|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8720"
ChronicDev (talk | contribs) (→Exploits) |
m |
||
| (51 intermediate revisions by 13 users not shown) | |||
| Line 1: | Line 1: | ||
| − | This is the Application Processor used on the [[ |
+ | This is the Application Processor used on the [[N72AP|iPod touch (2nd generation)]]. |
| − | ==Exploits== |
+ | == [[Bootrom]] Exploits == |
| + | * [[0x24000 Segment Overflow]] - only in [[Bootrom 240.4]] (old bootrom) |
||
| − | * [[ARM7 Go]] - Only a semi-jailbreak, because the payload must be applied to boot to an unsigned kernel once a jailbroken system is loaded. While this is an iBoot exploit and is not, per se, only in the 8720x, the only iBoots that this exploit can be found in are the 2.1.1 iPod Touch 2G ones, and they will not on an [[iPhone]] or any of the other devices because of the BORD and CHIP tags. |
||
| + | * [[usb_control_msg(0xA1, 1) Exploit]] |
||
| + | |||
| + | '''Note''': [[iBoot (Bootloader)|iBoot]] on the S5L8720 can be downgraded, allowing any of the [[iBoot (Bootloader)|iBoot]] exploits to be used on future firmwares. |
||
==Boot Chain== |
==Boot Chain== |
||
| − | [[ |
+ | [[VROM]]->[[LLB]]->[[iBoot (Bootloader)|iBoot]]->[[Kernel]]->[[Firmware|System Software]] |
| + | |||
| + | It is definitely worthy to note that the [[Pwnage]] exploit is fixed because the images are now flashed to the [[NOR]] in their encrypted [[IMG3 File Format|IMG3]] containers, and the [[bootrom]] can properly check [[LLB]]'s signature. That being said, unsigned images can still be run using the [[0x24000 Segment Overflow]], provided the bootrom is [[Bootrom 240.4|old enough]]. |
||
| + | |||
| + | ==See Also== |
||
| + | * [[S5L8720 (Hardware)]] |
||
| + | * [[S5L File Formats]] |
||
| + | |||
| + | ==External Links== |
||
| + | * [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S] |
||
| + | [[Category:Application Processors]] |
||
| − | It is definitely worthy to note that the [[Pwnage]] exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly sigcheck LLB. |
||
Latest revision as of 12:33, 23 March 2017
This is the Application Processor used on the iPod touch (2nd generation).
Bootrom Exploits
- 0x24000 Segment Overflow - only in Bootrom 240.4 (old bootrom)
- usb_control_msg(0xA1, 1) Exploit
Note: iBoot on the S5L8720 can be downgraded, allowing any of the iBoot exploits to be used on future firmwares.
Boot Chain
VROM->LLB->iBoot->Kernel->System Software
It is definitely worthy to note that the Pwnage exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly check LLB's signature. That being said, unsigned images can still be run using the 0x24000 Segment Overflow, provided the bootrom is old enough.
