|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8920"
m (fix links) |
(removed non-hardware-related exploits) |
||
| Line 5: | Line 5: | ||
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs. |
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs. |
||
| − | == Bootrom == |
+ | == [[Bootrom]] == |
'''Bootrom Version''': [[Bootrom 359.3]] |
'''Bootrom Version''': [[Bootrom 359.3]] |
||
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]]. |
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]]. |
||
| − | == Exploits == |
+ | == [[Bootrom]] Exploits == |
| − | === [[Bootrom]] === |
||
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]] |
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]] |
||
* [[Limera1n Exploit]] |
* [[Limera1n Exploit]] |
||
| − | |||
| − | == Related iOS Exploits == |
||
| − | === [[iBoot]] === |
||
| − | * [[iBoot Environment Variable Overflow]] - Works up to [[iOS]] 3.1 beta 3 |
||
| − | * [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
||
| − | |||
| − | === [[Kernel]] === |
||
| − | * [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0.1 |
||
| − | * [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] 4.1 |
||
| − | * [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] 4.2.1 |
||
| − | * [[ndrv_setspec() Integer Overflow]] - Works up to [[iOS]] 4.3.3 |
||
| − | * [[HFS Heap Overflow]] - Works up to iOS 5.0.1 |
||
| − | |||
| − | === [[Userland]] === |
||
| − | * [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0.1 |
||
| − | * [[T1 Font Integer Overflow]]- Works up to [[iOS]] 4.3.3 |
||
| − | * [[Racoon String Format Overflow Exploit]] - Works up to iOS 5.0.1 |
||
== Boot Chain == |
== Boot Chain == |
||
| Line 42: | Line 22: | ||
* [[S5L8920 (Hardware - Quick Notes)]] |
* [[S5L8920 (Hardware - Quick Notes)]] |
||
| − | ==External Links== |
+ | == External Links == |
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8] |
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8] |
||
Revision as of 21:18, 25 October 2012
This is the processor used in the iPhone 3GS.
S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.
S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.
Bootrom
Bootrom Version: Bootrom 359.3
Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.
Bootrom Exploits
Boot Chain
Bootrom→LLB→iBoot→Kernel→System Software
