Difference between revisions of "Talk:Ultrasn0w"

From The iPhone Wiki
Jump to: navigation, search
(nx: new section)
(About AT+STKPROF exploit: new section)
Line 15: Line 15:
   
 
heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x)
 
heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x)
  +
  +
== About AT+STKPROF exploit ==
  +
  +
Does only 2.28 vulnerable to at+stkprof exploit?

Revision as of 15:45, 2 January 2009

Thinking about this, I know how I could've done the unlock. I'm so lazy. This might be what yellowsn0w does already; theres a little object code in your source, so I don't know :-)

1. copy task_sim into memory
2. patch task_sim in the usual way(too bad i don't really understand the baseband at all)
3. modify the nucleus task struct to use the in memory task_sim(although idk why theres no execute on the stack, normal ram seems ok)
4. reset the sim card

no real reversing required. i could've had this in july dammit :-P

i also think this approach might solve some peoples problems with it dying after 10 minutes

~geohot

nx

heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x)

About AT+STKPROF exploit

Does only 2.28 vulnerable to at+stkprof exploit?