The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Search results

Jump to: navigation, search

Page title matches

  • S-Gold 2
    21 bytes (2 words) - 20:47, 28 September 2016

Page text matches

  • Main Page
    ...lomerate work of everything done by everyone on Apple's amazing [[iDevice]]s. ''Anyone'' can contribute here, just [[The iPhone Wiki:Account creation|as ...to collecting, storing and providing information on the internals of Apple's amazing [[iDevice|iDevices]]. We hope to pass this information on to the ne
    10 KB (1,218 words) - 18:16, 24 January 2023
  • Constitution
    Have you been on the [http://wikee.iphwn.org/ dev team's wiki]?<br/> Have you been to the [http://blog.iphone-dev.org/ dev team's blog]?<br/>
    1 KB (253 words) - 13:21, 21 March 2022
  • Up to Speed
    * [[Unlock]] - to allow the use of any mobile phone carrier's SIM. ...you don't have any background yet in programming or security research - it's like learning about how puzzles work. To learn more about security research
    9 KB (1,286 words) - 14:08, 17 September 2021
  • Timeline
    ...r|GM]], and watchOS 6.2.8 [[Golden Master|GM]] released. First public beta's of iOS 14 and tvOS 14 released. * 9 November – iOS 10.1.1 (14B150) released via IPSW's only.
    86 KB (10,312 words) - 17:11, 20 October 2022
  • Recovery Mode (Protocols)
    usb_control_msg(idev, 0x21, 1, x, 0, fbuf, s, 1000); //send file
    1 KB (172 words) - 20:24, 16 September 2022
  • Pwnage
    ...]] and [[iBoot (Bootloader)|iBoot]] modules which are stored in the device's [[NOR]] flash and are typically encrypted (as of 1.1.x). However, they are ...encryption keys. Also, we add another memory device, pointed at the kernel's address space, to allow live kernel patching. After booting up, we patch ou
    6 KB (884 words) - 18:18, 3 April 2022
  • PwnageTool
    ...et. al. has announced that they made a project that will bring PwnageTool's functionality to Windows, called [[sn0wbreeze]]. [http://ih8sn0w.com/]
    7 KB (910 words) - 14:07, 17 September 2021
  • Gevey SIM
    Gevey Ultra S was announced to be able to unlock iPhone 4S running iOS 5.0 and 5.0.1. Spe *[https://twitter.com/MuscleNerd/status/51943620844060672 MuscleNerd says it's illegal in most countries]
    1 KB (205 words) - 09:52, 14 October 2015
  • X-Gold 608 Unlock
    ...y dumped the [[Baseband Bootrom|bootrom]], but they won't release it as it's copyrighted code. .../iphonejtag.blogspot.com/2008/07/infineon-we-have-problem.html blog post]</s> Currently hidden, only viewable by invite only.
    3 KB (458 words) - 18:43, 16 September 2021
  • NOR
    ...es a NOR flash. (See [https://en.wikipedia.org/wiki/Flash_memory Wikipedia's article about flash memory] for background on NOR flash in general.)
