Search results

Page title matches

• Research: Re-allowing unsigned ramdisks and boot-args with the 2.* iBoot
  ...r that is passed on when booting a kernel for boot args, the difference in 2.x is that the boot-args NVRAM var is totally ignored. Not only would a 'pat
  512 bytes (95 words) - 20:56, 25 September 2013

Page text matches

• Main Page
  ! rowspan="2" | Latest<br/>[[Beta Firmware|Beta Firmwares]] | colspan="9" | Ventura<br/>'''13.2''' (22D49)
  10 KB (1,218 words) - 18:16, 24 January 2023
• Timeline
  * 20 October – macOS 13.0 [[Release Candidate|RC]] 2 released. * 10 October – iOS 16.0.3, and watchOS 9.0.2 released.
  86 KB (10,312 words) - 17:11, 20 October 2022
• DFU Mode
  # Do steps 1 and 2 from above. ===[[S5L8720 Bootrom|S5L8720]], [[S5L8920]], and [[WTF|WTF mode post-2.0]] (0x1227)===
  10 KB (1,674 words) - 16:14, 29 November 2022
• IBoot (Bootloader)
  ...to as “iBoot second-stage loader” in the source code, is Apple's stage 2 bootloader for all of the [[iDevice|devices]]. It runs what is known as [[R | 11.0.2
  123 KB (8,553 words) - 00:24, 13 November 2022
• Kernel
  ...args to be passed anymore. It is mapped to memory at 0x80000000, forcing a 2/2GB address separation, similar to Windows 32-bit model. On older iOS versi ...r" together; OS X El Capitan's XNU was 3247.1.106~1 and iOS 9.0 was 3248.1.2~3. This is not surprising, considering that iOS introduced novel features (
  177 KB (18,986 words) - 05:15, 14 November 2022
• MonarchVailPrime 13A4280e (iPhone5,4)
  | Version = 9.0 beta 2
  4 KB (566 words) - 19:00, 10 November 2019
• BoulderVail 13B5119e (iPhone5,4)
  | Version = 9.1 beta 2
  4 KB (489 words) - 19:00, 10 November 2019
• JasperVail 8C5101c (iPod3,1)
  | Version = 4.2 beta 2
  4 KB (540 words) - 16:30, 10 November 2019
• DurangoVail 8F5153d (iPod3,1)
  | Version = 4.3 beta 2
  4 KB (548 words) - 16:30, 10 November 2019
• HoodooVail 9B5127c (iPod3,1)
  | Version = 5.1 beta 2
  3 KB (523 words) - 16:30, 10 November 2019
• Okemo 12A365 (iPhone7,2)
  | Device = iPhone7,2
  4 KB (577 words) - 13:54, 25 February 2020
• Telluride 9A404 (iPhone4,1)
  | Version = 5.0.1 beta 2
  4 KB (571 words) - 19:07, 10 November 2019
• Dubois 14D27 (iPhone7,2)
  | Version = 10.2.1 beta 4 and 10.2.1 | Device = iPhone7,2
  3 KB (309 words) - 19:05, 8 November 2020
• Durango 8K2 (iPad2,2)
  | Device = iPad2,2
  3 KB (526 words) - 19:31, 10 November 2019
• Bootrom
  You might also be looking for [[iBoot (Bootloader)|Apple's stage 2 bootloader]], which also uses the "iBoot" name. ...serial number identifies the year of manufacture (9=2009, 0=2010, 1=2011, 2=2012), while the fourth and the fifth indicate the week. There is a gray ar
  10 KB (1,261 words) - 00:50, 13 September 2022
• AES Keys
  See [[Obtaining IMG3 Keys#Method 2|Obtaining IMG3 Keys]] for an [[iBoot (Bootloader)|iBoot]] patch. ...2 files]]. With the introduction of [[IMG3 File Format|IMG3]] in iPhone OS 2.0, [[KBAG]]s are now used instead of the 0x837 key. Because iPhone OS versi
  4 KB (717 words) - 05:11, 28 November 2020
• NAND
