The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Talk:Bootrom Dumper Utility"
Squiffypwn (talk | contribs) (→A5 devices) |
|||
Line 27: | Line 27: | ||
::It's kind of non-sense this tool so. To dump already hacked bootroms? --[[User:XiiiX|XiiiX]] 14:21, 2 January 2012 (MST) |
::It's kind of non-sense this tool so. To dump already hacked bootroms? --[[User:XiiiX|XiiiX]] 14:21, 2 January 2012 (MST) |
||
:::No. Not really. You may find an exploit outside the bootrom which leads to a jailbreak which you can use to dump the bootrom which can help you to find exploits in the bootrom for later jailbreaks. Jailbreaks based on bootrom exploits can only be fixed with new hardware.--[[User:M2m|M2m]] 15:28, 2 January 2012 (MST) |
:::No. Not really. You may find an exploit outside the bootrom which leads to a jailbreak which you can use to dump the bootrom which can help you to find exploits in the bootrom for later jailbreaks. Jailbreaks based on bootrom exploits can only be fixed with new hardware.--[[User:M2m|M2m]] 15:28, 2 January 2012 (MST) |
||
+ | :::There is no such thing as an "hacked BootROM". We cannot change the contents of the BootROM. Note "ROM" - Read Only Memory. -SquiffyPwn 17:10, 2 January 2012 (CST) |
||
::::That's a better explanation. So we don't need a bootrom jailbreak to use this, just a user-land could work? Why is the necessity of a jailbreak to dump te bootrom? We need the offsets? --[[User:XiiiX|XiiiX]] 16:09, 2 January 2012 (MST) |
::::That's a better explanation. So we don't need a bootrom jailbreak to use this, just a user-land could work? Why is the necessity of a jailbreak to dump te bootrom? We need the offsets? --[[User:XiiiX|XiiiX]] 16:09, 2 January 2012 (MST) |
||
:Look the source code, it use an BootROM exploit, there is no public BootROM exploit for A5 ~zmaster |
:Look the source code, it use an BootROM exploit, there is no public BootROM exploit for A5 ~zmaster |
Revision as of 23:11, 2 January 2012
If anyone gets it working for iPod touch 2G, let me know. I am trying to work on it, but not much spare time --JacobVengeance (JakeAnthraX) 07:27, 23 December 2010 (UTC)
- my fork should work --liamchat 16:27, 24 December 2010 (UTC)
- You can also use the current iPod touch 2G OpeniBoot link. The bootrom is at 0x20000000 on the 2g touch --Kleemajo 01:02, 26 December 2010 (UTC)
- I ended up making my own very crappy steaks4uce version to dump it. I didn't realize you made a version liam, nice job. Also where did you guys get your ARM toolchain? The one I use keeps breaking and giving me errors lately.--JacobVengeance (JakeAnthraX) 03:38, 29 December 2010 (UTC)
- i use sudo port install arm-elf-binutils and sudo port instal arm-elf-gcc --liamchat 10:56, 29 December 2010 (UTC)
- Using that I just get errors when compiling everything. I had it working on my last setup when I wrote my crappy syeaks4uce method, but now it isn't working. I will figure it out sooner or later. Thanks anyways. --JacobVengeance (JakeAnthraX) 22:45, 29 December 2010 (UTC)
- i use sudo port install arm-elf-binutils and sudo port instal arm-elf-gcc --liamchat 10:56, 29 December 2010 (UTC)
- hey liam when I try running this on linux i get 84 00 00 00 05 00 00 00 80 00 00 00 80 62 02 22 FF FF FF FF 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 00 00 02 00 00 00 01 38 02 22 90 D7 02 22 and then the rest of it gets filled with nulls until the next 0x800 bytes start :( Revolution 19:02, 19 February 2011 (UTC)
- use toolchain.txt from openiboot, it works perfect --posixninja 23:41, 29 December 2010 (UTC)
- run:
- for linux
- --liamchat 01:35, 20 February 2011 (UTC)
- um liam I did that... on line 145 you need to make that specified for macosx only, well at least that's what the pod2g's version did... try building it on linux. Revolution 16:51, 20 February 2011 (UTC)
- i fixed the error there does not need to be any specific platform support for stake or pwnage2 i think there is better way using Descriptors --liamchat 00:02, 21 February 2011 (UTC)
- I just tried your new version. It still doesn't work. i managed to dump the bootrom with openiboot but yeah. here is the dump your ipod produces. it contains no copy writed code so i'll paste it here. [1] Revolution 21:11, 24 February 2011 (UTC)
- None of his things will work, I can promise you that. He doensn't know what he is doing. --JacobVengeance (JakeAnthraX) 00:22, 25 February 2011 (UTC)
- i have edited it again however i cant the usb wait for image call offset i origany thought it was the usb wait for image offset from syringe. --liamchat 20:41, 7 March 2011 (UTC)
- None of his things will work, I can promise you that. He doensn't know what he is doing. --JacobVengeance (JakeAnthraX) 00:22, 25 February 2011 (UTC)
- I just tried your new version. It still doesn't work. i managed to dump the bootrom with openiboot but yeah. here is the dump your ipod produces. it contains no copy writed code so i'll paste it here. [1] Revolution 21:11, 24 February 2011 (UTC)
- I ended up making my own very crappy steaks4uce version to dump it. I didn't realize you made a version liam, nice job. Also where did you guys get your ARM toolchain? The one I use keeps breaking and giving me errors lately.--JacobVengeance (JakeAnthraX) 03:38, 29 December 2010 (UTC)
VMware + Windows
anyone tried this on vmware + windows? can't make it work. tried on iPhone 4 & iPod touch 3G -- paulzero 10:38, 13 February 2011 (UTC)
- it's the limera1n exploit. it does not work throughout a vm --liamchat 14:45, 13 February 2011 (UTC)
A5 devices
Can we use this tool to dump A5 devices? --XiiiX 12:28, 2 January 2012 (MST)
- Not until there is a jailbreak for A5 devices.--M2m 12:51, 2 January 2012 (MST)
- No. Limera1n doesn't work on A5 devices. --http 13:04, 2 January 2012 (MST)
- It's kind of non-sense this tool so. To dump already hacked bootroms? --XiiiX 14:21, 2 January 2012 (MST)
- No. Not really. You may find an exploit outside the bootrom which leads to a jailbreak which you can use to dump the bootrom which can help you to find exploits in the bootrom for later jailbreaks. Jailbreaks based on bootrom exploits can only be fixed with new hardware.--M2m 15:28, 2 January 2012 (MST)
- There is no such thing as an "hacked BootROM". We cannot change the contents of the BootROM. Note "ROM" - Read Only Memory. -SquiffyPwn 17:10, 2 January 2012 (CST)
- That's a better explanation. So we don't need a bootrom jailbreak to use this, just a user-land could work? Why is the necessity of a jailbreak to dump te bootrom? We need the offsets? --XiiiX 16:09, 2 January 2012 (MST)
- It's kind of non-sense this tool so. To dump already hacked bootroms? --XiiiX 14:21, 2 January 2012 (MST)
- Look the source code, it use an BootROM exploit, there is no public BootROM exploit for A5 ~zmaster