Difference between revisions of "AT+XLOG Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
m
m
 
(11 intermediate revisions by 7 users not shown)
Line 1: Line 1:
Used as an injection vector for the current [[iPhone 3G]] [[Unlock 2.0|unlock]] payload - [[ultrasn0w]]. Currently available in all baseband versions, but it's very likely that Apple will close this exploit in the next baseband update.
+
Used as an injection vector in [[purplesn0w]] and older versions of [[ultrasn0w]] to [[X-Gold 608 Unlock|unlock]] the [[X-Gold 608]]. Currently available in all baseband versions until [[04.26.08]].
   
 
==Credit==
 
==Credit==
Line 5: Line 5:
   
 
==Exploit==
 
==Exploit==
There is a buffer overflow in the AT+XLOG=1,"..." command, which allows unsigned code execution on the [[X-Gold 608|iPhone 3G baseband]].
+
There is a stack overflow in the AT+XLOG=1,"..." command, which allows unsigned code execution on the [[X-Gold 608]].
  +
  +
at+xlog=1,"jjjjjjjjjjjjjjjjjjjjjjjjjjjj44445555PPPP"
  +
j's are junk
  +
R4 = 4
  +
R5 = 5
  +
PC = P
   
 
==Implementation==
 
==Implementation==
The exploit is used in [[ultrasn0w]].
+
The exploit is used in [[ultrasn0w]] and [[purplesn0w]].
  +
  +
{{stub|exploit}}
   
 
[[Category:Baseband Exploits]]
 
[[Category:Baseband Exploits]]

Latest revision as of 00:35, 28 January 2013

Used as an injection vector in purplesn0w and older versions of ultrasn0w to unlock the X-Gold 608. Currently available in all baseband versions until 04.26.08.

Credit

Oranav

Exploit

There is a stack overflow in the AT+XLOG=1,"..." command, which allows unsigned code execution on the X-Gold 608.

at+xlog=1,"jjjjjjjjjjjjjjjjjjjjjjjjjjjj44445555PPPP"
j's are junk
R4 = 4
R5 = 5
PC = P

Implementation

The exploit is used in ultrasn0w and purplesn0w.

Tango Utilities-terminal.png This exploit article is a "stub", an incomplete page. Please add more content to this article and remove this tag.