Difference between revisions of "Fakeblank"

From The iPhone Wiki
Jump to: navigation, search
(Description)
m (Description)
Line 4: Line 4:
 
gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor
 
gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor
   
==Description==
+
==X-Gold 608==
  +
The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit
If 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 read as 0xFFFFFFFF on startup, the [[Baseband Bootrom Protocol]] can be used to download and run unsigned code. In the initial hardware unlock, an address line was pulled high to OR in hardware those addresses with +0x40000, making it instead read parts of the baseband firmware area, which can be erased.
 
   
 
==Other links==
 
==Other links==

Revision as of 00:55, 23 September 2010

This exploit is in the Baseband Bootrom. There are hardware (testpoint) and software variations of this.

Credit

gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor

X-Gold 608

The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit

Other links

dev team description of fakeblank