This was an exploit in pre 2.0 versions of iBoot
This is a very simple exploit. In earlier iBoots, if a parameter was given to the 'diags' command, then it would jump to whatever address argv specified, but not before disabling the GPIO devices. You can run unsigned code on the baseband using this, but the GPIOs need to be restored first.
In 2.0 iBoots, they check the permission register for this command, so the exploit doesn't work.