Difference between revisions of "Diags (iBoot command)"

From The iPhone Wiki
Jump to: navigation, search
Line 5: Line 5:
   
 
==Exploit==
 
==Exploit==
This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the baseband using this, but the GPIOs need to be restored first.
+
This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the s5l using this, but the GPIOs need to be restored first.
   
 
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.
 
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.

Revision as of 04:23, 29 November 2008

This was an exploit in pre 2.0 versions of iBoot

Credit

The dev team

Exploit

This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv[1] specified, but not before disabling the GPIO devices. You can run unsigned code on the s5l using this, but the GPIOs need to be restored first.

In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.