|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Jailbreak (S5L8920+)"
m |
m |
||
| Line 1: | Line 1: | ||
| − | Because of the date the [[0x24000 Segment Overflow]] was leaked by [[NitroKey]], Apple |
+ | Because of the date the [[0x24000 Segment Overflow]] was leaked by [[NitroKey]], Apple had the time to fix the bug in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. Therefore, the following needs to be done: |
* '''Find a new iBoot exploit''' - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine. |
* '''Find a new iBoot exploit''' - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine. |
||
* '''Find a new bootrom exploit''' - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched [[LLB]]. |
* '''Find a new bootrom exploit''' - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched [[LLB]]. |
||
Revision as of 15:28, 23 June 2009
Because of the date the 0x24000 Segment Overflow was leaked by NitroKey, Apple had the time to fix the bug in the iPhone 3G[s] Bootrom. Therefore, the following needs to be done:
- Find a new iBoot exploit - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.
- Find a new bootrom exploit - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched LLB.
ECID
Apple added a new tag to the img3 format called ECID. The ECID is unique to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [1]
Geohot's iBoot Exploit
Geohot has a new iBoot exploit in 7A341 FW. [2]