    2 KB (267 words) - 09:46, 26 March 2017
  • BBUpdaterExtreme
    *BBUpdaterExtreme automatic -S -F [or -L for BL] | for automatic update (while firmware restores) BBUpdaterExtreme automatic -S -L /mnt1/bin -x
    5 KB (716 words) - 15:33, 26 March 2017
  • M68AP
    The iPhone uses the [[S-Gold 2]] baseband chip. *[http://www.anandtech.com/mac/showdoc.aspx?i=3026&p=1 Apple's iPhone Dissected: We did it, so you don't have to]
    2 KB (265 words) - 22:46, 14 September 2021
  • PMB8876
    This is the [[S-Gold 2]] security section on files it is uploading. It is at 0x1A4-0x9A4 in
    3 KB (247 words) - 19:22, 18 October 2019
  • DFU Mode
    ...rresponding to Power and Home/Vol-, respectively, or by pulling your board's <code>GPIO_FORCE_DFU</code> pin high at SecureROM startup (unless you are u ...obileDevice Library]] does not enter the true DFU Mode in the hardware. It's possible to enter the true DFU Mode without doing it manually, but it canno
    10 KB (1,674 words) - 16:14, 29 November 2022
  • WTF
    ...Mode]] and loads a secondary DFU-like interface. WTF Mode stands for "What's The Firmware" according to [[PurpleRestore]] and a quick look at some [[App
    627 bytes (102 words) - 01:47, 6 July 2023
  • IBoot (Bootloader)
    ...eferred to as “iBoot second-stage loader” in the source code, is Apple's stage 2 bootloader for all of the [[iDevice|devices]]. It runs what is know
    123 KB (8,553 words) - 00:24, 13 November 2022
  • Recovery Mode
    Information about [[Recovery Mode (Protocols)|Recovery Mode's protocols]] is available. # You can either revive (update) or restore the Mac's firmware.
    6 KB (950 words) - 20:24, 16 September 2022
  • DFU 0x1227
    int s; s = fread(fbuf, 1, 0x800, f);
    1 KB (148 words) - 22:52, 30 December 2012
  • Baseband Bootrom
    ==S-Gold 2== ...ted at 0x400000. It was initially dumped using exploits in java on other [[S-Gold 2]] phones. It allows unsigned code to be uploaded using [[Baseband Bo
    485 bytes (78 words) - 17:27, 21 January 2013
  • Baseband Bootloader
    == [[S-Gold 2]] Revisions == Found in the iOS 1.0 and 1.1.1 [[Ramdisk]]s for the [[M68AP|iPhone]].
    4 KB (570 words) - 07:59, 8 October 2015
  • List of iPhones
    *Initial firmware(s): 15.0 ([[Sky 19A340 (iPhone14,4)|19A340]], [[Sky 19A341 (iPhone14,4)|19A34 *Initial firmware(s): 15.0 ([[Sky 19A340 (iPhone14,5)|19A340]], [[Sky 19A341 (iPhone14,5)|19A34
    39 KB (4,850 words) - 18:30, 11 November 2022
  • Kernel
    Like its macOS counterpart, iOS's XNU accepts command line arguments (though the actual passing of arguments -s
    177 KB (18,986 words) - 05:15, 14 November 2022
  • ZiPhone
    [[User:Zibri|Zibri]]'s tool to [[unlock]], [[jailbreak]], and [[Activation|activate]]. It was foun It makes use of the [[Ramdisk Hack]] and uses [[User:Geohot|geohot]]'s [[Minus 0x20000 with Back Extend Erase|BL4.6 exploit]] to downgrade the [[B
    671 bytes (91 words) - 22:13, 19 September 2016
  • Bootrom
    You might also be looking for [[iBoot (Bootloader)|Apple's stage 2 bootloader]], which also uses the "iBoot" name. ...20-%20Joshua%20'p0sixninja'%20Hill%20-%20SHAttered%20Dreams.pdf p0sixninja's presentation SHAttered Dreams - Adventures in BootROM Land]
    10 KB (1,261 words) - 00:50, 13 September 2022
  • S5L8900
    ...ic/com.arm.doc.ddi0301h/DDI0301H_arm1176jzfs_r0p7_trm.pdf <code>arm1176jzf-s</code>]. This processor was succeded by the [[S5L8720]] used in the [[N72AP ...uch as [[wikipedia:ReactOS|ReactOS]] and the [[wikipedia:GNU Project|GNU]]'s own kernel, the [http://www.gnu.org/software/hurd/hurd.html Hurd].
