The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
User contributions
(newest | oldest) View (newer 100 | older 100) (20 | 50 | 100 | 250 | 500)
- 23:28, 27 July 2008 (diff | hist) . . (+62) . . 8900 File Format
- 23:25, 27 July 2008 (diff | hist) . . (+4) . . AES Keys
- 23:25, 27 July 2008 (diff | hist) . . (+78) . . N UID key (New page: AES hardware key unique to each iPhone. Used to encrypt things in the NOR.)
- 23:25, 27 July 2008 (diff | hist) . . (+435) . . N AES Keys (New page: The S5L8900 has an AES coprocessor with the GID-key and UID-key built in. ==Key 0x837== Generated by encrypting 345A2D6C5050D058780DA431F0710E15 with GID-key to get 188458...)
- 23:22, 27 July 2008 (diff | hist) . . (+22) . . N Key 0x837 (Redirecting to AES Keys)
- 23:21, 27 July 2008 (diff | hist) . . (+13) . . Main Page
- 23:20, 27 July 2008 (diff | hist) . . (+188) . . N GID Key (New page: The hardware AES key shared by every iPhone and iPhone 3G. Used to generated Key 0x837. ==Attack== It would be great to perform some side channel attack of this to extract it.)
- 23:19, 27 July 2008 (diff | hist) . . (+81) . . m 8900 File Format
- 23:18, 27 July 2008 (diff | hist) . . (+1,020) . . N 8900 File Format (New page: This is the file format used by the S5L8900 ==Header== typedef struct { uchar magic[4]; // string "8900" uchar version[3]; // string "1.0" uint8 form...)
- 23:17, 27 July 2008 (diff | hist) . . (+21) . . N Application Processor (Redirecting to S5L8900)
- 23:17, 27 July 2008 (diff | hist) . . (+143) . . N S5L8900 (New page: This is the Application Processor shared between the iPhone and the iPhone 3G. Not much is known about it through official sources.)
- 23:16, 27 July 2008 (diff | hist) . . (+37) . . PMB8878
- 23:15, 27 July 2008 (diff | hist) . . (+51) . . PMB8876
- 23:14, 27 July 2008 (diff | hist) . . (+65) . . PMB8876
- 23:13, 27 July 2008 (diff | hist) . . (+1) . . Baseband
- 23:13, 27 July 2008 (diff | hist) . . (+76) . . N Baseband (New page: The S-Gold2 or X-Gold 608 chip used to handle all cellular function.)
- 23:13, 27 July 2008 (diff | hist) . . (+72) . . N Ramdisk (New page: This is what iTunes boots to upgrade the System and the Baseband)
- 23:12, 27 July 2008 (diff | hist) . . (+9) . . Main Page
- 23:11, 27 July 2008 (diff | hist) . . (+74) . . Firmware
- 23:11, 27 July 2008 (diff | hist) . . (+130) . . Firmware
- 23:10, 27 July 2008 (diff | hist) . . (+1,893) . . N Firmware (New page: This is the Mac OS X system the iPhone runs The apple download links can be found at http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.appserver.client.M...)
- 23:06, 27 July 2008 (diff | hist) . . (+142) . . N User:Zibri (New page: A hard working hacker who discovered such things as the Ramdisk Hack, the Minus 0x20000 with Back Extend Erase, and the iPhone 3G.)
- 23:05, 27 July 2008 (diff | hist) . . (+52) . . N ZiPhone (New page: Zibri's tool to unlock, jailbreak, and activate.)
- 23:05, 27 July 2008 (diff | hist) . . (+266) . . N Ramdisk Hack (New page: This allows unsigned ramdisks to be booted. It was first publicized by ZiPhone ==Credit== The dev team ==Exploit== Passing boot args specifying a ramdisk in ram > 0x9C000000 all...)
- 23:03, 27 July 2008 (diff | hist) . . (+246) . . N Kernel (New page: This is the Darwin kernel. Pre 2.0, it was vulnerable to the Ramdisk Hack and may still be, but iBoot doesn't allow boot-args to be passed anymore. It is mapped to memory at 0xC0000000...)
- 23:01, 27 July 2008 (diff | hist) . . (+102) . . N The iPhone Wiki:Copyrights (New page: If Apple made it, don't post it. If you made it, post it. If someone else made it, give them credit.)
- 23:01, 27 July 2008 (diff | hist) . . (+123) . . N82AP
- 23:00, 27 July 2008 (diff | hist) . . (+135) . . M68AP
- 22:59, 27 July 2008 (diff | hist) . . (+19) . . N IPhone 3G (Redirecting to N82ap)
- 22:58, 27 July 2008 (diff | hist) . . (+4) . . List of iPhones (Redirecting to M68ap)
- 22:58, 27 July 2008 (diff | hist) . . (+15) . . N List of iPhones (New page: #REDIRECT M68ap)
- 22:57, 27 July 2008 (diff | hist) . . (+426) . . N Baseband Bootloader (New page: This is responsible for updating the baseband ==3.9== This is the old bootloader from the iPhone/S-Gold 2. It is vulnerable to Minus 0x400 and IPSF ==4.6== This is the ne...)
