Difference between revisions of "S5L8920"

From The iPhone Wiki
Jump to: navigation, search
m (Bootrom Exploits)
 
(17 intermediate revisions by 7 users not shown)
Line 1: Line 1:
This is the processor used in the [[iPhone 3GS]].
+
This is the processor used in the [[N88AP|iPhone 3GS]].
   
  +
S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.
S5L8920 using [http://www.arm.com/products/CPUs/archi-thumb2.html THUMB-2] instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[Armv7]] and are not compatible with older CPUs.
 
   
  +
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs.
== Exploits ==
 
=== [[iBoot]] ===
 
* [[iBoot Environment Variable Overflow]] - Works up to [[iOS]] 3.1 beta 3
 
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2
 
   
=== [[S5L8920 (Bootrom)|Bootrom]] ===
+
== [[Bootrom]] ==
  +
'''Bootrom Version''': [[Bootrom 359.3]]
* [[0x24000 Segment Overflow]] - only in [[iBoot-359.3]]
 
* [[SHAtter]]
 
   
  +
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]].
=== [[Kernel]] ===
 
* [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3
 
* [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0.1
 
   
=== [[Userland]] ===
+
== [[Bootrom]] Exploits ==
* [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3
+
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]]
  +
* [[Limera1n Exploit]]
* [[PDF CFF Font Stack Overflow]] - Works up to [[iOS]] 4.0.1
 
  +
* [[alloc8 Exploit]]
   
 
== Boot Chain ==
 
== Boot Chain ==
[[S5L8920 (Bootrom)|Bootrom]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[Firmware|System Software]]
+
[[Bootrom]]→[[LLB]]→[[iBoot]]→[[Kernel]]→[[Firmware|System Software]]
   
 
== See also ==
 
== See also ==
* [[S5L8920 (Bootrom)]]
+
* [[Bootrom]]
 
* [[S5L8920 (Hardware)]]
 
* [[S5L8920 (Hardware)]]
* [[S5L8920 (Hardware - Quick Notes)]]
 
   
==External Links==
+
== External Links ==
 
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]
 
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]
  +
  +
[[Category:Application Processors]]

Latest revision as of 07:36, 12 April 2017

This is the processor used in the iPhone 3GS.

S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.

S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.

Bootrom

Bootrom Version: Bootrom 359.3

Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.

Bootrom Exploits

Boot Chain

BootromLLBiBootKernelSystem Software

See also

External Links