  ...ivate/etc/fstab|partitions]], a root partition ranging from 256(?) MiB to ~2 GiB, and a user partition occupying the rest, by using the Lightweight Volu ...jave 8M89 (AppleTV2,1)|4.0]] (4.1) to [[Jasper 8C150 (AppleTV2,1)|4.1]] (4.2). Not all jailbreak payloads modify [[/private/etc/fstab]], some of them re
  4 KB (696 words) - 22:10, 18 December 2019
• PeaceC 16C104 (iPhone7,2)
  | Version = 12.1.2 | Device = iPhone7,2
  3 KB (297 words) - 19:09, 8 November 2020
• PeaceD 16D39 (iPhone7,2)
  | Device = iPhone7,2
  3 KB (299 words) - 19:09, 8 November 2020
• PeaceB 16B92 (iPhone7,2)
  | Device = iPhone7,2
  3 KB (303 words) - 19:09, 8 November 2020
• PeaceC 16C50 (iPhone7,2)
  | Device = iPhone7,2
  3 KB (296 words) - 19:09, 8 November 2020
• Telluride 9A404 (iPhone3,3)
  | Version = 5.0.1 beta 2
  4 KB (576 words) - 19:09, 10 November 2019
• Telluride 9A404 (iPhone3,1)
  | Version = 5.0.1 beta 2
  4 KB (561 words) - 19:09, 10 November 2019
• Telluride 9A404 (iPad1,1)
  | Version = 5.0.1 beta 2
  4 KB (554 words) - 19:13, 10 November 2019
• Telluride 9A404 (iPod4,1)
  | Version = 5.0.1 beta 2
  4 KB (554 words) - 17:28, 10 November 2019
• LLB
  ...n the source code. It runs several setup routines and on firmware versions 2.0 and higher it checks the signature of [[iBoot (Bootloader)|iBoot]] before ROM:8400088C MOVS R1, #2
  4 KB (427 words) - 01:35, 8 February 2018
• Untethered jailbreak
  *[[Star|JailbreakMe 2.0 (star)]]/[[Saffron|JailbreakMe 3.0 (saffron)]] Older devices, such as the iPhone 3GS, iPod touch 2 (old bootrom) and earlier, have had vulnerabilities discovered in the [[Boo
  3 KB (381 words) - 20:07, 24 October 2021
• Jailbreak
  ...m access from root. This was later updated to create a new service ([[AFC]]2) that allows access to the full filesystem. ...sing [[Cydia Impactor]]) running on their device. In the case of the iOS 9.2-9.3.3 jailbreak, a Safari-based exploit was available, thereby meaning a we
  4 KB (713 words) - 10:55, 13 February 2023
• InnsbruckTaos 11B553 (AppleTV3,2)
  | Version = 6.0.2 (7.0.4) | Device = AppleTV3,2
  2 KB (262 words) - 18:14, 1 February 2021
• HoodooVail 9B5127c (iPhone4,1)
  | Version = 5.1 beta 2
  3 KB (508 words) - 19:07, 10 November 2019
• InnsbruckVailPrime 11A4449d (iPhone3,2)
  | Device = iPhone3,2
  4 KB (565 words) - 19:09, 10 November 2019
• Obtaining IMG3 Keys
  = Method 2 = mw 0x900000C 0xE3A02001 //1=gid-key 2=uid-key
  7 KB (1,062 words) - 10:01, 12 October 2015
• S5L File Formats
  ...2 files can only be parsed by an [[iBoot]] in firmwares prior to iPhone OS 2.0 beta 3, or the [[S5L8900]] [[VROM]]. The [[S5L8720]] and newer [[bootrom] ...]] file. It can only be parsed by an iBoot in a firmware version less than 2.0 beta 3, or the [[S5L8900]] [[VROM]]. The [[S5L8720]] and newer have no su
  4 KB (641 words) - 17:01, 12 July 2017
• IRecovery
  * [[DFU 0x1227|0x1227]] ([[DFU Mode]]/[[WTF]] Mode 2.0) ===DFU 2.0 (0x1227)===
  4 KB (569 words) - 14:05, 17 September 2021
• History: Decrypt 1.1.1 (Talk Page)
  ...e signature of the 8900 files? Would it be possible to replace it on a 1.0.2 fw, and then sign our own modified iBEC to dump the decrypted kernelcache, MOV R2, #2 ; Mode.
