Difference between revisions of "AT+XAPP Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
m
(Exploit: this exploit has nothing to do with the iphone 4)
Line 8: Line 8:
   
 
== Exploit ==
 
== Exploit ==
There is a stack overflow in the AT+XAPP‭="..." ‬command‭, ‬which allows unsigned code execution on the [[X-Gold 608]] and [[XMM 6180]].
+
There is a stack overflow in the AT+XAPP‭="..." ‬command‭, ‬which allows unsigned code execution on the [[X-Gold 608]].
   
 
at+xapp="‬0000111122223333444455556666777788889999000011112222"‬
 
at+xapp="‬0000111122223333444455556666777788889999000011112222"‬
   
 
Applying a string of more than 52‭ ‬characters will trigger the overflow.
 
Applying a string of more than 52‭ ‬characters will trigger the overflow.
 
   
 
== Implementation ==
 
== Implementation ==

Revision as of 18:04, 10 July 2010

Used as an injection vector for the X-Gold 608 unlock payload. ‬Currently available in all baseband versions until 05.13.04‭.‬ ‭

Credit


Exploit

There is a stack overflow in the AT+XAPP‭="..." ‬command‭, ‬which allows unsigned code execution on the X-Gold 608.

at+xapp="‬0000111122223333444455556666777788889999000011112222"‬

Applying a string of more than 52‭ ‬characters will trigger the overflow.

Implementation

The exploit was used by iPhone Dev Team in ultrasn0w 0.93‭ which is able to unlock the X-Gold 608 basebands 4.26.08, 5.11.07, 5.12.01 ‬and 5.13.04.