|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "S5L8900"
(type of device) |
(removed non-hardware-related exploits) |
||
| Line 3: | Line 3: | ||
==[[S5L File Formats|Firmware File Formats]]== |
==[[S5L File Formats|Firmware File Formats]]== |
||
| − | == Exploits == |
+ | == [[VROM (S5L8900)|Bootrom]] Exploits == |
| − | ===[[iBoot (Bootloader)|iBoot]]=== |
||
| − | * [[Restore Mode]] - Works up to [[iOS]] 1.0.2 |
||
| − | * [[Ramdisk Hack]] - Works up to [[iOS]] 2.0 beta 3 |
||
| − | * [[diags]] - Works up to [[iOS]] 2.0 beta 5 |
||
| − | * [[iBoot Environment Variable Overflow]] - Works up to [[iOS]] 3.1 beta 3 |
||
| − | * [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2 |
||
| − | |||
| − | ===[[VROM (S5L8900)|Bootrom]]=== |
||
* [[pwnage|Pwnage 1.0 (Ramdisk + AppleImage2NORAccess)]] |
* [[pwnage|Pwnage 1.0 (Ramdisk + AppleImage2NORAccess)]] |
||
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
* [[Pwnage 2.0|Pwnage 2.0 (DFU + Malformed Certificate)]] |
||
| − | |||
| − | === [[Kernel]] === |
||
| − | * [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0.1 |
||
| − | * [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] 4.1 |
||
| − | * [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] 4.2.1 |
||
| − | |||
| − | === [[Userland]] === |
||
| − | * [[Symlinks]] - Works up to [[iOS]] 1.1.1 |
||
| − | * [[LibTiff]] - Works up to [[iOS]] 1.1.1 |
||
| − | * [[Mknod]] - Works up to [[iOS]] 1.1.2 |
||
| − | * [[Dual Boot Exploit]] - Works up to [[iOS]] 2.0 beta 3 |
||
| − | * [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3 |
||
| − | * [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0.1 |
||
==Boot Chain== |
==Boot Chain== |
||
Revision as of 21:09, 25 October 2012
This is the Application Processor shared between the iPhone, iPod touch, and the iPhone 3G. Not much is known about it through official sources. According to saurik, this is an "arm1176jzf-s", if you're looking for manuals. This processor is not used in any of the newest devices, being replaced by the S5L8720, S5L8920, S5L8922, S5L8930, S5L8940, S5L8942 and S5L8945.
Contents
Firmware File Formats
Bootrom Exploits
Boot Chain
VROM (S5L8900)->LLB->iBoot->Kernel->System Software
One of the iPhoneLinux goals are to replace that Boot Chain after iBoot:
VROM (S5L8900)->OpeniBoot->Linux Kernel->X Server->Window Manager
Upgrade Process
Restore Mode
The common upgrade process chain is VROM->DFU Mode->WTF->iBoot->Kernel->Ramdisk->Restore Mode.
DFU Mode
To flash an older version of the iPhone software you have to let your phone reside in DFU Mode. In iTunes you have to press the option key (Mac) or the shift key (Windows) when pressing 'Restore' to be able to manually chose an IPSW.
