Difference between revisions of "Jailbreak (S5L8920+)"

From The iPhone Wiki
Jump to: navigation, search
m
(ECID)
Line 4: Line 4:
   
 
==ECID==
 
==ECID==
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html].
+
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So Apple could block downgrades once newer firmware becomes available, unless you have a dump of your unique old firmware's img3 or signed certificate. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html].
   
The issue with this is that, even with [[24kpwn]] still in bootrom, and [[iBoot]] exploit is still needed to actually flash the 24kpwned [[LLB]]. If Apple uses this ECID stuff to block downgrades, than a new [[iBoot]] exploit will be needed whenever they fix the last, so that [[24kpwn]] can be applied. This is because Apple could choose to not let you upload an older / exploitable iBEC / iBoot / iBSS to the device. If you go to http://purplera1n.com/ now though and save the file, you will be OK.
+
The issue with this is that, even with [[24kpwn]] still in bootrom, an [[iBoot]] exploit is still needed to actually flash the 24kpwned [[LLB]]. If Apple uses this ECID stuff to block downgrades, than a new [[iBoot]] exploit will be needed whenever they fix the last, so that [[24kpwn]] can be applied. This is because Apple could choose to not let you upload an older / exploitable iBEC / iBoot / iBSS to the device. If you go to http://purplera1n.com/ now though and save the file, you will be OK.

Revision as of 13:24, 26 June 2009

Apple did not have the time to fix the 24kpwn hole in the iPhone 3G[s] Bootrom. Thus, the following needs to be done:

  • Find iBoot exploit - In order to flash 24kPwned LLB.
  • "Port" the 24kpwn exploit - In order to run our patched LLB and to skip the ECID checks.

ECID

Apple added a new tag to the img3 format called ECID. The ECID is unique to each phone, and is being sigchecked. So Apple could block downgrades once newer firmware becomes available, unless you have a dump of your unique old firmware's img3 or signed certificate. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [1].

The issue with this is that, even with 24kpwn still in bootrom, an iBoot exploit is still needed to actually flash the 24kpwned LLB. If Apple uses this ECID stuff to block downgrades, than a new iBoot exploit will be needed whenever they fix the last, so that 24kpwn can be applied. This is because Apple could choose to not let you upload an older / exploitable iBEC / iBoot / iBSS to the device. If you go to http://purplera1n.com/ now though and save the file, you will be OK.