Difference between revisions of "Bootrom Dumper Utility"

From The iPhone Wiki
Jump to: navigation, search
m (Info / Instructions)
m (Info / Instructions: oops)
Line 10: Line 10:
 
* libusb 1.0.8 required
 
* libusb 1.0.8 required
 
* execute it with root privileges (sudo ./bdu)
 
* execute it with root privileges (sudo ./bdu)
* by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2)
+
* by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2G)
   
 
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing:
 
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing:

Revision as of 13:13, 15 February 2014

The Bootrom Dumper Utility (short BDU) is an application that will create a copy (aka dump) of the Bootrom of compatible devices on the local machine from where the application is run.

Credit

Pod2g

Geohot for limera1n

Info / Instructions

  • you need a mac or linux box to use it / build it
  • libusb 1.0.8 required
  • execute it with root privileges (sudo ./bdu)
  • by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2G)

It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing:

  • the offset to the call of usb_wait_for_image in payload.S
0x7ef @ A4 devices: iPad 1, iPhone 4, Apple TV 2G, iPod touch 4G
0x8b7 @ iPod touch 3G
0x8b7 @ iPhone 3GS new bootrom
0x8b7 @ iPhone 3GS old bootrom
0x82c @ iPod touch 2G new bootrom
0x82d @ iPod touch 2G old bootrom
  • exploit offsets in bdu.c
// A4:
#define EXPLOIT_LR 0x8403BF9C
#define LOADADDR_SIZE 0x2C000
// iPod touch 2G:
#define EXPLOIT_LR 0x22000000
#define LOADADDR_SIZE 0x24000
// iPod touch 3G:
#define EXPLOIT_LR 0x84033F98
#define LOADADDR_SIZE 0x24000
// iPhone 3GS new bootrom:
#define EXPLOIT_LR 0x84033FA4
#define LOADADDR_SIZE 0x24000

Links

Github