Difference between revisions of "Bootrom Dumper Utility"

From The iPhone Wiki
Jump to: navigation, search
(New page: {{DISPLAYTITLE:Bootrom Dumper Utility}} == Credit == Pod2g Geohot for limera1n == Info/Instructions == - you need a mac or linux box to use it / build...)
 
m
 
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
  +
The '''Bootrom Dumper Utility''' (short BDU) is an application that will create a copy (aka dump) of the [[Bootrom]] of compatible devices on the local machine from where the application is run.
{{DISPLAYTITLE:Bootrom Dumper Utility}}
 
   
 
== Credit ==
 
== Credit ==
Line 6: Line 6:
 
[[User:geohot|Geohot]] for [[limera1n]]
 
[[User:geohot|Geohot]] for [[limera1n]]
   
== Info/Instructions ==
+
== Info / Instructions ==
- you need a mac or linux box to use it / build it
+
* you need a mac or linux box to use it / build it
  +
* libusb 1.0.8 required
  +
* execute it with root privileges (sudo ./bdu)
  +
* by default compatible only with A4 devices: ([[iPhone 4]], [[iPod touch (4th generation)]], [[K66AP|iPad]], [[Apple TV (2nd generation)]])
   
  +
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod (3rd generation)) by changing:
- libusb > 1.0.8 required
 
  +
* the offset to the call of usb_wait_for_image in payload.S
   
  +
0x7ef @ A4 devices: iPad, iPhone 4, Apple TV (2nd generation), iPod touch (4th generation)
- execute it with root privileges (sudo ./bdu)
 
  +
0x8b7 @ iPod touch (3rd generation)
  +
0x8b7 @ iPhone 3GS new bootrom
  +
0x8b7 @ iPhone 3GS old bootrom
  +
0x82c @ iPod touch (2nd generation) new bootrom
  +
0x82d @ iPod touch (2nd generation) old bootrom
   
  +
* exploit offsets in bdu.c
- by default compatible only with A4 devices : (iPhone 4, iPod 4G, iPad, AppleTV 2)
 
 
It's possible to extend the compatibility to older devices as well (iPhone 3Gs, iPod 3G) by changing:
 
* the offset to the call of usb_wait_for_image in payload.S
 
* exploit offsets in bdu.c
 
   
  +
// A4:
  +
#define EXPLOIT_LR 0x8403BF9C
  +
#define LOADADDR_SIZE 0x2C000
  +
// iPod touch (2nd generation):
  +
#define EXPLOIT_LR 0x22000000
  +
#define LOADADDR_SIZE 0x24000
  +
// iPod touch (3rd generation):
  +
#define EXPLOIT_LR 0x84033F98
  +
#define LOADADDR_SIZE 0x24000
  +
// iPhone 3GS new bootrom:
  +
#define EXPLOIT_LR 0x84033FA4
  +
#define LOADADDR_SIZE 0x24000
   
 
== Links ==
 
== Links ==
 
[https://github.com/Chronic-Dev/Bootrom-Dumper Github]
 
[https://github.com/Chronic-Dev/Bootrom-Dumper Github]
 
   
 
[[Category:Hacking Software]]
 
[[Category:Hacking Software]]
  +
[[Category:Bootrom]]

Latest revision as of 09:32, 26 March 2017

The Bootrom Dumper Utility (short BDU) is an application that will create a copy (aka dump) of the Bootrom of compatible devices on the local machine from where the application is run.

Credit

Pod2g

Geohot for limera1n

Info / Instructions

It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod (3rd generation)) by changing:

  • the offset to the call of usb_wait_for_image in payload.S
0x7ef @ A4 devices: iPad, iPhone 4, Apple TV (2nd generation), iPod touch (4th generation)
0x8b7 @ iPod touch (3rd generation)
0x8b7 @ iPhone 3GS new bootrom
0x8b7 @ iPhone 3GS old bootrom
0x82c @ iPod touch (2nd generation) new bootrom
0x82d @ iPod touch (2nd generation) old bootrom
  • exploit offsets in bdu.c
// A4:
#define EXPLOIT_LR 0x8403BF9C
#define LOADADDR_SIZE 0x2C000
// iPod touch (2nd generation):
#define EXPLOIT_LR 0x22000000
#define LOADADDR_SIZE 0x24000
// iPod touch (3rd generation):
#define EXPLOIT_LR 0x84033F98
#define LOADADDR_SIZE 0x24000
// iPhone 3GS new bootrom:
#define EXPLOIT_LR 0x84033FA4
#define LOADADDR_SIZE 0x24000

Links

Github