Difference between revisions of "S5L8920"

From The iPhone Wiki
Jump to: navigation, search
(Chronic and Geohot have been talking about an exploit on twitter they found back in July. It's important to note here that it exists. :))
m (Bootrom Exploits)
 
(29 intermediate revisions by 11 users not shown)
Line 1: Line 1:
This is the processor used in the [[iPhone 3GS]].
+
This is the processor used in the [[N88AP|iPhone 3GS]].
   
  +
S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.
S5L8920 using [http://www.arm.com/products/CPUs/archi-thumb2.html THUMB-2] instruction set as much as ARM and THUMB ones. So the compiled binaries are not compatible with older CPUs.
 
   
  +
[[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only [[ARMv7]] and are not compatible with older CPUs.
== Exploits ==
 
=== [[iBoot]] / [[Kernel]] ===
 
* [[iBoot Environment Variable Overflow]] - Firmware 3.1b1 and below (Note: [[iBoot]] on the S5L8920 can be downgraded allowing the exploit to be used on future firmwares, but ''only if'' a backup of the device-specific Apple-signed 3.0 iBSS with unique [[ECID]] was made.)
 
* Undisclosed exploit - 3.1 and below.
 
   
=== [[S5L8920 (Bootrom)|Bootrom]] ===
+
== [[Bootrom]] ==
  +
'''Bootrom Version''': [[Bootrom 359.3]]
* [[0x24000 Segment Overflow]]
 
  +
  +
Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]].
  +
  +
== [[Bootrom]] Exploits ==
  +
* [[0x24000 Segment Overflow]] - only in [[Bootrom 359.3]]
  +
* [[Limera1n Exploit]]
  +
* [[alloc8 Exploit]]
   
 
== Boot Chain ==
 
== Boot Chain ==
[[S5L8920 (Bootrom)|Bootrom]]->[[LLB]]->[[iBoot]]->[[Kernel]]->[[System|System Software]]
+
[[Bootrom]]→[[LLB]]→[[iBoot]]→[[Kernel]]→[[Firmware|System Software]]
   
 
== See also ==
 
== See also ==
* [[S5L8920 (Bootrom)]]
+
* [[Bootrom]]
 
* [[S5L8920 (Hardware)]]
 
* [[S5L8920 (Hardware)]]
  +
* [[S5L8920 (Hardware - Quick Notes)]]
 
  +
== External Links ==
  +
* [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344j/DDI0344J_cortex_a8_r3p2_trm.pdf Technical Reference Manual: Cortex A8]
  +
  +
[[Category:Application Processors]]

Latest revision as of 07:36, 12 April 2017

This is the processor used in the iPhone 3GS.

S5L8920 and derivative SoCs use the armv7 family, with later versions of the architecture using armv7f/armv7s.

S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.

Bootrom

Bootrom Version: Bootrom 359.3

Units produced after 2009 week 40 have Bootrom 359.3.2 and not vulnerable to the 0x24000 Segment Overflow.

Bootrom Exploits

Boot Chain

BootromLLBiBootKernelSystem Software

See also

External Links