    3 KB (511 words) - 18:22, 22 March 2017
  • Application Processor
    ...Processors|incarnations]] of processors for [[wikipedia:Apple Inc.|Apple]]'s [[iDevice|mobile devices]]. ...ipedia:System on a chip|SoC]] tailored to the device's needs. All of Apple's SoC platforms have proprietary PowerVR graphics, public key encryption acce
    7 KB (896 words) - 11:30, 29 October 2022
  • GID Key
    ...sors, the [[Secure Enclave]] has it's own GID that is separate from the AP's which is used to encrypt the SEP Firmware before delivery to the end user. ...(page 9, chapter "Encryption and Data Protection"), along with [[UID key]]s:
    10 KB (1,556 words) - 12:50, 17 September 2021
  • AES Keys
    ...th the introduction of [[IMG3 File Format|IMG3]] in iPhone OS 2.0, [[KBAG]]s are now used instead of the 0x837 key. Because iPhone OS versions 1.x were * Start greenpois0n console: 'irecovery -s'
    4 KB (717 words) - 05:11, 28 November 2020
  • UID key
    The '''UID key''' (device's unique ID key) is an AES 256-bit hardware key, unique to each iPhone. It is
    1,010 bytes (179 words) - 20:38, 3 April 2022
  • IMG3 File Format
    ...kwards when written to the file (e.g. <code>VERS</code> is stored as <code>S&nbsp;R&nbsp;E&nbsp;V</code>). [[TYPE]]: Type of image, should contain the same string as the header's <code>ident</code>
    3 KB (457 words) - 18:35, 2 March 2023
  • PROD
    ...;</code> routine. The routine skips the '''PROD''' tag check if the device's fuse value is <code>false</code>.
    714 bytes (112 words) - 19:35, 16 July 2015
  • Baseband Firmware
    ...<code>/usr/local/standalone/firmware</code> on the corresponding firmware's [[Restore Ramdisk|restore ramdisk]] or from an [[IPSW File Format|IPSW]] un
    2 KB (256 words) - 23:32, 20 April 2020
  • NAND
    ...dia:Flash memory|non-volatile memory chip]] that is used in all [[iDevice]]s. This chip is where all the ''storage'' of the device is located. In the ca The size of the root partition has varied throughout [[iOS]]'s history, while the user partition just fills the rest of the space of the N
    4 KB (696 words) - 22:10, 18 December 2019
  • SIM hacks
    (citation taken from dev team's [http://blog.iphone-dev.org/post/44428446/updates blog]): ...ith an L-shaped pin and a quick but forceful yank. It sounds scary but it's just plastic, after all.
    5 KB (905 words) - 13:48, 17 September 2021
  • JerrySIM
    This was the [[iPhone Dev Team]]'s approach to unlocking [[Baseband Bootloader|Bootloader 4.6]].
    1 KB (222 words) - 23:42, 22 January 2013
  • Carrier Bundle
    For users on carriers other than the Apple's official partners, carrier bundles allow to configure important settings su ...-testing" preference]] is enabled, .ipcc files can be loaded from the user's hard drive by clicking either "Check for Updates" or "Restore" button while
    4 KB (667 words) - 20:07, 9 January 2023
  • Toolchain
    $ sed 's/^FLAGS_FOR_TARGET=$/FLAGS_FOR_TARGET=${FLAGS_FOR_TARGET-}/g' \ $ sudo ln -s /usr/local/arm-apple-darwin/lib/crt1.o \
    9 KB (1,329 words) - 23:49, 7 February 2014
  • UnionFS
    ...uld be mapped. The first use of this in a jailbreak was in [[JailbreakMe]]'s third incarnation, [[Saffron]].
