|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Bootrom Dumper Utility"
(→Info / Instructions) |
m |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 10: | Line 10: | ||
* libusb 1.0.8 required |
* libusb 1.0.8 required |
||
* execute it with root privileges (sudo ./bdu) |
* execute it with root privileges (sudo ./bdu) |
||
| − | * by default compatible only with A4 devices: (iPhone 4, iPod |
+ | * by default compatible only with A4 devices: ([[iPhone 4]], [[iPod touch (4th generation)]], [[K66AP|iPad]], [[Apple TV (2nd generation)]]) |
| − | It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod |
+ | It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod (3rd generation)) by changing: |
* the offset to the call of usb_wait_for_image in payload.S |
* the offset to the call of usb_wait_for_image in payload.S |
||
| − | 0x7ef @ A4 devices: iPad |
+ | 0x7ef @ A4 devices: iPad, iPhone 4, Apple TV (2nd generation), iPod touch (4th generation) |
| − | 0x8b7 @ iPod touch |
+ | 0x8b7 @ iPod touch (3rd generation) |
0x8b7 @ iPhone 3GS new bootrom |
0x8b7 @ iPhone 3GS new bootrom |
||
0x8b7 @ iPhone 3GS old bootrom |
0x8b7 @ iPhone 3GS old bootrom |
||
| − | 0x82c @ iPod touch |
+ | 0x82c @ iPod touch (2nd generation) new bootrom |
| − | 0x82d @ iPod touch |
+ | 0x82d @ iPod touch (2nd generation) old bootrom |
* exploit offsets in bdu.c |
* exploit offsets in bdu.c |
||
| Line 27: | Line 27: | ||
#define EXPLOIT_LR 0x8403BF9C |
#define EXPLOIT_LR 0x8403BF9C |
||
#define LOADADDR_SIZE 0x2C000 |
#define LOADADDR_SIZE 0x2C000 |
||
| − | // iPod touch |
+ | // iPod touch (2nd generation): |
#define EXPLOIT_LR 0x22000000 |
#define EXPLOIT_LR 0x22000000 |
||
#define LOADADDR_SIZE 0x24000 |
#define LOADADDR_SIZE 0x24000 |
||
| − | // iPod touch |
+ | // iPod touch (3rd generation): |
#define EXPLOIT_LR 0x84033F98 |
#define EXPLOIT_LR 0x84033F98 |
||
#define LOADADDR_SIZE 0x24000 |
#define LOADADDR_SIZE 0x24000 |
||
Latest revision as of 09:32, 26 March 2017
The Bootrom Dumper Utility (short BDU) is an application that will create a copy (aka dump) of the Bootrom of compatible devices on the local machine from where the application is run.
Credit
Info / Instructions
- you need a mac or linux box to use it / build it
- libusb 1.0.8 required
- execute it with root privileges (sudo ./bdu)
- by default compatible only with A4 devices: (iPhone 4, iPod touch (4th generation), iPad, Apple TV (2nd generation))
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod (3rd generation)) by changing:
- the offset to the call of usb_wait_for_image in payload.S
0x7ef @ A4 devices: iPad, iPhone 4, Apple TV (2nd generation), iPod touch (4th generation) 0x8b7 @ iPod touch (3rd generation) 0x8b7 @ iPhone 3GS new bootrom 0x8b7 @ iPhone 3GS old bootrom 0x82c @ iPod touch (2nd generation) new bootrom 0x82d @ iPod touch (2nd generation) old bootrom
- exploit offsets in bdu.c
// A4: #define EXPLOIT_LR 0x8403BF9C #define LOADADDR_SIZE 0x2C000 // iPod touch (2nd generation): #define EXPLOIT_LR 0x22000000 #define LOADADDR_SIZE 0x24000 // iPod touch (3rd generation): #define EXPLOIT_LR 0x84033F98 #define LOADADDR_SIZE 0x24000 // iPhone 3GS new bootrom: #define EXPLOIT_LR 0x84033FA4 #define LOADADDR_SIZE 0x24000
