The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8922"
m (→Userland) |
m |
||
(21 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
− | This is the processor used in the [[ |
+ | This is the processor used in the [[N18AP|iPod touch (3rd generation)]]. |
− | == Exploits == |
+ | == [[S5L8922 (Bootrom)|Bootrom]] Exploits == |
+ | [[User:Geohot|Geohot]] has made use of his previously undisclosed bootrom exploit in [[limera1n]]. It is also implemented in Chronic Dev's [[Greenpois0n (toolkit)|greenpois0n]]. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe |
||
− | === [[iBoot]] === |
||
− | * [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
||
− | |||
− | === [[S5L8922 (Bootrom)|Bootrom]] === |
||
− | [[User:Geohot|Geohot]] discovered an exploit for this [[bootrom]] that does not have publicly revealed technical details yet. |
||
− | |||
− | === [[Kernel]] === |
||
− | * [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3 |
||
− | * [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0 |
||
− | |||
− | === [[Userland]] === |
||
− | * [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
||
− | * [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0 |
||
==Information== |
==Information== |
||
Line 24: | Line 12: | ||
The entire boot chain (except the bootrom) resides on the [[NAND]] flash (instead of part of it on [[NOR]] flash as in earlier devices). |
The entire boot chain (except the bootrom) resides on the [[NAND]] flash (instead of part of it on [[NOR]] flash as in earlier devices). |
||
− | This is the only main difference from the [[S5L8920]] used in the [[ |
+ | This is the only main difference from the [[S5L8920]] used in the [[N88AP|iPhone 3GS]]. |
== See also == |
== See also == |
||
Line 32: | Line 20: | ||
==External Links== |
==External Links== |
||
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S] |
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S] |
||
+ | |||
+ | [[Category:Application Processors]] |
Latest revision as of 09:53, 26 March 2017
This is the processor used in the iPod touch (3rd generation).
Bootrom Exploits
Geohot has made use of his previously undisclosed bootrom exploit in limera1n. It is also implemented in Chronic Dev's greenpois0n. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe
Information
The load address is at 0x41000000 (same as the S5L8920).
Boot Chain
Bootrom->LLB->iBoot->Kernel->System Software
The entire boot chain (except the bootrom) resides on the NAND flash (instead of part of it on NOR flash as in earlier devices). This is the only main difference from the S5L8920 used in the iPhone 3GS.