Difference between revisions of "S5L8920"

From The iPhone Wiki
Jump to: navigation, search
(Related iOS Exploits: This needed an update pretty badly.)
m (Bootrom Exploits)
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
This is the processor used in the [[iPhone 3GS]].
+
This is the processor used in the [[N88AP|iPhone 3GS]].
  +
  +
S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.
   
 
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs.
 
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs.
   
== Exploits ==
+
== [[Bootrom]] ==
  +
'''Bootrom Version''': [[Bootrom 359.3]]
=== [[S5L8920 (Bootrom)|Bootrom]] ===
 
  +
  +
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]].
  +
  +
== [[Bootrom]] Exploits ==
 
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]]
 
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]]
 
* [[Limera1n Exploit]]
 
* [[Limera1n Exploit]]
  +
* [[alloc8 Exploit]]
 
== Related iOS Exploits ==
 
=== [[iBoot]] ===
 
* [[iBoot Environment Variable Overflow]] - Works up to [[iOS]] 3.1 beta 3
 
* [[usb_control_msg(0x21, 2) Exploit]] - Works up to [[iOS]] 3.1.2
 
 
=== [[Kernel]] ===
 
* [[BPF STX Kernel Write Exploit]] - Works up to [[iOS]] 3.1.3
 
* [[IOSurface Kernel Exploit]] - Works up to [[iOS]] 4.0.1
 
* [[Packet Filter Kernel Exploit]] - Works up to [[iOS]] 4.1
 
* [[HFS Legacy Volume Name Stack Buffer Overflow]] - Works up to [[iOS]] 4.2.1
 
* [[ndrv_setspec() Integer Overflow]] - Works up to [[iOS]] 4.3.3
 
* [[HFS Heap Overflow]] - Works up to iOS 5.0.1
 
 
=== [[Userland]] ===
 
* [[MobileBackup Copy Exploit]] - Works up to [[iOS]] 3.1.3
 
* [[Malformed CFF Vulnerability]] - Works up to [[iOS]] 4.0.1
 
* [[T1 Font Integer Overflow]]- Works up to [[iOS]] 4.3.3
 
* [[Racoon String Format Overflow Exploit]] - Works up to iOS 5.0.1
 
   
 
== Boot Chain ==
 
== Boot Chain ==
[[S5L8920 (Bootrom)|Bootrom]]→[[LLB]]→[[iBoot]]→[[Kernel]]→[[Firmware|System Software]]
+
[[Bootrom]]→[[LLB]]→[[iBoot]]→[[Kernel]]→[[Firmware|System Software]]
   
 
== See also ==
 
== See also ==
* [[S5L8920 (Bootrom)]]
+
* [[Bootrom]]
 
* [[S5L8920 (Hardware)]]
 
* [[S5L8920 (Hardware)]]
* [[S5L8920 (Hardware - Quick Notes)]]
 
   
==External Links==
+
== External Links ==
 
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]
 
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]
  +
  +
[[Category:Application Processors]]

Latest revision as of 07:36, 12 April 2017

This is the processor used in the iPhone 3GS.

S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.

S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.

Bootrom

Bootrom Version: Bootrom 359.3

Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.

Bootrom Exploits

Boot Chain

BootromLLBiBootKernelSystem Software

See also

External Links