Difference between revisions of "AT+XLOG Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
(Implementation)
Line 1: Line 1:
Used as an injection vector for the current [[iPhone 3G]] and [[iPhone 3GS]] [[Unlock 2.0|unlock]] payload - [[ultrasn0w]]. Currently available in all baseband versions until 04.26.08.
+
Used as an injection vector for the current [[iPhone 3G]] and [[iPhone 3GS]] [[Unlock 2.0|unlock]] payloads - [[ultrasn0w]] and [[purplesn0w]]. Currently available in all baseband versions until 04.26.08.
   
 
==Credit==
 
==Credit==
Line 14: Line 14:
   
 
==Implementation==
 
==Implementation==
The exploit is used in [[ultrasn0w]] and purplesn0w.
+
The exploit is used in [[ultrasn0w]] and [[purplesn0w]].
   
 
[[Category:Baseband Exploits]]
 
[[Category:Baseband Exploits]]

Revision as of 08:47, 28 August 2009

Used as an injection vector for the current iPhone 3G and iPhone 3GS unlock payloads - ultrasn0w and purplesn0w. Currently available in all baseband versions until 04.26.08.

Credit

Oranav

Exploit

There is a stack overflow in the AT+XLOG=1,"..." command, which allows unsigned code execution on the X-Gold 608.

at+xlog=1,"jjjjjjjjjjjjjjjjjjjjjjjjjjjj44445555PPPP"
j's are junk
R4 = 4
R5 = 5
PC = P

Implementation

The exploit is used in ultrasn0w and purplesn0w.