    577 bytes (93 words) - 20:20, 4 August 2013
  • N45AP
    ...portable media player with Wi-Fi launched on {{date|2007|09|05}} at Apple's "The beat goes on." event. The iPod touch is the first iPod to introduce a
    1 KB (160 words) - 00:01, 15 September 2021
  • Activation
    ...ted, the server will generate a [[WildcardTicket]] and signs it with Apple's private key. [[iTunes]] then calls AMDeviceActivate with the [[WildcardTick * [[User:posixninja|posixninja]]'s [http://github.com/posixninja/ideviceactivate iDeviceActivate]
    3 KB (465 words) - 00:49, 16 October 2017
  • LibTiff Exploit
    ...p]]. [https://mtmdev.org/blog/mtm-devadmin/2018/ios-1-1-1-jailbreak cipher's] version was released in 2018 due to AppSnapp being offline. There was a buffer overflow in the iPhone's libtiff. This was exploited to run a small application to jailbreak and pat
    1 KB (152 words) - 13:32, 9 October 2018
  • Jailbreak
    When a device is booting, it loads Apple's own [[kernel]] initially, so a jailbroken device must be exploited and have ...-''un''tethered''']] jailbreak gives the ability to start the device on it's own. On first boot, the device will not be running a patched kernel. Howeve
    4 KB (713 words) - 10:55, 13 February 2023
  • BootNeuter
    ...der]], and flash the 3.9 or 4.6 bootloader image, regardless of the iPhone's bootloader version. Bootneuter does not support the [[X-Gold 608]] and [[X- ...le apply. You can arbitrarily go up and down regardless of what [[secpack]]s you use.
    3 KB (424 words) - 17:10, 1 January 2018
  • Tutorial:Unlock iPhone 3G with TurboSim
    ...to do trickery to your cellular network'''. But due to the way the iPhone's 2.x baseband firmware handles the login, '''actually it does'''. Short over ...the iPhone (it is not roaming for your provider, but the iPhone thinks it's roaming)
    13 KB (1,987 words) - 01:02, 17 September 2021
  • Unlock
    ...carrier. This is entirely different than a [[jailbreak]]; jailbreaking one's iPhone does not unlock it. A jailbreak is, however, required for all curren ...ight.gov/fedreg/2012/2012-26308_PI.pdf pages 16-20 of the copyright office's 2012 DMCA rulings] for details.
    6 KB (918 words) - 18:42, 16 September 2021
  • Remote.app
    ...Size: 1, Data: True ; Server Supports Persistent ID's Tag: msdc, Size: 4, Count: 1 ; # Of Database's Available
    4 KB (426 words) - 17:29, 1 February 2015
  • Brick
    ...a.com/questions/277646/stuck-after-mac-address-change-can-i-revive-it Here's a JailbreakQA thread about this] and [http://www.jailbreakqa.com/questions/ .../1m3jo6/how_much_torture_kernel_user_based_etc_would_it/cc5g8nj See winocm's explanation of several related ways to brick a device]:
    7 KB (1,220 words) - 13:38, 24 September 2021
  • ITunes Modes
    Syncing is not allowed under this mode. Judging by the name, it's probably meant for Nike stores (to pitch Nike+).
    3 KB (489 words) - 11:28, 13 November 2015
  • Toolchain 2.0
    ...NDA), the alternative is simple. Install the Apple iPhone SDK, and use it's compiler, and specify the correct architecture, like so: Use saurik's codesign tool (ldid) to sign the binary like so:
    8 KB (1,156 words) - 23:46, 7 February 2014
  • /private/var/root/Library/Caches/locationd
    This folder contains the data files for Location Services. It's location was changed in 4.3.3 from the [[/private/var/mobile|mobile]] user
    931 bytes (118 words) - 12:36, 14 September 2013
  • Tutorials
    ...ed by [[chpwn]] and [[comex]], and Cydia people pay attention to it, so it's reasonably reliable and up-to-date.
    2 KB (266 words) - 00:54, 13 May 2020
  • Software Update Service
    printf("Usage: %s src_BOM patches_dir target_BOM [root_dir]\n", printf("Couldn't open %s", argv[1]);
    13 KB (1,865 words) - 20:56, 31 July 2013
  • BurnIn
    * The first button labeled "Start BurnIn" runs selected BurnIn tests. It's worth noting that on firmwares after 8A133 BurnIn automatically runs [[Infe ...s any tests currently in progress. It cannot, however, close Inferno if it's currently running.
