The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8900"
(→Userland) |
m (→Exploits: Rearranged for style consistency.) |
||
Line 4: | Line 4: | ||
==Exploits== |
==Exploits== |
||
− | ===[[Firmware|Userland]]=== |
||
− | * [[Restore Mode]] - Firmware v1.0.2 and below |
||
− | * [[Symlinks]] - Firmware v1.1.1 and below |
||
− | * [[LibTiff|LibTIFF]] - Firmware v1.1.1 and below |
||
− | * [[Mknod]] - Firmware v1.1.2 and below |
||
− | * [[Dual Boot Exploit]] - Firmware 1.1.4 / v2.0b3 and below |
||
− | * [[MobileBackup Copy Exploit]] - Firmware 3.1.3 and below |
||
− | * [[BPF STX Kernel Write Exploit]] - Firmware 3.1.3 and below |
||
− | |||
===[[iBoot]] / [[Kernel]]=== |
===[[iBoot]] / [[Kernel]]=== |
||
* [[Ramdisk Hack]] - 1.1.4 / 2.0 beta 3 and below |
* [[Ramdisk Hack]] - 1.1.4 / 2.0 beta 3 and below |
||
Line 22: | Line 13: | ||
* [[pwnage|Pwnage 1.0 (Ramdisk + AppleImage2NORAccess)]] |
* [[pwnage|Pwnage 1.0 (Ramdisk + AppleImage2NORAccess)]] |
||
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
||
+ | |||
+ | ===[[Firmware|Userland]]=== |
||
+ | * [[Restore Mode]] - Firmware v1.0.2 and below |
||
+ | * [[Symlinks]] - Firmware v1.1.1 and below |
||
+ | * [[LibTiff]] - Firmware v1.1.1 and below |
||
+ | * [[Mknod]] - Firmware v1.1.2 and below |
||
+ | * [[Dual Boot Exploit]] - Firmware v2.0b3 and below |
||
+ | * [[MobileBackup Copy Exploit]] - Firmware 3.1.3 and below |
||
+ | * [[BPF STX Kernel Write Exploit]] - Firmware 3.1.3 and below |
||
==Boot Chain== |
==Boot Chain== |
Revision as of 15:20, 5 August 2010
This is the Application Processor shared between the iPhone, iPod touch, and the iPhone 3G. Not much is known about it through official sources. This processor is not used in any of the newest devices, being replaced by the S5L8720 and S5L8920.
Contents
Firmware File Formats
Exploits
iBoot / Kernel
- Ramdisk Hack - 1.1.4 / 2.0 beta 3 and below
- Diags Exploit - 1.1.4 / v2.0 beta 5 and below
- iBoot Environment Variable Overflow - 3.1 beta 1 and below
- usb_control_msg(0x21, 2) Exploit - 3.1.2 and below
Bootrom
Userland
- Restore Mode - Firmware v1.0.2 and below
- Symlinks - Firmware v1.1.1 and below
- LibTiff - Firmware v1.1.1 and below
- Mknod - Firmware v1.1.2 and below
- Dual Boot Exploit - Firmware v2.0b3 and below
- MobileBackup Copy Exploit - Firmware 3.1.3 and below
- BPF STX Kernel Write Exploit - Firmware 3.1.3 and below
Boot Chain
VROM (S5L8900)->LLB->iBoot->Kernel->System Software
One of the iPhoneLinux goals are to replace that Boot Chain after iBoot:
VROM (S5L8900)->OpeniBoot->Linux Kernel->X Server->Window Manager
Upgrade Process
Restore Mode
The common upgrade process chain is VROM->DFU->WTF->iBoot->Kernel->Ramdisk->Restore Mode.
DFU Mode
To flash an older version of the iPhone software you have to let your phone reside in DFU. In iTunes you have to press the option key (Mac) or the shift key (Windows) when pressing 'Restore' to be able to manually chose an IPSW.