|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8900"
m (Redirect fix.) |
(→Exploits: Might've botched this, sorry if I did. :\) |
||
| Line 3: | Line 3: | ||
==[[S5L File Formats|Firmware File Formats]]== |
==[[S5L File Formats|Firmware File Formats]]== |
||
| − | ==Exploits== |
+ | == Exploits == |
| − | ===[[iBoot]] |
+ | === [[iBoot]] === |
| + | '''Note''': [[iBoot]] on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares |
||
| − | * [[Ramdisk Hack]] - 1.1.4 / 2.0 beta 3 and below |
||
| + | * [[Ramdisk Hack]] - Works up to [[iOS]] 2.0 beta 3 |
||
| − | * [[iBoot Environment Variable Overflow]] - 3.1 beta 1 and below |
||
| + | * [[diags]] - Works up to [[iOS]] 2.0 beta 5 |
||
| − | * [[usb_control_msg(0x21, 2) Exploit]] - 3.1.2 and below |
||
| − | * [[ |
+ | * [[Restore Mode]] - Works up to [[iOS]] 1.0.2 |
| + | * [[ARM7 Go]] - Works on [[iOS]] 2.1.1 |
||
| + | * [[iBoot Environment Variable Overflow]] - Works up to [[iOS]] 3.1 beta 3 |
||
| + | * [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
||
===[[VROM (S5L8900)|Bootrom]]=== |
===[[VROM (S5L8900)|Bootrom]]=== |
||
| Line 14: | Line 17: | ||
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
||
| − | ===[[ |
+ | === [[Kernel]] === |
| + | * [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[Restore Mode]] - Firmware v1.0.2 and below |
||
| + | * [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0.1 |
||
| − | * [[Symlinks]] - Firmware v1.1.1 and below |
||
| + | |||
| − | * [[LibTiff]] - Firmware v1.1.1 and below |
||
| + | === [[Userland]] === |
||
| − | * [[Mknod]] - Firmware v1.1.2 and below |
||
| + | * [[LibTiff]] - Works up to [[iOS]] 1.1.1 |
||
| − | * [[MobileBackup Copy Exploit]] - Firmware 3.1.3 and below |
||
| − | * [[ |
+ | * [[Symlinks]] - Works up to [[iOS]] 1.1.1 |
| − | * [[ |
+ | * [[Mknod]] - Works up to [[iOS]] 1.1.2 |
| + | * [[Dual Boot Exploit]] - Works up to [[iOS]] 2.0 beta 3 |
||
| + | * [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| + | * [[PDF CFF Font Stack Overflow]] - Works up to [[iOS]] 4.0.1 |
||
==Boot Chain== |
==Boot Chain== |
||
Revision as of 00:51, 23 September 2010
This is the Application Processor shared between the iPhone, iPod touch, and the iPhone 3G. Not much is known about it through official sources. This processor is not used in any of the newest devices, being replaced by the S5L8720 and S5L8920.
Contents
Firmware File Formats
Exploits
iBoot
Note: iBoot on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares
- Restore Mode - Works up to iOS 1.0.2
- Ramdisk Hack - Works up to iOS 2.0 beta 3
- diags - Works up to iOS 2.0 beta 5
- ARM7 Go - Works on iOS 2.1.1
- iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
- usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2
Bootrom
Kernel
- BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
- IOSurface Kernel Exploit - Works up to iOS 4.0.1
Userland
- Symlinks - Works up to iOS 1.1.1
- LibTiff - Works up to iOS 1.1.1
- Mknod - Works up to iOS 1.1.2
- Dual Boot Exploit - Works up to iOS 2.0 beta 3
- MobileBackup Copy Exploit - Works up to iOS 3.1.3
- PDF CFF Font Stack Overflow - Works up to iOS 4.0.1
Boot Chain
VROM (S5L8900)->LLB->iBoot->Kernel->System Software
One of the iPhoneLinux goals are to replace that Boot Chain after iBoot:
VROM (S5L8900)->OpeniBoot->Linux Kernel->X Server->Window Manager
Upgrade Process
Restore Mode
The common upgrade process chain is VROM->DFU Mode->WTF->iBoot->Kernel->Ramdisk->Restore Mode.
DFU Mode
To flash an older version of the iPhone software you have to let your phone reside in DFU Mode. In iTunes you have to press the option key (Mac) or the shift key (Windows) when pressing 'Restore' to be able to manually chose an IPSW.
