has a new [[GID]] key so nothing can be decrypted at the time without allowing unsigned code. |
||
− | == |
+ | ==Exploits== |
+ | See the [[S5L8720]] page for all known exploits |
||
− | <i>See: [[n72ap (Internals)]]</i> - Remarkably it has a Bluetooth Chip, shown by iFixit, but apparently it may only be used for Rf transmission to the Nike+ kit. |
||
+ | |||
+ | ==Links== |
||
+ | * [http://www.ifixit.com/Guide/First-Look/iPod/iPod-Touch-2G iFixit page for iPod touch 2nd Generation] |
||
+ | |||
+ | [[Category:Devices]] |
Latest revision as of 21:10, 21 March 2017
This is the second generation iPod touch. It has two different bootrom revisions.
Model: N72AP
Application Processor (OS Chip): S5L8720
The name used in firmware is iPod2,1.
Contents
Hardware
See the S5L8720 (Hardware) for hardware details
Device IDs
0x1227 = DFU Mode 2.0 (Basically WTF 2.0 burned into bootrom)
0x1281 = Recovery Mode 2.0 (iBEC/iBSS/iBoot)
0x1293 = Normal Mode (comm with iTunes / MobileDev framework)
Exploits
See the S5L8720 page for all known exploits