The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Fakeblank
Revision as of 21:06, 7 March 2009 by ChronicDev (talk | contribs)
This exploit is in the Baseband Bootrom. There are hardware (testpoint) and software variations of this.
Credit
gray, iProof, geohot, dinopio, lazyc0der, and an anonymous contributor
Description
If 0xA0000030 0xA000A5A0 0xA0015C58 0xA0017370 read as 0xFFFFFFFF on startup, the Baseband Bootrom Protocol can be used to download and run unsigned code. In the initial hardware unlock, an address line was pulled high to OR in hardware those addresses with 0x40000.