|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Jailbreak (S5L8920+)"
(:)) |
ChronicDev (talk | contribs) |
||
| Line 1: | Line 1: | ||
Apple did not have the time to fix the [[24kpwn]] hole in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. Thus, the following needs to be done: |
Apple did not have the time to fix the [[24kpwn]] hole in the [[S5L8920 (Bootrom)|iPhone 3G[s] Bootrom]]. Thus, the following needs to be done: |
||
| − | * ''' |
+ | * '''Find iBoot exxploit''' - In order to flash 24kPwned [[LLB]]. |
| + | * '''"Port" the [[24kpwn]] exploit''' - In order to run our patched [[LLB]] and to skip the ECID checks. |
||
==ECID== |
==ECID== |
||
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html] |
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html] |
||
| − | |||
| − | ==Geohot's iBoot Exploit== |
||
| − | An undisclosed exploit has been discovered by geohot in the 7A341 firmware. [http://iphonejtag.blogspot.com/2009/06/no-sn0w-in-summer.html] With the help of this exploit, the hardware AES engine has been used to decrypt the the KBAG sections of each of the iPhone2,1 7A341 images. The exploit has also been used to dump the [[S5L8920 (Bootrom)|S5L8920 Bootrom]]. |
||
Revision as of 12:59, 26 June 2009
Apple did not have the time to fix the 24kpwn hole in the iPhone 3G[s] Bootrom. Thus, the following needs to be done:
- Find iBoot exxploit - In order to flash 24kPwned LLB.
- "Port" the 24kpwn exploit - In order to run our patched LLB and to skip the ECID checks.
ECID
Apple added a new tag to the img3 format called ECID. The ECID is unique to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [1]
