|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AT+XAPP Vulnerability"
(→Exploit) |
(Credits & Formatting) |
||
| Line 3: | Line 3: | ||
== Credit == |
== Credit == |
||
| − | [http://twitter.com/sherif_hashim sherif_hashim] |
+ | * '''vulnerability''': [http://twitter.com/sherif_hashim sherif_hashim], also discovered independently by [http://twitter.com/westbaer westbaer], also discovered independently by [[geohot]] |
| + | * '''exploitation''': [[iPhone Dev Team]] |
||
| − | |
||
| + | |||
== Exploit == |
== Exploit == |
||
| Line 11: | Line 12: | ||
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the [[X-Gold 608]] |
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the [[X-Gold 608]] |
||
| − | at+ |
+ | at+xapp="0000111122223333444455556666777788889999000011112222" |
applying a string of more than 52 characters will trigger the overflow |
applying a string of more than 52 characters will trigger the overflow |
||
Revision as of 19:42, 22 June 2010
Used as an injection vector for the current iPhone 3G and iPhone 3GS unlock payloads - ultrasn0w 0.93. Currently available in all baseband versions until 05.13.04.
Credit
- vulnerability: sherif_hashim, also discovered independently by westbaer, also discovered independently by geohot
- exploitation: iPhone Dev Team
Exploit
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the X-Gold 608
at+xapp="0000111122223333444455556666777788889999000011112222"
applying a string of more than 52 characters will trigger the overflow
Implementation
The exploit was used by iPhone Dev Team in Ultrasn0w 0.93 which is able to unlock 4.26.08, 5.11.07, 5.12.01 and 5.13.04 BB firmwares
Category: Baseband Exploits
