Difference between revisions of "S5L8922"

From The iPhone Wiki
Jump to: navigation, search
(added 24kPwn exploit)
m
 
(40 intermediate revisions by 15 users not shown)
Line 1: Line 1:
This is the processor used in the [[N18ap|iPod Touch 3G]].
+
This is the processor used in the [[N18AP|iPod touch (3rd generation)]].
   
== Exploits ==
+
== [[S5L8922 (Bootrom)|Bootrom]] Exploits ==
  +
[[User:Geohot|Geohot]] has made use of his previously undisclosed bootrom exploit in [[limera1n]]. It is also implemented in Chronic Dev's [[Greenpois0n (toolkit)|greenpois0n]]. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe
=== [[iBoot]] / [[Kernel]] ===
 
* [[usb_control_msg(0x21, 2) Exploit]] - 3.1.1 and below.
 
   
  +
==Information==
=== [[S5L8922 (Bootrom)|Bootrom]] ===
 
  +
* [[0x24000 Segment Overflow]]
 
  +
The load address is at 0x41000000 (same as the [[S5L8920]]).
   
 
== Boot Chain ==
 
== Boot Chain ==
[[S5L8922 (Bootrom)|Bootrom]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[System|System Software]]
+
[[S5L8922 (Bootrom)|Bootrom]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[Firmware|System Software]]
  +
  +
The entire boot chain (except the bootrom) resides on the [[NAND]] flash (instead of part of it on [[NOR]] flash as in earlier devices).
  +
This is the only main difference from the [[S5L8920]] used in the [[N88AP|iPhone 3GS]].
   
 
== See also ==
 
== See also ==
 
* [[S5L8922 (Bootrom)]]
 
* [[S5L8922 (Bootrom)]]
 
* [[S5L8922 (Hardware)]]
 
* [[S5L8922 (Hardware)]]
  +
  +
==External Links==
  +
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S]
  +
  +
[[Category:Application Processors]]

Latest revision as of 09:53, 26 March 2017

This is the processor used in the iPod touch (3rd generation).

Bootrom Exploits

Geohot has made use of his previously undisclosed bootrom exploit in limera1n. It is also implemented in Chronic Dev's greenpois0n. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe

Information

The load address is at 0x41000000 (same as the S5L8920).

Boot Chain

Bootrom->LLB->iBoot->Kernel->System Software

The entire boot chain (except the bootrom) resides on the NAND flash (instead of part of it on NOR flash as in earlier devices). This is the only main difference from the S5L8920 used in the iPhone 3GS.

See also

External Links