Difference between revisions of "Pwnage 2.0"

From The iPhone Wiki
Jump to: navigation, search
m (Change category to match other similar pages)
m (Updating.)
 
(11 intermediate revisions by 9 users not shown)
Line 1: Line 1:
This exploit in the [[VROM]] is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It can be patched out '''only''' by a new hardware revision.
+
This exploit in the [[VROM (S5L8900)|S5L8900 bootrom]] is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It is available in all devices that use the [[S5L8900]] - the [[M68AP|iPhone]], [[N45AP|iPod Touch]] and [[N82AP|iPhone 3G]]. It is also available on some non-iOS iPods.
 
 
==Credit==
 
==Credit==
[[The dev team]]
+
[[iPhone Dev Team]]
   
 
==Exploit==
 
==Exploit==
Line 11: Line 10:
 
*[[QuickPwn]]
 
*[[QuickPwn]]
 
*[[WinPwn]]
 
*[[WinPwn]]
  +
*[[redsn0w]]
*[http://lpahome.com/geohot/iran.rar iran]
 
  +
*[[iran]]
   
[[Category:Exploits]]
+
[[Category:Bootrom Exploits]]

Latest revision as of 07:51, 8 October 2015

This exploit in the S5L8900 bootrom is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It is available in all devices that use the S5L8900 - the iPhone, iPod Touch and iPhone 3G. It is also available on some non-iOS iPods.

Credit

iPhone Dev Team

Exploit

There is a stack overflow in the certificate parsing code. By passing a malformed certificate, unsigned code can be run.

Implementations