Difference between revisions of "Fakeblank"

From The iPhone Wiki
Jump to: navigation, search
m (Description)
(Other links)
Line 7: Line 7:
 
The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit
 
The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit
   
  +
This is the first code that runs on the baseband. It resides in internal ROM.
==Other links==
 
[http://wikee.iphwn.org/sgold_bootrom:fakeblank dev team description of fakeblank]
 
   
  +
==S-Gold 2==
[[Category:Baseband Exploits]]
 
  +
The bootrom here is located at 0x400000. It was initially dumped using exploits in java on other [[S-Gold 2]] phones. It allows unsigned code to be uploaded using [[Baseband Bootrom Protocol]]. On non debug variants of the chip, it requires [[Fakeblank]] to run that code
  +
  +
==X-Gold 608==
  +
The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit

Revision as of 00:58, 23 September 2010

This exploit is in the Baseband Bootrom. There are hardware (testpoint) and software variations of this.

Credit

gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor

X-Gold 608

The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit

This is the first code that runs on the baseband. It resides in internal ROM.

S-Gold 2

The bootrom here is located at 0x400000. It was initially dumped using exploits in java on other S-Gold 2 phones. It allows unsigned code to be uploaded using Baseband Bootrom Protocol. On non debug variants of the chip, it requires Fakeblank to run that code

X-Gold 608

The bootrom is located at 0x400000, and can be dumped via geohotz 5.8bl loader exploit