  37 KB (6,324 words) - 21:12, 20 March 2015
• IBoot Flags
  '''bit 2''': No ...off_FF0BD70 DCD iBoot_flags ; DATA XREF: Set_Up_Allowed_Range+2�r
  16 KB (2,016 words) - 08:46, 14 March 2017
• Jailbreak (S5L8720x)
  ...he DFU is the [[DFU 0x1227]], and therefore not vulnerable to the [[Pwnage 2.0]] attack. ===DFU 2.0===
  14 KB (2,533 words) - 18:42, 28 May 2017
• Redsn0w
  ...3 was released for Windows and Mac OS X, and it allows iOS 3.0 through 3.1.2 to be jailbroken. It includes support for all devices except the [[N18AP|iP ...pports jailbreaking of all iDevices (at the time) with iOS 3.0 through 3.1.2 on Windows and Mac OS X, as well as 3.1.3 on [[S5L8900]] devices. Version 0
  23 KB (3,037 words) - 10:20, 15 May 2021
• Decrypting Firmwares
  ...ted. So, in order to use them, all you need to do is remove the 2048 byte (2&nbsp;KiB) [[8900 File Format|8900 header]] from the file. You can do this w === 1.1.x - 2.0b3 ===
  8 KB (1,342 words) - 08:42, 7 February 2022
• EDA
  ...s a meta-project, finish this and all your reversing tasks will be sped up 2-20x
  3 KB (594 words) - 13:07, 17 September 2021
• Jailbreak (S5L8920+)
  ...gned code execution over USB. Even newer devices, starting with the [[iPad 2]], have no bootrom exploits to run unsigned code ''at all''.
  3 KB (399 words) - 09:52, 26 March 2017
• N88AP
  ...e [[Bootrom 359.3]] Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and are not vulnerable to the [[0x24000 Segment Overflow]]. ...ntethered exploit available for both of the bootroms, both [[Bootrom 359.3.2|new]] and [[Bootrom 359.3|old]].
  3 KB (423 words) - 15:08, 2 March 2022
• Kirkwood 7A341 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (429 words) - 19:11, 10 November 2019
• JasperVail 8C5101c (iPod2,1)
  | Version = 4.2 beta 2
  3 KB (436 words) - 16:30, 10 November 2019
• S5L8920
  [[S5L8920]] using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are Units produced after 2009 week 40 have [[Bootrom 359.3.2]] and not vulnerable to the [[0x24000 Segment Overflow]].
  1,003 bytes (136 words) - 07:36, 12 April 2017
• Greenpois0n (jailbreak)
  ...n {{date|2011|02|03}}, which performs an [[untethered jailbreak]] on iOS 4.2.1 for most devices that support it. Instead of using the [[Packet Filter Ke ...Atter]] and patched it in the [[S5L8940|A5]] chip released with the [[iPad 2]].
