Difference between revisions of "AT+XEMN Heap Overflow"

From The iPhone Wiki
Jump to: navigation, search
Line 1: Line 1:
AT+XEMN is a command on baseband 5.11.07, which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject the Ultrasn0w Payload to provide a coveted Software Sim Unlock on Official 3.1.2 running 5.11.07
+
AT+XEMN is a command on baseband 5.11.07 (pushed out with official 3.1.2 firmware), which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject the Ultrasn0w/Generic Unlocking Payload to provide a coveted Software Sim Unlock on Official 3.1.2 running 5.11.07
   
 
== Exception Dump ==
 
== Exception Dump ==

Revision as of 08:08, 28 October 2009

AT+XEMN is a command on baseband 5.11.07 (pushed out with official 3.1.2 firmware), which when exploited correctly, causes a heap overflow allowing the crash to be moulded into an injection vector. This injection vector can then be used to inject the Ultrasn0w/Generic Unlocking Payload to provide a coveted Software Sim Unlock on Official 3.1.2 running 5.11.07

Exception Dump

+XLOG: Exception Number: 1
Trap Class:     0xDDDD  (SW GENERATED TRAP)
Identification: 140 (0x008C)
Date: 22.10.2009
Time: 00:30
File: atform/text/_malloc.c
Line: 1036
Logdata:
 2E 0C 76 ED 40 14 31 64 61 74 63 3A 31 00 64 63   ..v.@.1datc:1.dc
 20 44 F4 E9 20 20 20 20 20 20 20 20 20 20 20 20    D..            
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                   
 20 20 20 20 20 20 20 20

July 2009

  • Oranav discovers this command.
  • Shortly after discovered, The iPhone Dev Team, confirms that the command is non-exploitable.
  • There was no talk about this command.

September 2009

October 2009