The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Bootrom"
m (→Revisions: as there's no difference, no need to mention devices again) |
m (→Linux: No need for gnome-device-manager. Also for people who don't use gnome.) |
||
Line 27: | Line 27: | ||
====Linux==== |
====Linux==== |
||
+ | # Make sure your distribution has '''usbutils''' installed. (most distributions have it by default) |
||
− | # Install gnome-device-manager and start it |
||
# Connect Device & Enter [[DFU Mode]] |
# Connect Device & Enter [[DFU Mode]] |
||
+ | # In terminal, run '''sudo lsusb -v''' |
||
− | # Search in the left tree-view for USB Device and look at Summary -> Model until it says Apple Mobile Device (DFU Mode) |
||
+ | # Find the line that says '''iSerial''' and your bootrom version will be at the end of the line. |
||
− | # If it does go to Properties (next to Summary) and search for usb_device.serial |
||
+ | |||
− | # The end of the String will show you the bootrom version |
||
== Dumping the bootrom == |
== Dumping the bootrom == |
||
You can use [[Bootrom Dumper Utility]] by [[User:pod2g|pod2g]] to dump the bootrom on devices that are vulnerable to the [[limera1n]] exploit. |
You can use [[Bootrom Dumper Utility]] by [[User:pod2g|pod2g]] to dump the bootrom on devices that are vulnerable to the [[limera1n]] exploit. |
Revision as of 20:36, 19 November 2011
Introduction / old+new
The bootrom (called "SecureROM" by Apple) is the first significant code that runs on an iDevice. The bootrom is read-only. Finding exploits in the bootrom level is a big achievement since Apple won't be able to fix it without a hardware revision.
Certain models, including the iPod touch 2G and iPhone 3GS, have different bootrom versions. These are most commonly referred to with the terms "old bootrom" and "new bootrom." These "new bootrom" devices were released after 9 September 2009 and have the 0x24000 Segment Overflow fixed. While the new bootrom revisions have an exploit, the exploit needs the assistance of a firmware-based exploit to achieve an untethered jailbreak.
You might also be looking for Apple's stage 2 bootloader, which also uses the "iBoot" name.
Finding bootrom version
From the model number (iPod touch 2G)
If the second character of your Model Number is "B" (e.g.- FB533, MB533, or PB533), your iPod has the old bootrom. If the second character is "C" (FC086, MC086 or PC086), your iPod has the new bootrom.
From the serial number (iPhone 3GS)
The third digit of the serial number identifies the year of manufacture (9=2009, 0=2010), while the fourth and the fifth indicate the week. The first "new bootrom" devices are from week 40 of 2009 (??940?????? or higher serials). Any iPhone made after Week 45 of 2009 (??945?????? and higher or ??0???????? serials) has the new bootrom.
From the DFU Device descriptors (All devices)
Windows
- Connect Device & Enter DFU Mode
- Open Device Manager, find USB controller, subitem Apple Mobile Device USB Driver
- Right-Click & click Properties
- Go to Details tab & select Device Instance Path in the dropdown box
- The end of the info string will show the bootrom version
Mac OS X
- Connect Device & Enter DFU Mode
- Go to System Profiler, and under the Hardware category, go to USB, and click on Apple Mobile Device (DFU Mode)
- The end of the Serial Number string will show the bootrom version in brackets (ie: [iBoot-574.4])
Linux
- Make sure your distribution has usbutils installed. (most distributions have it by default)
- Connect Device & Enter DFU Mode
- In terminal, run sudo lsusb -v
- Find the line that says iSerial and your bootrom version will be at the end of the line.
Dumping the bootrom
You can use Bootrom Dumper Utility by pod2g to dump the bootrom on devices that are vulnerable to the limera1n exploit.
Revisions
S5L8720, used in the iPod touch 2G
- iBoot-240.4 "old bootrom"
- iBoot-240.5.1 "new bootrom"
S5L8920, used in the iPhone 3GS
- iBoot-359.3 "old bootrom"
- iBoot-359.3.2 "new bootrom"