|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8922"
(→Kernel) |
(removed non-hardware-related exploits) |
||
| Line 1: | Line 1: | ||
This is the processor used in the [[N18ap|iPod touch 3G]]. |
This is the processor used in the [[N18ap|iPod touch 3G]]. |
||
| − | == Exploits == |
+ | == [[S5L8922 (Bootrom)|Bootrom]] Exploits == |
| − | === [[iBoot]] === |
||
| − | * [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
||
| − | |||
| − | === [[S5L8922 (Bootrom)|Bootrom]] === |
||
[[User:Geohot|Geohot]] has made use of his previously undisclosed bootrom exploit in [[limera1n]]. It is also implemented in Chronic Dev's [[Greenpois0n (toolkit)|greenpois0n]]. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe |
[[User:Geohot|Geohot]] has made use of his previously undisclosed bootrom exploit in [[limera1n]]. It is also implemented in Chronic Dev's [[Greenpois0n (toolkit)|greenpois0n]]. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe |
||
| − | |||
| − | === [[Kernel]] === |
||
| − | * [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0 |
||
| − | * [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] [[JasperVail 8C5115c (iPod touch 3G)|4.2b3]] |
||
| − | * [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] [[Jasper 8C148 (iPod touch 3G)|4.2.1]] |
||
| − | * [[ndrv_setspec() Integer Overflow]] - Works on [[iOS]] [[Durango 8J2 (iPod touch 3G)|4.3.1 / 4.3.2 / 4.3.3]] |
||
| − | |||
| − | === [[Userland]] === |
||
| − | * [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0 |
||
| − | * [[T1 Font Integer Overflow]] - Works up to [[iOS]] 4.3.3 |
||
==Information== |
==Information== |
||
Revision as of 21:21, 25 October 2012
This is the processor used in the iPod touch 3G.
Bootrom Exploits
Geohot has made use of his previously undisclosed bootrom exploit in limera1n. It is also implemented in Chronic Dev's greenpois0n. Source code for Greenpois0n can be found here: https://github.com/Chronic-Dev/syringe
Information
The load address is at 0x41000000 (same as the S5L8920).
Boot Chain
Bootrom->LLB->iBoot->Kernel->System Software
The entire boot chain (except the bootrom) resides on the NAND flash (instead of part of it on NOR flash as in earlier devices). This is the only main difference from the S5L8920 used in the iPhone 3GS.
