|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8720"
(remove non-hardware-related exploits) |
m |
||
| Line 18: | Line 18: | ||
==External Links== |
==External Links== |
||
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S] |
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S] |
||
| + | |||
| + | [[Category:Application Processors]] |
||
Revision as of 23:42, 14 August 2013
This is the Application Processor used on the iPod touch 2G.
Bootrom Exploits
- 0x24000 Segment Overflow - only in Bootrom 240.4 (old bootrom)
- usb_control_msg(0xA1, 1) Exploit
Note: iBoot on the S5L8720 can be downgraded, allowing any of the iBoot exploits to be used on future firmwares.
Boot Chain
VROM->LLB->iBoot->Kernel->System Software
It is definitely worthy to note that the Pwnage exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly check LLB's signature. That being said, unsigned images can still be run using the 0x24000 Segment Overflow, provided the bootrom is old enough.
