The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "S5L8900"

From The iPhone Wiki
Jump to: navigation, search
(Undo revision 9397 by QWAZ (Talk))
(Undo revision 9398 by QWAZ (Talk))
Line 1: Line 1:
  +
Haxed by 1337Urmom at The Pois0nhack team
This is the Application Processor shared between the [[M68ap|iPhone]], [[N45ap|iPod touch]], and the [[N82ap|iPhone 3G]]. Not much is known about it through official sources. This processor is not used in any of the newest devices, being replaced by the [[S5L8720]] and [[S5L8920]].
  
  +
Haxed by 1337Urmom at The Pois0nhack team
 
  +
Haxed by 1337Urmom at The Pois0nhack team
==[[S5L File Formats|Firmware File Formats]]==
  
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
   
 
== Exploits ==
  
== Exploits ==
 
=== [[iBoot]] ===
  
=== [[iBoot]] ===
  +
'''Note''': [[iBoot]] on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares
 
* [[Restore Mode]] - Works up to [[iOS]] 1.0.2
  
* [[Restore Mode]] - Works up to [[iOS]] 1.0.2
 
* [[Ramdisk Hack]] - Works up to [[iOS]] 2.0 beta 3
  
* [[Ramdisk Hack]] - Works up to [[iOS]] 2.0 beta 3
Line 12: Line 15:
 
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2
  
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2
   
  +
Haxed by 1337Urmom at The Pois0nhack team
===[[VROM (S5L8900)|Bootrom]]===
  
  +
Haxed by 1337Urmom at The Pois0nhack team
* [[pwnage|Pwnage 1.0 (Ramdisk + AppleImage2NORAccess)]]
  
  +
Haxed by 1337Urmom at The Pois0nhack team
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]]
  
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
   
 
===[[Firmware|Userland]]===
  
===[[Firmware|Userland]]===
Line 25: Line 30:
 
* [[BPF STX Kernel Write Exploit]] - Firmware 3.1.3 and below
  
* [[BPF STX Kernel Write Exploit]] - Firmware 3.1.3 and below
   
==Boot Chain==
 +
===Boot Chain===
[[VROM (S5L8900)]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[Firmware|System Software]]
 +
[[VROM]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[System|System Software]]
   
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
   
  +
Haxed by 1337Urmom at The Pois0nhack team
One of the [[iPhoneLinux]] goals are to replace that Boot Chain after iBoot:
  
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
   
  +
Haxed by 1337Urmom at The Pois0nhack team
[[VROM (S5L8900)]]->OpeniBoot->Linux Kernel->X Server->Window Manager
  
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
  +
Haxed by 1337Urmom at The Pois0nhack team
   
  +
Haxed by 1337Urmom at The Pois0nhack team
==Upgrade Process==
  
  +
Haxed by 1337Urmom at The Pois0nhack team
 
  +
Haxed by 1337Urmom at The Pois0nhack team
=== [[Restore Mode]] ===
  
  +
Haxed by 1337Urmom at The Pois0nhack team
The common upgrade process chain is [[VROM]]->[[DFU Mode]]->[[WTF]]->[[iBoot]]->[[Kernel]]->[[Ramdisk]]->[[Restore Mode]].
  
  +
Haxed by 1337Urmom at The Pois0nhack team
 
=== [[DFU Mode]] ===
  
To flash an older version of the iPhone software you have to let your phone reside in [[DFU Mode]]. In iTunes you have to press the option key (Mac) or the shift key (Windows) when pressing 'Restore' to be able to manually chose an [[IPSW File Format|IPSW]].
  
   
 
==== Boot Chain ====
  
==== Boot Chain ====
[[VROM]]->[[DFU Mode]]
 +
[[VROM]]->[[DFU]]
 
==External Links==
  
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S]
  

Revision as of 02:22, 23 September 2010

Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team

Exploits

iBoot

Note: iBoot on the S5L8720 can be downgraded, allowing any of these exploits to be used on future firmwares

Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team

Userland

Boot Chain

VROM->LLB->iBoot->Kernel->System Software

Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team

Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team

Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team

Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team Haxed by 1337Urmom at The Pois0nhack team

Boot Chain

VROM->DFU

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=S5L8900&oldid=9400"