The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Talk:Ultrasn0w"
ChronicDev (talk | contribs) (→nx: new section) |
(→About AT+STKPROF exploit: new section) |
||
Line 15: | Line 15: | ||
heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x) |
heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x) |
||
+ | |||
+ | == About AT+STKPROF exploit == |
||
+ | |||
+ | Does only 2.28 vulnerable to at+stkprof exploit? |
Revision as of 15:45, 2 January 2009
Thinking about this, I know how I could've done the unlock. I'm so lazy. This might be what yellowsn0w does already; theres a little object code in your source, so I don't know :-)
1. copy task_sim into memory 2. patch task_sim in the usual way(too bad i don't really understand the baseband at all) 3. modify the nucleus task struct to use the in memory task_sim(although idk why theres no execute on the stack, normal ram seems ok) 4. reset the sim card
no real reversing required. i could've had this in july dammit :-P
i also think this approach might solve some peoples problems with it dying after 10 minutes
~geohot
nx
heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x)
About AT+STKPROF exploit
Does only 2.28 vulnerable to at+stkprof exploit?