|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+XAPP Vulnerability"
(→Exploit: this exploit has nothing to do with the iphone 4) |
|||
| Line 8: | Line 8: | ||
== Exploit == |
== Exploit == |
||
| − | There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the [[X-Gold 608]]. |
+ | There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the [[X-Gold 608]] and [[XMM 6180]]. |
at+xapp="0000111122223333444455556666777788889999000011112222" |
at+xapp="0000111122223333444455556666777788889999000011112222" |
||
Applying a string of more than 52 characters will trigger the overflow. |
Applying a string of more than 52 characters will trigger the overflow. |
||
| + | |||
== Implementation == |
== Implementation == |
||
Revision as of 20:15, 10 July 2010
Used as an injection vector for the X-Gold 608 unlock payload. Currently available in all baseband versions until 05.13.04.
Credit
- vulnerability: sherif_hashim, also discovered by westbaer, geohot and Oranav (each one independently)
- exploitation: iPhone Dev Team
Exploit
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the X-Gold 608 and XMM 6180.
at+xapp="0000111122223333444455556666777788889999000011112222"
Applying a string of more than 52 characters will trigger the overflow.
Implementation
The exploit was used by iPhone Dev Team in ultrasn0w 0.93 which is able to unlock the X-Gold 608 basebands 4.26.08, 5.11.07, 5.12.01 and 5.13.04.
