|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Diags (iBoot command)"
ChronicDev (talk | contribs) |
ChronicDev (talk | contribs) (was never turned into a public tool) |
||
| Line 9: | Line 9: | ||
In 2.0 iBoots, they have a flag check on this command (checks bit 4 of the iBoot flags), and that flag will not be present on a retail device, just an engineering one with a 'whitelisted' CHIPID, so this exploit doesn't work. |
In 2.0 iBoots, they have a flag check on this command (checks bit 4 of the iBoot flags), and that flag will not be present on a retail device, just an engineering one with a 'whitelisted' CHIPID, so this exploit doesn't work. |
||
| − | [[Category: |
+ | [[Category:Exploits]] |
Revision as of 20:53, 7 March 2009
This was an exploit that allowed the running of unsigned code at iBoot level, present in pre-2.0 versions of iBoot.
Credit
Exploit
This is a very easy-to-use exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the S5L using this, but the GPIOs need to be restored if you intend to use any I/O again (such as the screen, serial, or USB).
In 2.0 iBoots, they have a flag check on this command (checks bit 4 of the iBoot flags), and that flag will not be present on a retail device, just an engineering one with a 'whitelisted' CHIPID, so this exploit doesn't work.
