Difference between revisions of "S5L8720"

From The iPhone Wiki
Jump to: navigation, search
m
(iBoot / Kernel Level)
Line 3: Line 3:
 
==Exploits==
 
==Exploits==
 
===[[iBoot]] / [[Kernel]] Level===
 
===[[iBoot]] / [[Kernel]] Level===
  +
'''Note''': [[iBoot]] on the S5l8720 can be downgraded, allowing either exploit to be used on future firmwares
  +
 
* [[ARM7 Go]] - Firmware v2.1.1
 
* [[ARM7 Go]] - Firmware v2.1.1
* [[iBoot Environment Variable Overflow]] - Firmware v3.1b3 and below (Note: [[iBoot]] on the S5l8720 can be downgraded, allowing either exploit to be used on future firmwares)
+
* [[iBoot Environment Variable Overflow]] - 3.1 beta 3 and below
  +
* [[usb_control_msg(0x21, 2) Exploit]] - 3.1.2 and below
   
 
===[[VROM (S5L8720)|Bootrom]]===
 
===[[VROM (S5L8720)|Bootrom]]===

Revision as of 00:47, 13 October 2009

This is the Application Processor used on the iPod Touch 2G.

Exploits

iBoot / Kernel Level

Note: iBoot on the S5l8720 can be downgraded, allowing either exploit to be used on future firmwares

Bootrom

Boot Chain

VROM->LLB->iBoot->Kernel->System Software

It is definitely worthy to note that the Pwnage exploit is fixed because the images are now flashed to the NOR in their encrypted IMG3 containers, and the bootrom can properly sigcheck LLB. That being said, unsigned images can still be run using the 0x24000 Segment Overflow.

See Also