https://www.theiphonewiki.com/w/api.php?action=feedcontributions&feedformat=atom&user=Shad00wThe iPhone Wiki - User contributions [en]2026-06-10T14:53:31ZUser contributionsMediaWiki 1.31.14https://www.theiphonewiki.com/w/index.php?title=Talk:Apex_8A306_(iPhone3,1)&diff=9108Talk:Apex 8A306 (iPhone3,1)2010-09-09T12:44:36Z<p>Shad00w: Response</p>
<hr />
<div>'''Wait a sec ...'''<br />
Just a quick question, how did (whoever) manage to get the keys for the iBSS ? Cheers --[[User:Shad00w|Shad00w]] 20:09, 8 September 2010 (UTC)<br />
<br />
: [[pod2g]] published them three hours ago: [http://twitter.com/pod2g/status/23932796062 Tweet by pod2g]. It looks like he found a new exploit. -- [[User:Http|http]] 20:31, 8 September 2010 (UTC)<br />
<br />
Sorry, I didn't know ! Congrats to pod2g and I can't wait to use the exploit ! <br />
--[[User:Shad00w|Shad00w]] 13:44, 9 September 2010 (UTC)</div>Shad00whttps://www.theiphonewiki.com/w/index.php?title=Talk:Apex_8A306_(iPhone3,1)&diff=9074Talk:Apex 8A306 (iPhone3,1)2010-09-08T20:09:28Z<p>Shad00w: quick question</p>
<hr />
<div>[[Wait a sec ...]]<br />
Just a quick question, how did (whoever) manage to get the keys for the iBSS ? Cheers --[[User:Shad00w|Shad00w]] 20:09, 8 September 2010 (UTC)</div>Shad00whttps://www.theiphonewiki.com/w/index.php?title=Ramdisk_Hack&diff=6882Ramdisk Hack2010-07-10T21:05:21Z<p>Shad00w: not much</p>
<hr />
<div>This allows unsigned ramdisks to be booted. It was first publicized by [[ZiPhone]] <br />
<br />
==Exploit==<br />
Passing pmd*= boot-args specifying a ramdisk in ram > 0x9C000000 allows any ramdisk to be booted.<br />
<br />
==Implementation==<br />
* [[PwnageTool]]<br />
* [[ZiPhone]]<br />
* iPlus<br />
* iLibertyX / [[iLiberty+]]<br />
* iFree <br />
* iPhone Forensics Toolkit<br />
* iNdependence<br />
* Any Jailbreak program so far<br />
* iTunes<br />
* Android<br />
* Zune<br />
* Linux<br />
* Windows Mobile<br />
* webOS<br />
* BlackBerry OS<br />
<br />
== History ==<br />
<br />
Credit goes to the Dev Team for the discovery of the ramdisk hack. First implemented in ZiPhone, using code taken from the dev-team repository, it allowed running jailbreaks on the fly to be quicker than previous jailbreak implementations, due to the fact that at the time it was the only ramdisk hack jailbreak available.<br />
<br />
[[Category:Jailbreaks]]<br />
[[Category:Exploits]]</div>Shad00whttps://www.theiphonewiki.com/w/index.php?title=Unsolved_problems&diff=6867Unsolved problems2010-07-10T16:31:15Z<p>Shad00w: Updating link :L</p>
<hr />
<div>Use your imagination; what do you want?<br />
<br />
==Exploits Needed==<br />
* [[Unlock 2.0|3G iPhone Baseband]] - Partly done ([[ultrasn0w]] uses [[AT+XLOG Vulnerability]] which is available in all versions until 04.26.08)<br />
* [[Baseband Bootrom|iPhone 3G Baseband Bootrom]] (breaking the chain of trust)<br />
* <del>[[S5L8720|iPod Touch 2G S5L Bootrom]] (breaking the chain of trust)</del> - Done ([[0x24000 Segment Overflow]])<br />
* [[S5L8920 (Bootrom)|iPhone 3GS Bootrom]] (breaking the chain of trust or finding a way to write LLB without using an iBoot exploit)<br />
<br />
==Work to be done==<br />
*[[iPhoneLinux|Port Linux to the iPhone]] [http://www.iphonelinux.org/]<br />
**[[Port (Google's mobile os) to the iPhone]] [http://code.google.com/android/ Android Link]<br />
*[[Increased Bluetooth Profile Support]]<br />
*[[Patch iOS 4.0 to work on iPhone 2G & iPod Touch 1G]]<br />
*IP over iTunes<br />
*Getting NMEA output from the GPS<br />
*IPFW kernel extension<br />
*Find out how to activate the Broad-comm radio/wireless N chip<br />
<br />
== Investigation ==<br />
*[[Research: Pwnage Patches]]<br><br />
*[[Research: Re-allowing unsigned ramdisks and boot-args with the 2.* iBoot]]<br />
*[[2.0 and 1.1.4 dual boot]]</div>Shad00whttps://www.theiphonewiki.com/w/index.php?title=Unsolved_problems&diff=6863Unsolved problems2010-07-10T16:22:25Z<p>Shad00w: Adding link for iOS 4.0 patching page</p>
<hr />
<div>Use your imagination; what do you want?<br />
<br />
==Exploits Needed==<br />
* [[Unlock 2.0|3G iPhone Baseband]] - Partly done ([[ultrasn0w]] uses [[AT+XLOG Vulnerability]] which is available in all versions until 04.26.08)<br />
* [[Baseband Bootrom|iPhone 3G Baseband Bootrom]] (breaking the chain of trust)<br />
* <del>[[S5L8720|iPod Touch 2G S5L Bootrom]] (breaking the chain of trust)</del> - Done ([[0x24000 Segment Overflow]])<br />
* [[S5L8920 (Bootrom)|iPhone 3GS Bootrom]] (breaking the chain of trust or finding a way to write LLB without using an iBoot exploit)<br />
<br />
==Work to be done==<br />
*[[iPhoneLinux|Port Linux to the iPhone]] [http://www.iphonelinux.org/]<br />
**[[Port (Google's mobile os) to the iPhone]] [http://code.google.com/android/ Android Link]<br />
*[[Increased Bluetooth Profile Support]]<br />
*[[Patch iOS 4.0 to work on iPhone 2G & iPod Touch 1G)]]<br />
*IP over iTunes<br />
*Getting NMEA output from the GPS<br />
*IPFW kernel extension<br />
*Find out how to activate the Broad-comm radio/wireless N chip<br />
<br />
== Investigation ==<br />
*[[Research: Pwnage Patches]]<br><br />
*[[Research: Re-allowing unsigned ramdisks and boot-args with the 2.* iBoot]]<br />
*[[2.0 and 1.1.4 dual boot]]</div>Shad00w