|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+XAPP Vulnerability"
(→Implementation) |
|||
| Line 13: | Line 13: | ||
== Implementation == |
== Implementation == |
||
| − | The exploit was used by [[iPhone Dev Team]] in [[ultrasn0w]] 1.0-1, which is able to unlock the [[X-Gold 608]] basebands [[4.26.08]], [[5.11.07]], [[5.12.01]], [[5.13.04]] and [[6.15.00]], and [[XMM 6180]] baseband [[1.59.00]]. |
+ | The exploit was used by [[iPhone Dev Team]] in [[ultrasn0w]] 1.0-1 and 1.2, which is able to unlock the [[X-Gold 608]] basebands [[4.26.08]], [[5.11.07]], [[5.12.01]], [[5.13.04]] and [[6.15.00]](ultrasn0w 1.2 only), and [[XMM 6180]] baseband [[1.59.00]]. |
---- |
---- |
||
[[Category:Baseband Exploits]] |
[[Category:Baseband Exploits]] |
||
Revision as of 08:58, 29 November 2010
Used as an injection vector for the X-Gold 608 and XMM 6180 unlock payload. Currently available in all X-Gold 608 basebands until 5.13.04 and 6.15.00, and XMM 6180 baseband 1.59.00.
Credit
- vulnerability: sherif_hashim, also discovered by westbaer, geohot and Oranav (each one independently)
- exploitation: iPhone Dev Team
Exploit
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the X-Gold 608 and XMM 6180.
at+xapp="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4444555566667777PPPP"
Applying a string of more than 52 characters will trigger the overflow.
Implementation
The exploit was used by iPhone Dev Team in ultrasn0w 1.0-1 and 1.2, which is able to unlock the X-Gold 608 basebands 4.26.08, 5.11.07, 5.12.01, 5.13.04 and 6.15.00(ultrasn0w 1.2 only), and XMM 6180 baseband 1.59.00.
