|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "DFU Mode"
m (→How to Enter True Hardware DFU) |
ChronicDev (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | '''DFU''' or '''Device Firmware Upgrade''' mode allows the [[S5L8900]] to be restored from any state. It resides in the [[VROM]] and is vulnerable to the [[pwnage 2.0]] exploit. |
+ | '''DFU''' or '''Device Firmware Upgrade''' mode allows the [[S5L8900]] and [[S5L8720]] to be restored from any state. It resides in the [[VROM]] and the [[S5L8900]] variant is vulnerable to the [[pwnage 2.0]] exploit. |
| − | ==Entering DFU== |
+ | ==Entering / Exitting DFU== |
Software cannot be used to reliably enter DFU. Software methods rely on sending a WTF file which either calls the "real" DFU mode in bootrom or emulates it. If you are attempting to exploit the DFU, it is advisable to always use the hardware method. If your NOR firmware is corrupted, of course you have no recourse but to use the hardware method. |
Software cannot be used to reliably enter DFU. Software methods rely on sending a WTF file which either calls the "real" DFU mode in bootrom or emulates it. If you are attempting to exploit the DFU, it is advisable to always use the hardware method. If your NOR firmware is corrupted, of course you have no recourse but to use the hardware method. |
||
===How to Enter True Hardware DFU=== |
===How to Enter True Hardware DFU=== |
||
# Turn off the device. |
# Turn off the device. |
||
| − | # Hold |
+ | # Hold Power and Home for 10 seconds |
| + | # Release Power, and keep holding Home |
||
| − | # Without letting go of the power, press and hold the home button. Hold both buttons for 10 seconds, then just let the power button go. |
||
| − | # Keep |
+ | # Keep holding home until you are alerted by your computer that it has detected a device in DFU. |
If the Restore Logo is present on the screen, you are in ''[[Restore Mode]]'', '''not''' ''DFU''. |
If the Restore Logo is present on the screen, you are in ''[[Restore Mode]]'', '''not''' ''DFU''. |
||
| − | ==Exiting DFU |
+ | ===Exiting DFU=== |
While in DFU, hold the power button for 30-60 seconds. When I have tested it, it has varied, so I don't know an exact length of time to hold it. Note that sometimes if you do this, when the device reboots from DFU, it will go into recovery mode for reasons unknown. |
While in DFU, hold the power button for 30-60 seconds. When I have tested it, it has varied, so I don't know an exact length of time to hold it. Note that sometimes if you do this, when the device reboots from DFU, it will go into recovery mode for reasons unknown. |
||
| − | Another way to exit DFU through software is by the use of [[iRecovery]]. |
+ | Another way to exit DFU through software is by the use of [[iRecovery]]. Chainload an iBoot with iBSS or iBEC, or both, I have not done it in awhile so I am not sure, then send the "fsboot" command. |
| − | == |
+ | ==Revisions== |
| − | ===0x1222=== |
+ | ===[[S5L8900]] (0x1222)=== |
This is the device ID in the iPod Touch First Generation, the iPhone, and the iPhone 3G. It is vulnerable to the [[Pwnage 2.0]] stack overflow exploit. |
This is the device ID in the iPod Touch First Generation, the iPhone, and the iPhone 3G. It is vulnerable to the [[Pwnage 2.0]] stack overflow exploit. |
||
| − | ===0x1227=== |
+ | ===[[S5L8720 Bootrom|S5L8720]] (0x1227)=== |
| − | This is the device ID in the iPod Touch |
+ | This is the device ID in the iPod Touch 2G. |
Revision as of 01:39, 6 February 2009
DFU or Device Firmware Upgrade mode allows the S5L8900 and S5L8720 to be restored from any state. It resides in the VROM and the S5L8900 variant is vulnerable to the pwnage 2.0 exploit.
Contents
Entering / Exitting DFU
Software cannot be used to reliably enter DFU. Software methods rely on sending a WTF file which either calls the "real" DFU mode in bootrom or emulates it. If you are attempting to exploit the DFU, it is advisable to always use the hardware method. If your NOR firmware is corrupted, of course you have no recourse but to use the hardware method.
How to Enter True Hardware DFU
- Turn off the device.
- Hold Power and Home for 10 seconds
- Release Power, and keep holding Home
- Keep holding home until you are alerted by your computer that it has detected a device in DFU.
If the Restore Logo is present on the screen, you are in Restore Mode, not DFU.
Exiting DFU
While in DFU, hold the power button for 30-60 seconds. When I have tested it, it has varied, so I don't know an exact length of time to hold it. Note that sometimes if you do this, when the device reboots from DFU, it will go into recovery mode for reasons unknown.
Another way to exit DFU through software is by the use of iRecovery. Chainload an iBoot with iBSS or iBEC, or both, I have not done it in awhile so I am not sure, then send the "fsboot" command.
Revisions
S5L8900 (0x1222)
This is the device ID in the iPod Touch First Generation, the iPhone, and the iPhone 3G. It is vulnerable to the Pwnage 2.0 stack overflow exploit.
S5L8720 (0x1227)
This is the device ID in the iPod Touch 2G.
