The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8720 (VROM)"
(Replacing page with 'Hacked by Chroniccommand') |
m |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
+ | The [[N72AP|iPod touch (2nd generation)]] bootrom runs on [[iBoot]] v240.4, which is from somewhere after 1.1.4 and after 2.0 beta 4. It maps itself to 0x0, and stores any global variables (Permissions flags, min / max addrs, image / bdev list, USB power on state, etc.) at 0x22000000. |
||
− | Hacked by Chroniccommand |
||
+ | |||
+ | ==Notes== |
||
+ | ===Firmware Parsing=== |
||
+ | * It seems to only support AES-128 KBAGs, versus current iBoots which also support AES-192 and AES-256 KBAGs. Interestingly, it seems to make space for up to an AES-256 [[KBAG]] (0x30; 0x10 for IV, 0x20 for key) when creating a buffer for it, but the code itself does a check and will error if it is not AES-128. |
Latest revision as of 12:30, 23 March 2017
The iPod touch (2nd generation) bootrom runs on iBoot v240.4, which is from somewhere after 1.1.4 and after 2.0 beta 4. It maps itself to 0x0, and stores any global variables (Permissions flags, min / max addrs, image / bdev list, USB power on state, etc.) at 0x22000000.
Notes
Firmware Parsing
- It seems to only support AES-128 KBAGs, versus current iBoots which also support AES-192 and AES-256 KBAGs. Interestingly, it seems to make space for up to an AES-256 KBAG (0x30; 0x10 for IV, 0x20 for key) when creating a buffer for it, but the code itself does a check and will error if it is not AES-128.