The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Bootrom Dumper Utility"
(→Info / Instructions) |
(values from October 2010 release: http://pastebin.com/vLa8reaS) |
||
Line 14: | Line 14: | ||
* the offset to the call of usb_wait_for_image in payload.S |
* the offset to the call of usb_wait_for_image in payload.S |
||
+ | 0x7ef @ A4 devices: iPad 1, iPhone 4 (GSM+CDMA), Apple TV 2G, iPod touch 4G |
||
− | 0x7ef @ A4 |
||
− | + | 0x8b7 @ iPod touch 3G |
|
− | + | 0x8b7 @ iPhone 3GS new bootrom |
|
− | 0x8b7 |
+ | 0x8b7 @ iPhone 3GS old bootrom |
+ | 0x8b7 @ iPod touch 2G new bootrom (0x30F1 according to other sources) |
||
+ | 0x8b7 @ iPod touch 2G old bootrom (0x30E9 according to other sources) |
||
* exploit offsets in bdu.c |
* exploit offsets in bdu.c |
||
Line 24: | Line 26: | ||
#define EXPLOIT_LR 0x8403BF9C |
#define EXPLOIT_LR 0x8403BF9C |
||
#define LOADADDR_SIZE 0x2C000 |
#define LOADADDR_SIZE 0x2C000 |
||
− | // iPod 2G: |
+ | // iPod touch 2G: |
#define EXPLOIT_LR 0x22000000 |
#define EXPLOIT_LR 0x22000000 |
||
#define LOADADDR_SIZE 0x24000 |
#define LOADADDR_SIZE 0x24000 |
||
− | // iPod 3G: |
+ | // iPod touch 3G: |
#define EXPLOIT_LR 0x84033F98 |
#define EXPLOIT_LR 0x84033F98 |
||
#define LOADADDR_SIZE 0x24000 |
#define LOADADDR_SIZE 0x24000 |
||
− | // iPhone |
+ | // iPhone 3GS new bootrom: |
#define EXPLOIT_LR 0x84033FA4 |
#define EXPLOIT_LR 0x84033FA4 |
||
#define LOADADDR_SIZE 0x24000 |
#define LOADADDR_SIZE 0x24000 |
||
Line 36: | Line 38: | ||
== Links == |
== Links == |
||
[https://github.com/Chronic-Dev/Bootrom-Dumper Github] |
[https://github.com/Chronic-Dev/Bootrom-Dumper Github] |
||
− | |||
[[Category:Hacking Software]] |
[[Category:Hacking Software]] |
Revision as of 20:02, 2 January 2012
Credit
Info / Instructions
- you need a mac or linux box to use it / build it
- libusb > 1.0.8 required
- execute it with root privileges (sudo ./bdu)
- by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2)
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing:
- the offset to the call of usb_wait_for_image in payload.S
0x7ef @ A4 devices: iPad 1, iPhone 4 (GSM+CDMA), Apple TV 2G, iPod touch 4G 0x8b7 @ iPod touch 3G 0x8b7 @ iPhone 3GS new bootrom 0x8b7 @ iPhone 3GS old bootrom 0x8b7 @ iPod touch 2G new bootrom (0x30F1 according to other sources) 0x8b7 @ iPod touch 2G old bootrom (0x30E9 according to other sources)
- exploit offsets in bdu.c
// A4: #define EXPLOIT_LR 0x8403BF9C #define LOADADDR_SIZE 0x2C000 // iPod touch 2G: #define EXPLOIT_LR 0x22000000 #define LOADADDR_SIZE 0x24000 // iPod touch 3G: #define EXPLOIT_LR 0x84033F98 #define LOADADDR_SIZE 0x24000 // iPhone 3GS new bootrom: #define EXPLOIT_LR 0x84033FA4 #define LOADADDR_SIZE 0x24000