Difference between revisions of "JerrySIM"

From The iPhone Wiki
Jump to: navigation, search
(Spruced up the article a bit.)
Line 1: Line 1:
This was the dev teams approach to unlocking [[Bootloader 4.6]].
+
This was the [[iPhone Dev Team]]'s approach to unlocking [[Bootloader 4.6]].
   
As noted during the CCC talk that the [[dev team]] gave, this exploit was actually never fixed in baseband [[1.45.00]], only in the next rev, so they were able to use it as an injection vector for some of the earlier hacks that they did on it (downgrading the baseband version to [[1.43.00]], backing up their seczone, etc.)
+
As noted during the [[25C3 presentation Hacking the iPhone|25C3 talk that the iPhone Dev Team members gave]], this exploit was actually never fixed in [[X-Gold 608]] baseband [[1.45.00]], only in the next rev, so they were able to use it as an injection vector for some of the earlier hacks that they did on the [[X-Gold 608]] (downgrading the baseband version to [[1.43.00]], backing up their [[seczone]], etc.)
   
 
==Credit==
 
==Credit==
  +
[[iPhone Dev Team]]
The dev team/elite team.
 
   
 
==Exploit==
 
==Exploit==
Line 11: Line 11:
 
==Leaked Source==
 
==Leaked Source==
 
===Note===
 
===Note===
Zibri removed it from the Google Code page, but the source is still easily available via google cache, or the fact that Google Code wiki pages are svn based and you can easily just look at an earlier rev :)
+
[[User:Zibri|Zibri]] removed it from the Google Code page, but the source is still easily available via google cache, or the fact that Google Code wiki pages are svn based and you can easily just look at an earlier rev :)
   
 
On the page before the source got deleted, Zibri referred to it as C source, although by the looks of it he may have failed to realize that it is a payload meant to be run off of a TurboSIM
 
On the page before the source got deleted, Zibri referred to it as C source, although by the looks of it he may have failed to realize that it is a payload meant to be run off of a TurboSIM

Revision as of 03:37, 10 August 2010

This was the iPhone Dev Team's approach to unlocking Bootloader 4.6.

As noted during the 25C3 talk that the iPhone Dev Team members gave, this exploit was actually never fixed in X-Gold 608 baseband 1.45.00, only in the next rev, so they were able to use it as an injection vector for some of the earlier hacks that they did on the X-Gold 608 (downgrading the baseband version to 1.43.00, backing up their seczone, etc.)

Credit

iPhone Dev Team

Exploit

This relied on a buffer overflow in the STK.

Leaked Source

Note

Zibri removed it from the Google Code page, but the source is still easily available via google cache, or the fact that Google Code wiki pages are svn based and you can easily just look at an earlier rev :)

On the page before the source got deleted, Zibri referred to it as C source, although by the looks of it he may have failed to realize that it is a payload meant to be run off of a TurboSIM

Code

link to code