|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8900"
| Line 1: | Line 1: | ||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | This is the Application Processor shared between the [[M68ap|iPhone]], [[N45ap|iPod touch]], and the [[N82ap|iPhone 3G]]. Not much is known about it through official sources. This processor is not used in any of the newest devices, being replaced by the [[S5L8720]] and [[S5L8920]]. |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | ==[[S5L File Formats|Firmware File Formats]]== |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
== Exploits == |
== Exploits == |
||
| Line 13: | Line 15: | ||
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | ===[[VROM (S5L8900)|Bootrom]]=== |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | * [[pwnage|Pwnage 1.0 (Ramdisk + AppleImage2NORAccess)]] |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | * [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
=== [[Kernel]] === |
=== [[Kernel]] === |
||
| Line 32: | Line 36: | ||
[[VROM]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[System|System Software]] |
[[VROM]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[System|System Software]] |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | One of the [[iPhoneLinux]] goals are to replace that Boot Chain after iBoot:<br /> |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | [[VROM]]->OpeniBoot->Linux Kernel->X Server->Window Manager |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | ==Upgrade Process== |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | === [[Restore Mode]] === |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | The common upgrade process chain is [[VROM]]->[[DFU]]->[[WTF]]->[[iBoot]]->[[Kernel]]->[[Ramdisk]]->[[Restore Mode]]. |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | === [[DFU|DFU Mode]] === |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | To flash an older version of the iPhone software you have to let your phone reside in [[DFU]]. In iTunes you have to press the option key (Mac) or the shift key (Windows) when pressing 'Restore' to be able to manually chose an [[IPSW File Format|IPSW]]. |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | Haxed by 1337Urmom at The Pois0nhack team |
||
==== Boot Chain ==== |
==== Boot Chain ==== |
||
Revision as of 02:01, 23 September 2010
Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team
Exploits
iBoot
Note: iBoot on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares
- Restore Mode - Works up to iOS 1.0.2
- Ramdisk Hack - Works up to iOS 2.0 beta 3
- diags - Works up to iOS 2.0 beta 5
- ARM7 Go - Works on iOS 2.1.1
- iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
- usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2
Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team
Kernel
- BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
- IOSurface Kernel Exploit - Works up to iOS 4.0.1
Userland
- Symlinks - Works up to iOS 1.1.1
- LibTiff - Works up to iOS 1.1.1
- Mknod - Works up to iOS 1.1.2
- Dual Boot Exploit - Works up to iOS 2.0 beta 3
- MobileBackup Copy Exploit - Works up to iOS 3.1.3
- PDF CFF Font Stack Overflow - Works up to iOS 4.0.1
Boot Chain
VROM->LLB->iBoot->Kernel->System Software
Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team
Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team
Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team
Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team
