Jailbreak (S5L8920+)

From The iPhone Wiki
Revision as of 21:51, 25 June 2009 by Pody (talk | contribs)
Jump to: navigation, search

Because of the date the 0x24000 Segment Overflow was leaked by NitroKey, Apple may or may not have had the time to fix the bug in the iPhone 3G[s] Bootrom. If not, the following needs to be done:

  • Find a new iBoot exploit - This will allow us to decrypt the platform iBoot and other firmware files in it's IPSW, as well as dump the bootrom to examine.
  • Find a new bootrom exploit - After we have the bootrom dumped, we must look for a way to make SecureROM run our patched LLB.

ECID

Apple added a new tag to the img3 format called ECID. The ECID is unique to each phone, and is being sigchecked. So no downgrades unless you have a dump of your unique old firmware's img3. Therefore, iBoot exploits won't be so useful for tethered JBs, because such exploits will be closed in new FWs. [1]

Geohot's iBoot Exploit

Geohot has a new iBoot exploit in 7A341 FW. [2] He has also found iv/keys for the ramdisk and for vfdecrypt. Planetbeing discovered the key for Securerom.