|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Diags (iBoot command)"
MuscleNerd (talk | contribs) |
MuscleNerd (talk | contribs) |
||
| Line 5: | Line 5: | ||
==Exploit== |
==Exploit== |
||
| − | This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the s5l using this, but the GPIOs need to be restored |
+ | This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the s5l using this, but the GPIOs need to be restored if you intend to use any I/O again (such as the screen or serial or USB). |
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work. |
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work. |
||
Revision as of 04:25, 29 November 2008
This was an exploit in pre 2.0 versions of iBoot
Credit
Exploit
This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the s5l using this, but the GPIOs need to be restored if you intend to use any I/O again (such as the screen or serial or USB).
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.