- 22:55, 27 July 2008 (diff | hist) . . (+566) . . N Baseband Bootrom (New page: This is the first code that runs on the baseband. ==S-Gold 2== The bootrom here is located at 0x400000. It was initially dumped using exploits in java on other S-Gold 2 phones. It al...)
- 22:49, 27 July 2008 (diff | hist) . . (0) . . Constitution
- 22:45, 27 July 2008 (diff | hist) . . (+10) . . Interactive Mode
- 22:44, 27 July 2008 (diff | hist) . . (+46) . . Restore Mode
- 22:44, 27 July 2008 (diff | hist) . . (+114) . . N Restore Mode (New page: This is the mode the Apple ramdisk enters to restore the iPhone. ==Implementations== *itunesmobiledevice.dll)
- 22:42, 27 July 2008 (diff | hist) . . (+6,614) . . N Itunesmobiledevice.dll (New page: The dll iTunes uses for all things iPhone related. On mac it's called MobileDevice.framework ==Location== c:\Program Files\Common Files\Apple\Mobile Device Support\bin\ ==Exports== AF...)
- 22:36, 27 July 2008 (diff | hist) . . (+4) . . Normal Mode
- 22:36, 27 July 2008 (diff | hist) . . (0) . . Normal Mode
- 22:36, 27 July 2008 (diff | hist) . . (+338) . . N Normal Mode (New page: This is the protocol iTunes uses to talk to the booted iPhone. It uses usbmux to provide TCP like connectivity over a USB port using SSL. There is a pairing process iTunes uses to establis...)
- 22:34, 27 July 2008 (diff | hist) . . (0) . . Main Page
- 22:33, 27 July 2008 (diff | hist) . . (+84) . . Recovery Mode 0x1281
- 22:31, 27 July 2008 (diff | hist) . . (0) . . DFU 0x1227
- 22:31, 27 July 2008 (diff | hist) . . (+113) . . N DFU 0x1227 (New page: This the protocol used by the WTF version 2. Protocol Same as sending a file to Recovery Mode 0x1821)
- 22:30, 27 July 2008 (diff | hist) . . (+62) . . DFU 0x1222
- 22:29, 27 July 2008 (diff | hist) . . (+197) . . N DFU 0x1222 (New page: This is the protocol used to talk to the DFU and the WTF version 1. ==Protocol== Data 12 byte footer CRC32 of data+footer ==Implementations== *[http://lpahome.com/geohot/iran....)
- 22:28, 27 July 2008 (diff | hist) . . (+480) . . N Interactive Mode (New page: This is the protocol used to talk to the baseband in bootloader interactive mode. ==Commands== BBSETBAUDRATE = 0x82, BBCFISTAGE1 = 0x84, BBCFISTAGE2 = 0x85, BB102 = 0x102, BBBEG...)
- 22:26, 27 July 2008 (diff | hist) . . (+15) . . Baseband Bootrom Protocol
- 22:26, 27 July 2008 (diff | hist) . . (+341) . . N Baseband Bootrom Protocol (New page: This is the protocol used to talk to the old, and probably the new baseband, at the bootrom level. The old bootrom didn't have an sig checking, the new one does. ==Protocol== AT 0x30 2...)
- 22:20, 27 July 2008 (diff | hist) . . (+2) . . Main Page
- 22:19, 27 July 2008 (diff | hist) . . (+17) . . Main Page
- 22:19, 27 July 2008 (diff | hist) . . (+23) . . Baseband JTAG
- 22:18, 27 July 2008 (diff | hist) . . (0) . . N File:Realjtag.JPG (current)
- 22:18, 27 July 2008 (diff | hist) . . (+15) . . Baseband JTAG
- 22:17, 27 July 2008 (diff | hist) . . (+173) . . Baseband JTAG
- 22:15, 27 July 2008 (diff | hist) . . (-1) . . Baseband JTAG
- 22:15, 27 July 2008 (diff | hist) . . (0) . . Baseband JTAG
- 22:15, 27 July 2008 (diff | hist) . . (+114) . . N Baseband JTAG (New page: The old baseband has a JTAG port, and it's highly likely the new one does too. ==Credit== Users:geohot)
- 22:14, 27 July 2008 (diff | hist) . . (-1) . . NCK Brute Force
- 22:14, 27 July 2008 (diff | hist) . . (0) . . NCK Brute Force
- 22:14, 27 July 2008 (diff | hist) . . (+634) . . N NCK Brute Force (New page: This is a theoretical exploit which involves brute forcing the NCK from the seczone the CHIPID and the NORID ==Credit== gray, geohot ==Feasibility== Given that NCKs are 15 digits...)
