AT+XAPP Vulnerability

From The iPhone Wiki
Revision as of 18:41, 4 August 2010 by Dialexio (talk | contribs)
Jump to: navigation, search

Used as an injection vector for the X-Gold 608 and XMM 6180 unlock payload. ‬Currently available in all X-Gold 608 basebands until 5.13.04, and XMM 6180 baseband 1.59.00.‬ ‭

Credit

Exploit

There is a stack overflow in the AT+XAPP‭="..." ‬command‭, ‬which allows unsigned code execution on the X-Gold 608 and XMM 6180.

at+xapp="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4444555566667777PPPP"

Applying a string of more than 52‭ ‬characters will trigger the overflow.

Implementation

The exploit was used by iPhone Dev Team in ultrasn0w 1.0-1, which is able to unlock the X-Gold 608 basebands 4.26.08, 5.11.07, 5.12.01 ‬and 5.13.04, and XMM 6180 baseband 1.59.00.