https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=PodyThe iPhone Wiki - User contributions [en]2026-05-06T17:02:30ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=Jailbreak_(S5L8920%2B)&diff=3955Jailbreak (S5L8920+)2009-06-25T21:51:35Z<p>Pody: </p>
<hr />
<div>Because of the date the [[0x24000 Segment Overflow]] was leaked by [[NitroKey]], Apple may or may not have had the time to fix the bug in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. If not, the following needs to be done:<br />
* '''Find a new iBoot exploit''' - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.<br />
* '''Find a new bootrom exploit''' - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched [[LLB]].<br />
<br />
==ECID==<br />
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html]<br />
<br />
==Geohot's iBoot Exploit==<br />
Geohot has a new iBoot exploit in 7A341 FW. [http://iphonejtag.blogspot.com/2009/06/no-sn0w-in-summer.html]<br />
He has also found iv/keys for the ramdisk and for vfdecrypt. [[Planetbeing]] discovered the key for Securerom.</div>Podyhttps://www.theiphonewiki.com/w/index.php?title=Jailbreak_(S5L8920%2B)&diff=3954Jailbreak (S5L8920+)2009-06-25T21:45:57Z<p>Pody: </p>
<hr />
<div>Because of the date the [[0x24000 Segment Overflow]] was leaked by [[NitroKey]], Apple may or may not have had the time to fix the bug in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. If not, the following needs to be done:<br />
* '''Find a new iBoot exploit''' - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.<br />
* '''Find a new bootrom exploit''' - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched [[LLB]].<br />
<br />
==ECID==<br />
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html]<br />
<br />
==Geohot's iBoot Exploit==<br />
Geohot has a new iBoot exploit in 7A341 FW. [http://iphonejtag.blogspot.com/2009/06/no-sn0w-in-summer.html]<br />
He has also found iv/keys for the ramdisk and for vfdecrypt. Planetbeing discovered the key for Securerom.</div>Pody