Difference between revisions of "Jailbreak (S5L8920+)"

From The iPhone Wiki
Jump to: navigation, search
Line 2: Line 2:
 
* '''Find a new iBoot exploit''' - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.
 
* '''Find a new iBoot exploit''' - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.
 
* '''Find a new bootrom exploit''' - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched [[LLB]].
 
* '''Find a new bootrom exploit''' - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched [[LLB]].
  +
  +
==ECID==
  +
Apple added a new tag to the img3 format called ECID. The ECID is ''unique'' to each phone, and '''is''' sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [http://iphonejtag.blogspot.com/2009/06/ecid-field-downgrades-no-dice.html]
  +
  +
==Geohot's iBoot Exploit==
  +
Geohot has a new iBoot exploit in 7A341 FW. [http://iphonejtag.blogspot.com/2009/06/no-sn0w-in-summer.html]

Revision as of 11:51, 23 June 2009

Because of the date the 0x24000 Segment Overflow was leaked by NitroKey, Apple may or may not have had the time to fix the bug in the iPhone 3G[s] Bootrom. If not, the following needs to be done:

  • Find a new iBoot exploit - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.
  • Find a new bootrom exploit - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched LLB.

ECID

Apple added a new tag to the img3 format called ECID. The ECID is unique to each phone, and is sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [1]

Geohot's iBoot Exploit

Geohot has a new iBoot exploit in 7A341 FW. [2]