|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8920"
m (→Boot Chain) |
(→Exploits) |
||
| Line 10: | Line 10: | ||
=== [[S5L8920 (Bootrom)|Bootrom]] === |
=== [[S5L8920 (Bootrom)|Bootrom]] === |
||
* [[0x24000 Segment Overflow]] |
* [[0x24000 Segment Overflow]] |
||
| + | |||
| + | ===[[Firmware|Userland]]=== |
||
| + | * [[MobileBackup Copy Exploit]] - Firmware 3.1.3 and below |
||
| + | * [[BPF STX Kernel Write Exploit]] - Firmware 3.1.3 and below |
||
== Boot Chain == |
== Boot Chain == |
||
Revision as of 23:52, 29 July 2010
This is the processor used in the iPhone 3GS.
S5L8920 using THUMB-2 instruction set as much as ARM and THUMB ones. So the compiled binaries are not compatible with older CPUs.
Contents
Exploits
iBoot / Kernel
- iBoot Environment Variable Overflow - Firmware 3.1b3 and below (Note: iBoot on the S5L8920 can be downgraded allowing the exploit to be used on future firmwares, but only if a backup of the device-specific Apple-signed 3.0 iBSS with unique ECID was made.)
- usb_control_msg(0x21, 2) Exploit - 3.1.2 and below.
Bootrom
Userland
- MobileBackup Copy Exploit - Firmware 3.1.3 and below
- BPF STX Kernel Write Exploit - Firmware 3.1.3 and below
Boot Chain
Bootrom->LLB->iBoot->Kernel->System Software
