The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+XAPP Vulnerability"
(links) |
|||
Line 3: | Line 3: | ||
== Credit == |
== Credit == |
||
− | * '''vulnerability''': [ |
+ | * '''vulnerability''': [[sherif_hashim]], also discovered by [[westbaer]], [[User:Geohot|geohot]] and [[Oranav]] (each one independently) |
* '''exploitation''': [[iPhone Dev Team]] |
* '''exploitation''': [[iPhone Dev Team]] |
||
− | |||
== Exploit == |
== Exploit == |
Revision as of 11:39, 20 July 2010
Used as an injection vector for the X-Gold 608 unlock payload. Currently available in all baseband versions until 05.13.04.
Credit
- vulnerability: sherif_hashim, also discovered by westbaer, geohot and Oranav (each one independently)
- exploitation: iPhone Dev Team
Exploit
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the X-Gold 608 and XMM 6180.
at+xapp="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4444555566667777PPPP"
Applying a string of more than 52 characters will trigger the overflow.
It also exists on the XMM 6180
Implementation
The exploit was used by iPhone Dev Team in ultrasn0w 0.93 which is able to unlock the X-Gold 608 basebands 4.26.08, 5.11.07, 5.12.01 and 5.13.04.