  4 KB (585 words) - 23:37, 16 September 2021
• S5L8920 (Hardware)
  | colspan="2" | <b>Base</b>: 0xBF500000 * '''Bit 2 (1bit)''': Security Domain
  970 bytes (116 words) - 16:03, 19 September 2016
• NorthVail 7C97d (iPhone1,2)
  | Device = iPhone1,2
  3 KB (421 words) - 19:11, 10 November 2019
• NorthVail 7C106c (iPhone1,1)
  | Version = 3.1 beta 2
  3 KB (405 words) - 18:40, 10 November 2019
• IPSW File Format
  * BuildManifest.plist (first appeared in [[iOS|iPhone OS]] 3.0 beta 2) | Savage/Savage.B[0/2]-[Dev/Prod].[vt.]fw
  5 KB (677 words) - 00:44, 21 March 2022
• IPhone Hacking Presentation - History 1.0-1.1.4
  2. Using a hardware test point, pull an address line high, so it thinks it's and 1.1.2 comes along, patching the tiff vuln, things start to get more complex:
  6 KB (948 words) - 13:38, 17 September 2021
• NorthVail 7C106c (iPhone1,2)
  | Version = 3.1 beta 2 | Device = iPhone1,2
  3 KB (404 words) - 19:11, 10 November 2019
• Genoa 13G36 (iPad3,2)
  | Device = iPad3,2
  4 KB (580 words) - 19:21, 10 November 2019
• Genoa 13G36 (iPhone5,2)
  | Device = iPhone5,2
  4 KB (557 words) - 19:04, 10 November 2019
• YukonC 17C54 (iPhone8,2)
  | Device = iPhone8,2
  4 KB (506 words) - 13:46, 29 February 2020
• YukonD 17D50 (iPhone8,2)
  | Device = iPhone8,2
  4 KB (515 words) - 13:45, 29 February 2020
• YukonB 17B102 (iPhone8,2)
  | Version = 13.2.2 | Device = iPhone8,2
  4 KB (500 words) - 13:46, 29 February 2020
• BrightonMaps 10B318 (iPhone4,1)
  | Version = 6.1.3 beta 2
  4 KB (588 words) - 19:07, 10 November 2019
• CERT
  8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02
  14 KB (1,526 words) - 13:47, 17 August 2016
• Northstar 7C144 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (422 words) - 19:11, 10 November 2019
• IBoot (Enums)
  FFFFFFFF DFU_STATE_WAITING_FOR_REQ EQU 2 FFFFFFFF UID EQU 2
  1 KB (193 words) - 09:22, 29 August 2013
• Usb control msg(0x21, 2) Exploit
  {{DISPLAYTITLE:usb_control_msg(0x21, 2) Exploit}} ...33]], which was included with 3.1.3. [[N88AP|iPhone 3GS]] ([[Bootrom 359.3.2|new bootrom]]) and [[N18AP|iPod touch (3rd generation)]] owners who saved t
  5 KB (677 words) - 16:17, 22 May 2022
• IBoot-636.65
  Vulnerable to the [[usb_control_msg(0x21, 2) Exploit]].
  89 bytes (11 words) - 08:44, 14 March 2017
• IBoot IRQs
  IRQ 2: 22001EE1 4 0 IRQ B: 22002ED9 2 0
  4 KB (417 words) - 09:54, 26 March 2017
• Northstar 7D11 (iPhone1,2)
  | Version = 3.1.2 | Device = iPhone1,2
  3 KB (426 words) - 19:11, 10 November 2019
• Sn0wbreeze
  | caption = sn0wbreeze 2.9 | latest release version = 2.9.14
  16 KB (2,052 words) - 18:41, 7 November 2022
• SUNorthstarTwo 7E18 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (430 words) - 19:11, 10 November 2019
• IBoot-636.66.33
  * [[usb_control_msg(0x21, 2) Exploit]] fixed
  1 KB (112 words) - 08:45, 14 March 2017
• IBoot-636.66
  Vulnerable to the [[usb_control_msg(0x21, 2) Exploit]].
  89 bytes (11 words) - 08:45, 14 March 2017
• Kernelcache loader (iBoot command)
  N88AP_iBoot:4FF15F98 0C4 CMP R3, #2 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF16584 0C4 MOV.W R10, #2 ; Rd = Op2
  156 KB (22,990 words) - 20:52, 4 March 2012
• Kirkwood 7A400 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (429 words) - 19:11, 10 November 2019
• KirkVail 7A259g (iPod2,1)
  | Version = 3.0 beta 2
  3 KB (412 words) - 16:30, 10 November 2019
• BakerVail 8B5080c (iPhone1,2)
  | Device = iPhone1,2
  3 KB (406 words) - 19:11, 10 November 2019
• InnsbruckTaos 11B554a (iPhone5,2)
  | Device = iPhone5,2
  4 KB (547 words) - 19:04, 10 November 2019
• ApexVail 8A248c (iPhone1,2)
  | Version = 4.0 beta 2 | Device = iPhone1,2
  3 KB (357 words) - 19:11, 10 November 2019
• Apex 8A293 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (406 words) - 15:39, 25 February 2022
• Bootrom 574.4
  ...eneration)]]. This bootrom was compiled in between 3.0 beta 1 and 3.0 beta 2.