- 22:06, 27 July 2008 (diff | hist) . . (+144) . . N Recovery Mode (New page: This is the mode accessed by holding the two buttons. It is running iBoot ==Protocols== *Recovery Mode 0x1280 *Recovery Mode 0x1281)
- 22:06, 27 July 2008 (diff | hist) . . (0) . . Recovery Mode (Protocols)
- 22:05, 27 July 2008 (diff | hist) . . (+1) . . User:Geohot
- 22:05, 27 July 2008 (diff | hist) . . (+8) . . User:Geohot
- 22:04, 27 July 2008 (diff | hist) . . (+70) . . N User:Geohot (New page: The founder of this wiki. This kid is a media whore and a disgrace :))
- 22:04, 27 July 2008 (diff | hist) . . (+7) . . Minus 0x20000 with Back Extend Erase
- 22:04, 27 July 2008 (diff | hist) . . (-1) . . Minus 0x20000 with Back Extend Erase
- 22:04, 27 July 2008 (diff | hist) . . (+10) . . Minus 0x20000 with Back Extend Erase
- 22:03, 27 July 2008 (diff | hist) . . (-2) . . IPhone Dev Team
- 22:03, 27 July 2008 (diff | hist) . . (+46) . . N IPhone Dev Team (New page: This is the http://iphone-dev.org Dev Team)
- 22:03, 27 July 2008 (diff | hist) . . (+4) . . Pwnage
- 22:03, 27 July 2008 (diff | hist) . . (+4) . . Diags (iBoot command)
- 22:02, 27 July 2008 (diff | hist) . . (+133) . . Pwnage 2.0
- 22:01, 27 July 2008 (diff | hist) . . (+352) . . N Diags (iBoot command) (New page: This was an exploit in pre 2.0 versions of iBoot ==Credit== The dev team ==Exploit== The diags function can be passed a parameter. It jumps to that parameter, but not before trashing the...)
- 21:59, 27 July 2008 (diff | hist) . . (+230) . . N IBoot (Bootloader) (New page: This is Apple's bootloader for the S5L8900. It runs what is known as Recovery Mode. It has an interactive interface which can be used over USB or serial. In versions pre 2.0, ther...)
- 21:59, 27 July 2008 (diff | hist) . . (+77) . . Recovery Mode 0x1281
- 21:59, 27 July 2008 (diff | hist) . . (+290) . . N Recovery Mode 0x1281 (New page: This is the new Recovery Mode protocol used in 2.0 iBoots. ==Commands== usb_control_msg(idev, 0xA1, 3, 0, 0, buf, 6, 1000); //get status usb_control_msg(idev, 0x40, 0, 0, 0, buf, s...)
- 21:55, 27 July 2008 (diff | hist) . . (+478) . . N WTF (New page: This is run on the DFU and loads a secondary DFU like interface. It is wondered what this stands for. ==Version 1== This doesn't appear to do anything. It calls the same functions in ...)
- 21:52, 27 July 2008 (diff | hist) . . (+122) . . N DFU Mode (New page: This allows the S5L8900 to be restored from any state. It resides in the VROM The pwnage 2.0 exploit is here.)
- 21:51, 27 July 2008 (diff | hist) . . (-44) . . VROM (S5L8900)
- 21:51, 27 July 2008 (diff | hist) . . (-1) . . VROM (S5L8900)
- 21:51, 27 July 2008 (diff | hist) . . (+16) . . VROM (S5L8900)
- 21:50, 27 July 2008 (diff | hist) . . (0) . . Pwnage 2.0
- 21:50, 27 July 2008 (diff | hist) . . (0) . . Pwnage
- 21:50, 27 July 2008 (diff | hist) . . (+254) . . N Pwnage 2.0 (New page: This exploit is in the VROM ==Credit== The dev team ==Exploit== There is a bug in the certificate parsing. By passing a malformed certificate, unsigned code can be run. ==Implementa...)
- 21:48, 27 July 2008 (diff | hist) . . (+2) . . VROM (S5L8900)
- 21:48, 27 July 2008 (diff | hist) . . (+252) . . N VROM (S5L8900) (New page: This is earliest significant code that runs on the S5L8900. It is mapped to 0x20000000, and is believed to be copied from ROM and put there. It runs the DFU and can be spoken to with the [...)
- 21:46, 27 July 2008 (diff | hist) . . (+1) . . PMB8876
- 21:45, 27 July 2008 (diff | hist) . . (+58) . . PMB8876
- 21:43, 27 July 2008 (diff | hist) . . (+27) . . N PMB8876 (New page: Image:Sgold2pinouts.jpg)
- 21:43, 27 July 2008 (diff | hist) . . (0) . . N File:Sgold2pinouts.jpg (current)
- 21:38, 27 July 2008 (diff | hist) . . (-2) . . M68AP
- 21:38, 27 July 2008 (diff | hist) . . (+1) . . M68AP
- 21:38, 27 July 2008 (diff | hist) . . (+47) . . N M68AP (New page: Image:Ibreakone.jpg Image:Ibreaktwo.jpg)
- 21:37, 27 July 2008 (diff | hist) . . (0) . . N File:Ibreaktwo.jpg (current)
- 21:37, 27 July 2008 (diff | hist) . . (0) . . N File:Ibreakone.jpg
- 21:21, 27 July 2008 (diff | hist) . . (+2) . . N82AP
- 21:21, 27 July 2008 (diff | hist) . . (+22) . . Nm N82AP (New page: [Image:Hardware3g.JPG])
(newest | oldest) View (newer 100 | older 100) (20 | 50 | 100 | 250 | 500)