The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Talk:Jailbreak (S5L8920+)"
Line 14: | Line 14: | ||
Is ECID relevant if there's a bootloader hole (24k pwn) -- can't the whole "ECID" business be patched out of llb/iboot? (wherever the check resides) [[User:iemit737|iemit737]] 12:45, 26 June 2009 (UTC) |
Is ECID relevant if there's a bootloader hole (24k pwn) -- can't the whole "ECID" business be patched out of llb/iboot? (wherever the check resides) [[User:iemit737|iemit737]] 12:45, 26 June 2009 (UTC) |
||
+ | :In order to use the [[24kpwn]] hole, you must flash an oversized LLB. And you must have an iBoot exploit in order to flash such LLB. --[[User:Oranav|Oranav]] 16:17, 28 June 2009 (UTC) |
||
+ | |||
+ | |||
Say Apple releases 3.2 and you buy an iPhone 3gs with 3.1. Let's pretend that 3.1's iBoot has been exploited, but 3.2's iBoot has not. |
Say Apple releases 3.2 and you buy an iPhone 3gs with 3.1. Let's pretend that 3.1's iBoot has been exploited, but 3.2's iBoot has not. |
||
Will it be possible to patch 3.1's iBoot in 3.2's software upgrade through pwnage tool (or similar), in a similar fashion as baseband preservation? [[User:iemit737|iemit737]] 15:40, 28 Jun 2009 (UTC) |
Will it be possible to patch 3.1's iBoot in 3.2's software upgrade through pwnage tool (or similar), in a similar fashion as baseband preservation? [[User:iemit737|iemit737]] 15:40, 28 Jun 2009 (UTC) |
||
+ | :Probably yes. --[[User:Oranav|Oranav]] 16:17, 28 June 2009 (UTC) |
||
== Decrypt Ramdisk == |
== Decrypt Ramdisk == |
Revision as of 16:17, 28 June 2009
This kind of information should not be here until the release of the iPhone2,1.
Why not prepare early? It is too late for apple to fix anything at this point, not to mention they already know about the segment overflow. None of the information here reveals anyting to apple at all ChronicDev 10:43, 20 May 2009 (UTC)
I agree with Chronic there is no reason to not begin and edit as we get the new devices in our hands
3G S will have the 3.0 firmware OOB, which ships with iBoot-6xx, so probably the segment overflow exploit is gone... --Pjakuszew 13:33, 13 June 2009 (UTC)
3.0 fw is iBoot-59x.xx, but anyway, the exploit is in bootrom, that is why it's likely to stay (hopefully) ChronicDev 19:15, 13 June 2009 (UTC)
Oh, I overlooked that the exploit is in bootrom. :P Is bootrom updateable in any way? I know it's not writable in retail devices, but it can be easily updated by Apple before shipping the final device? --Pjakuszew 21:44, 14 June 2009 (UTC)
Anyone know if this is the case? Rekoil 10:23, 20 June 2009 (UTC)
Is ECID relevant if there's a bootloader hole (24k pwn) -- can't the whole "ECID" business be patched out of llb/iboot? (wherever the check resides) iemit737 12:45, 26 June 2009 (UTC)
- In order to use the 24kpwn hole, you must flash an oversized LLB. And you must have an iBoot exploit in order to flash such LLB. --Oranav 16:17, 28 June 2009 (UTC)
Say Apple releases 3.2 and you buy an iPhone 3gs with 3.1. Let's pretend that 3.1's iBoot has been exploited, but 3.2's iBoot has not. Will it be possible to patch 3.1's iBoot in 3.2's software upgrade through pwnage tool (or similar), in a similar fashion as baseband preservation? iemit737 15:40, 28 Jun 2009 (UTC)
- Probably yes. --Oranav 16:17, 28 June 2009 (UTC)
Decrypt Ramdisk
Does anyone know how to go about decrypting the ramdisk found inside the iPhone2,1 IPSW using the keys geohot posted on his blog? I have tried using xpwntool, OpenSSL, etc. but nothing seems to work...--Cool name 20:07, 24 June 2009 (UTC)
I got it decrypted using img3decrypt. --skierdb526 22:04, 24 June 2009 (UTC)