  2 KB (229 words) - 10:13, 26 March 2017
• 25C3 presentation "Hacking the iPhone"
  ...d unlock]], because the iPhone has two [[ARM]] processors and the [[S-Gold 2|baseband modem]] has one of them and the [[S5L8900|application processor]] ...a Application|Cydia]] and [[Installer.app|Installer]]. We use the [[Pwnage 2.0|DFU exploit]] to load a version of [[iBoot]] that doesn’t perform signa
  49 KB (8,611 words) - 13:26, 17 September 2021
• Apex 8A306 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (392 words) - 19:11, 10 November 2019
• SochiVail 11D5134c (iPhone3,2)
  | Device = iPhone3,2
  4 KB (561 words) - 19:09, 10 November 2019
• Apex 8A400 (iPhone1,2)
  | Version = 4.0.2 | Device = iPhone1,2
  3 KB (400 words) - 19:11, 10 November 2019
• SHSH Protocol
  ...imilar. The destination host is [http://gs.apple.com/TSS/controller?action=2 gs.apple.com] and runs on the common [[wikipedia:TCP and UDP port|port]] 8 ...tf-8\"" -d @/location/to/TSSRequest.xml gs.apple.com/TSS/controller?action=2
  13 KB (1,906 words) - 00:21, 3 January 2023
• ApexVail 8A230m (iPhone1,2)
  | Device = iPhone1,2
  3 KB (385 words) - 19:11, 10 November 2019
• Baker 8B117 (iPhone1,2)
  | Device = iPhone1,2
  3 KB (387 words) - 19:11, 10 November 2019
• Limera1n
  * '''Supported iOS: 3.2.2-4.1 | Beta 2
  8 KB (1,143 words) - 15:59, 21 May 2022
• BrightonVail 10B5105c (iPod4,1)
  | Version = 6.1 beta 2
  4 KB (581 words) - 17:28, 10 November 2019
• IBoot
  ...pan=2 | Product !! colspan=7 | Modules !! rowspan=2 | Text bank !! rowspan=2 | Options
  2 KB (230 words) - 18:33, 30 March 2021
• MonarchVailPrime 13A4280e (iPhone4,1)
  | Version = 9.0 beta 2
  4 KB (549 words) - 19:08, 10 November 2019
• BoulderVail 13B5119e (iPhone4,1)
  | Version = 9.1 beta 2
  4 KB (540 words) - 19:08, 10 November 2019
• EagleSeed 13E5191d (iPhone4,1)
  | Version = 9.3 beta 2
  4 KB (557 words) - 19:08, 10 November 2019
• Telluride 9A404 (iPad2,1)
  | Version = 5.0.1 beta 2
  4 KB (578 words) - 19:30, 10 November 2019
• TellurideVail 9A5248d (iPad2,1)
  | Version = 5.0 beta 2
  3 KB (513 words) - 19:30, 10 November 2019
• HoodooVail 9B5127c (iPad2,1)
  | Version = 5.1 beta 2
  3 KB (509 words) - 19:30, 10 November 2019
• EagleSeed 13E5191d (iPad2,1)
  | Version = 9.3 beta 2
  4 KB (546 words) - 19:30, 10 November 2019
• EagleSeed 13E5181d (iPad2,2)
  | Device = iPad2,2
  4 KB (544 words) - 19:30, 10 November 2019
• EagleSeed 13E5181f (iPad2,2)
  | Device = iPad2,2
  4 KB (548 words) - 19:30, 10 November 2019
• EagleSeed 13E5191d (iPad2,2)
  | Version = 9.3 beta 2 | Device = iPad2,2
  4 KB (572 words) - 19:30, 10 November 2019
• EagleSeed 13E5200d (iPad2,2)
  | Device = iPad2,2
  4 KB (560 words) - 19:30, 10 November 2019
• EagleSeed 13E5214d (iPad2,2)
  | Device = iPad2,2
  4 KB (540 words) - 19:30, 10 November 2019
• EagleSeed 13E5225a (iPad2,2)
  | Device = iPad2,2
  4 KB (540 words) - 19:30, 10 November 2019

View (previous 100 | next 100) (20 | 50 | 100 | 250 | 500)