Difference between revisions of "AT+XAPP Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
(link)
Line 1: Line 1:
Used as an injection vector for the [[X-Gold 608]] unlock payload. ‬Currently available in all baseband versions until 05.13.04‭.‬
+
Used as an injection vector for the [[X-Gold 608]] and [[XMM 6180]] [[unlock]] payload. ‬Currently available in all X-Gold 608 basebands until [[5.13.04]], and XMM 6180 baseband [[1.59.00]].‬
 
 
 
 
== Credit ==
 
== Credit ==
 
* '''vulnerability''': [[sherif_hashim]], also discovered by [[westbaer]], [[User:Geohot|geohot]] and [[User:Oranav|Oranav]] (each one independently)
 
* '''vulnerability''': [[sherif_hashim]], also discovered by [[westbaer]], [[User:Geohot|geohot]] and [[User:Oranav|Oranav]] (each one independently)
Line 12: Line 11:
   
 
Applying a string of more than 52‭ ‬characters will trigger the overflow.
 
Applying a string of more than 52‭ ‬characters will trigger the overflow.
 
It also exists on the [[XMM 6180]]
 
   
 
== Implementation ==
 
== Implementation ==
The exploit was used by [[iPhone Dev Team]] in [[ultrasn0w]] 0.93‭ which is able to unlock the [[X-Gold 608]] basebands [[4.26.08]], [[5.11.07]], [[5.12.01]] ‬and [[5.13.04]].
+
The exploit was used by [[iPhone Dev Team]] in [[ultrasn0w]] 1.0-1, which is able to unlock the [[X-Gold 608]] basebands [[4.26.08]], [[5.11.07]], [[5.12.01]] ‬and [[5.13.04]], and [[XMM 6180]] baseband [[1.59.00]].
 
----
 
----
 
[[Category:Baseband Exploits]]
 
[[Category:Baseband Exploits]]

Revision as of 18:41, 4 August 2010

Used as an injection vector for the X-Gold 608 and XMM 6180 unlock payload. ‬Currently available in all X-Gold 608 basebands until 5.13.04, and XMM 6180 baseband 1.59.00.‬ ‭

Credit

Exploit

There is a stack overflow in the AT+XAPP‭="..." ‬command‭, ‬which allows unsigned code execution on the X-Gold 608 and XMM 6180.

at+xapp="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4444555566667777PPPP"

Applying a string of more than 52‭ ‬characters will trigger the overflow.

Implementation

The exploit was used by iPhone Dev Team in ultrasn0w 1.0-1, which is able to unlock the X-Gold 608 basebands 4.26.08, 5.11.07, 5.12.01 ‬and 5.13.04, and XMM 6180 baseband 1.59.00.