Difference between revisions of "Bootrom 240.4"

From The iPhone Wiki
Jump to: navigation, search
(Merged in content from "S5L8720 (Bootrom).")
m
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This is an [[S5L8720]] [[bootrom]] revision for [[N72ap|iPod touch 2G]] devices sold between September 2008 and September 2009. It is located at 0x0 and uses SDRAM @ 0x22000000 for global variables. It patches the [[Pwnage]] exploit, as the bootrom now properly checks [[LLB]]'s signature. This bootrom is, however, vulnerable to the [[0x24000 Segment Overflow]] and the [[usb_control_msg(0xA1, 1) Exploit]].
+
This is an [[S5L8720]] [[bootrom]] revision for [[N72AP|iPod touch (2nd generation)]] devices sold between {{date|2009|09}} and {{date|2009|09}}. It is located at 0x0 and uses SDRAM @ 0x22000000 for global variables. It patches the [[Pwnage]] exploit, as the bootrom now properly checks [[LLB]]'s signature. This bootrom is, however, vulnerable to the [[0x24000 Segment Overflow]] and the [[usb_control_msg(0xA1, 1) Exploit]].
   
 
== MMU ==
 
== MMU ==
Line 6: Line 6:
 
* '''0x20000000 - 0x20100000 (ROM)''': remapped as cacheable and bufferable
 
* '''0x20000000 - 0x20100000 (ROM)''': remapped as cacheable and bufferable
 
* '''0x22000000 - 0x22100000 (SDRAM)''': remapped as cacheable and bufferable
 
* '''0x22000000 - 0x22100000 (SDRAM)''': remapped as cacheable and bufferable
  +
  +
For "Symbols", see also [[Address Mapping]].
   
 
[[Category:Bootrom]]
 
[[Category:Bootrom]]

Latest revision as of 13:54, 17 September 2021

This is an S5L8720 bootrom revision for iPod touch (2nd generation) devices sold between September 2009 and September 2009. It is located at 0x0 and uses SDRAM @ 0x22000000 for global variables. It patches the Pwnage exploit, as the bootrom now properly checks LLB's signature. This bootrom is, however, vulnerable to the 0x24000 Segment Overflow and the usb_control_msg(0xA1, 1) Exploit.

MMU

  • 0x0 - 0x40000000: mapped as uncacheable and unbufferable
  • 0x0 - 0x100000 (ROM): remapped as cacheable and bufferable
  • 0x20000000 - 0x20100000 (ROM): remapped as cacheable and bufferable
  • 0x22000000 - 0x22100000 (SDRAM): remapped as cacheable and bufferable

For "Symbols", see also Address Mapping.