The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Bootrom Dumper Utility"
m (→Info / Instructions) |
m (→Info / Instructions: oops) |
||
Line 10: | Line 10: | ||
* libusb 1.0.8 required |
* libusb 1.0.8 required |
||
* execute it with root privileges (sudo ./bdu) |
* execute it with root privileges (sudo ./bdu) |
||
− | * by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV |
+ | * by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2G) |
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing: |
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing: |
Revision as of 13:13, 15 February 2014
The Bootrom Dumper Utility (short BDU) is an application that will create a copy (aka dump) of the Bootrom of compatible devices on the local machine from where the application is run.
Credit
Info / Instructions
- you need a mac or linux box to use it / build it
- libusb 1.0.8 required
- execute it with root privileges (sudo ./bdu)
- by default compatible only with A4 devices: (iPhone 4, iPod 4G, iPad, AppleTV 2G)
It's possible to extend the compatibility to older devices as well (iPhone 3GS, iPod 3G) by changing:
- the offset to the call of usb_wait_for_image in payload.S
0x7ef @ A4 devices: iPad 1, iPhone 4, Apple TV 2G, iPod touch 4G 0x8b7 @ iPod touch 3G 0x8b7 @ iPhone 3GS new bootrom 0x8b7 @ iPhone 3GS old bootrom 0x82c @ iPod touch 2G new bootrom 0x82d @ iPod touch 2G old bootrom
- exploit offsets in bdu.c
// A4: #define EXPLOIT_LR 0x8403BF9C #define LOADADDR_SIZE 0x2C000 // iPod touch 2G: #define EXPLOIT_LR 0x22000000 #define LOADADDR_SIZE 0x24000 // iPod touch 3G: #define EXPLOIT_LR 0x84033F98 #define LOADADDR_SIZE 0x24000 // iPhone 3GS new bootrom: #define EXPLOIT_LR 0x84033FA4 #define LOADADDR_SIZE 0x24000