The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+XAPP Vulnerability"
m |
|||
(15 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
− | Used as an injection vector for the |
+ | Used as an injection vector for the [[X-Gold 608]] and [[XMM 6180]] [[unlock]] payload. Currently available in all X-Gold 608 basebands until [[05.13.04]] and [[06.15.00]], and XMM 6180 baseband [[01.59.00]]. |
|
|
||
== Credit == |
== Credit == |
||
+ | * '''vulnerability''': [[sherif_hashim]], also discovered by [[westbaer]], [[User:Geohot|geohot]] and [[User:Oranav|Oranav]] (each one independently) |
||
− | |||
− | * '''vulnerability''': [http://twitter.com/sherif_hashim sherif_hashim], also discovered by [http://twitter.com/westbaer westbaer], [[geohot]] and [http://twitter.com/oranav Oranav] (each one independently) |
||
* '''exploitation''': [[iPhone Dev Team]] |
* '''exploitation''': [[iPhone Dev Team]] |
||
− | |||
== Exploit == |
== Exploit == |
||
+ | There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the [[X-Gold 608]] and [[XMM 6180]]. |
||
+ | at+xapp="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4444555566667777PPPP" |
||
+ | Applying a string of more than 52 characters will trigger the overflow. |
||
− | There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the [[X-Gold 608]] |
||
− | |||
− | at+xapp="0000111122223333444455556666777788889999000011112222" |
||
− | |||
− | applying a string of more than 52 characters will trigger the overflow |
||
− | |
||
== Implementation == |
== Implementation == |
||
+ | The exploit was used by [[iPhone Dev Team]] in [[ultrasn0w]] 1.0-1 and 1.2, which is able to unlock the [[X-Gold 608]] basebands [[04.26.08]], [[05.11.07]], [[05.12.01]], [[05.13.04]] and [[06.15.00]](ultrasn0w 1.2 only), and [[XMM 6180]] baseband [[01.59.00]]. |
||
+ | {{stub|exploit}} |
||
− | |||
− | The exploit was used by [[iPhone Dev Team]] in [[Ultrasn0w]] 0.93 which is able to unlock 4.26.08, 5.11.07, 5.12.01 and 5.13.04 BB firmwares |
||
− | |||
− | ---- |
||
− | |||
[[Category:Baseband Exploits]] |
[[Category:Baseband Exploits]] |
Latest revision as of 23:48, 22 January 2013
Used as an injection vector for the X-Gold 608 and XMM 6180 unlock payload. Currently available in all X-Gold 608 basebands until 05.13.04 and 06.15.00, and XMM 6180 baseband 01.59.00.
Credit
- vulnerability: sherif_hashim, also discovered by westbaer, geohot and Oranav (each one independently)
- exploitation: iPhone Dev Team
Exploit
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the X-Gold 608 and XMM 6180.
at+xapp="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4444555566667777PPPP"
Applying a string of more than 52 characters will trigger the overflow.
Implementation
The exploit was used by iPhone Dev Team in ultrasn0w 1.0-1 and 1.2, which is able to unlock the X-Gold 608 basebands 04.26.08, 05.11.07, 05.12.01, 05.13.04 and 06.15.00(ultrasn0w 1.2 only), and XMM 6180 baseband 01.59.00.
This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag. |