|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Fakeblank"
ChronicDev (talk | contribs) (→Description) |
m (→Description) |
||
| Line 4: | Line 4: | ||
gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor |
gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor |
||
| − | == |
+ | ==X-Gold 608== |
| + | The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit |
||
| − | If 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 read as 0xFFFFFFFF on startup, the [[Baseband Bootrom Protocol]] can be used to download and run unsigned code. In the initial hardware unlock, an address line was pulled high to OR in hardware those addresses with +0x40000, making it instead read parts of the baseband firmware area, which can be erased. |
||
==Other links== |
==Other links== |
||
Revision as of 00:55, 23 September 2010
This exploit is in the Baseband Bootrom. There are hardware (testpoint) and software variations of this.
Credit
gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor
X-Gold 608
The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit
