Difference between revisions of "Diags (iBoot command)"

From The iPhone Wiki
Jump to: navigation, search
Line 5: Line 5:
   
 
==Exploit==
 
==Exploit==
The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the that processor
+
The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the processor
   
In 2.0 iBoots, they check the permission register.
+
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.

Revision as of 01:08, 28 July 2008

This was an exploit in pre 2.0 versions of iBoot

Credit

The dev team

Exploit

The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the I/O table. You can run unsigned code using this, but there's no guarantee about the state of the processor

In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.