Difference between revisions of "S5L8920"

From The iPhone Wiki
Jump to: navigation, search
m (fix links)
(removed non-hardware-related exploits)
Line 5: Line 5:
 
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs.
 
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs.
   
== Bootrom ==
+
== [[Bootrom]] ==
 
'''Bootrom Version''': [[Bootrom 359.3]]
 
'''Bootrom Version''': [[Bootrom 359.3]]
   
 
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]].
 
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]].
   
== Exploits ==
+
== [[Bootrom]] Exploits ==
=== [[Bootrom]] ===
 
 
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]]
 
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]]
 
* [[Limera1n Exploit]]
 
* [[Limera1n Exploit]]
 
== Related iOS Exploits ==
 
=== [[iBoot]] ===
 
* [[iBoot Environment Variable Overflow]] - Works up to [[iOS]] 3.1 beta 3
 
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2
 
 
=== [[Kernel]] ===
 
* [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3
 
* [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0.1
 
* [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] 4.1
 
* [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] 4.2.1
 
* [[ndrv_setspec() Integer Overflow]] - Works up to [[iOS]] 4.3.3
 
* [[HFS Heap Overflow]] - Works up to iOS 5.0.1
 
 
=== [[Userland]] ===
 
* [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3
 
* [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0.1
 
* [[T1 Font Integer Overflow]]- Works up to [[iOS]] 4.3.3
 
* [[Racoon String Format Overflow Exploit]] - Works up to iOS 5.0.1
 
   
 
== Boot Chain ==
 
== Boot Chain ==
Line 42: Line 22:
 
* [[S5L8920 (Hardware - Quick Notes)]]
 
* [[S5L8920 (Hardware - Quick Notes)]]
   
==External Links==
+
== External Links ==
 
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]
 
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]

Revision as of 21:18, 25 October 2012

This is the processor used in the iPhone 3GS.

S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.

S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.

Bootrom

Bootrom Version: Bootrom 359.3

Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.

Bootrom Exploits

Boot Chain

BootromLLBiBootKernelSystem Software

See also

External Links