    4 KB (670 words) - 23:47, 21 July 2018
  • Cydia.app
    [[File:Cydia icon.png|thumb|152px|thumb|Cydia's icon pre-iOS 7.]] ...s 1.1.30, which supports all devices (except [[List of Apple TVs|Apple TV]]s and [[List of Apple Watches|Apple Watches]]) running iPhone OS 2.0 - iOS 12
    3 KB (390 words) - 13:29, 17 September 2021
  • Keynote
    | '''''"Let's Rock"''''' | '''''"It's only rock and roll, but we like it."'''''
    68 KB (9,338 words) - 01:20, 8 November 2022
  • Useful Links
    * <s>[http://www.mactalk.com.au/iphone/ MacTalk Australia Forums]</s> * [http://george.insideiphone.com George Zhu's Blog]
    2 KB (252 words) - 01:03, 12 September 2019
  • Baseband Device
    ...and Bluetooth are managed by the main CPU, although the baseband stores it's MAC addresses in its NVRAM. =====[[PMB8876]] S-Gold 2=====
    5 KB (576 words) - 23:33, 19 September 2022
  • Patchfinder
    ...ferent devices and firmwares, this task is always more and more work. That's why [[planetbeing]] has written some code to dynamically search for the off
    4 KB (718 words) - 13:06, 15 April 2013
  • Apple Developer
    '''[https://developer.apple.com Apple Developer]''' is Apple's main hub for developers looking for info on developing or publishing their
    2 KB (283 words) - 22:19, 11 August 2015
  • HFS Heap Overflow
    *[http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html pod2g's blog] ...m/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf i0n1c's Heap Feng Shui paper]
    1 KB (186 words) - 21:25, 31 January 2013
  • Racoon String Format Overflow Exploit
    *[http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html pod2g's blog]
    2 KB (296 words) - 16:45, 12 July 2022
  • Activation Token
    ...e Foundation|CFDictionary]] string representation which gets sent to Apple's server.The object can be obtained by using the [[MobileDevice Library]], AM ...en signature is not correct, Apple server will respond with message "there's problem with your device".
    5 KB (509 words) - 16:36, 18 November 2015
  • How to reverse
    ...surrounding functions. Get in the head of the designer; think about what (s)he was thinking about when writing this code. Also, enjoy it. It's really cool when things come together, and you finally figure out that one
    2 KB (343 words) - 13:28, 17 September 2021
  • Posix spawn kernel information leak
    ...etrieve leaked bytes from the kernel heap. If you carefully craft the data's size, you can leak bytes from the heap using a ''PSFA_OPEN'' file action. T ...m%20iOS%206%20Exploitation%20and%20iOS%207%20Security%20Changes.pdf i0n1c's writeup]
    1 KB (207 words) - 00:34, 24 January 2016
  • Kernel Patches
    See also [[saurik]]'s comment for a list of "the 'best practice' patches that jailbreaks install
    10 KB (1,564 words) - 09:45, 11 October 2015
  • Bypassing iPhone Code Signatures
    ...ow to make a self-signing certificate you can read this article from Apple's website: [http://developer.apple.com/documentation/Security/Conceptual/Code ldid -S Program
    3 KB (500 words) - 14:27, 9 January 2012
  • Obtaining IMG3 Keys
    ...ng the IMG3 keys using iBoot/iBEC patch based on the Dev Team's and Geohot's exploits and was tested on both Linux and Windows OS. Epic thanks to #xpwn ...ute the patched iBEC. Your iPhone will reboot into a blank screen and that's good. You need to reconnect the ibooter after the "reboot".
    7 KB (1,062 words) - 10:01, 12 October 2015
  • /System/Library/Frameworks
    ...n App Store apps. Private frameworks are intended to be used only by Apple's apps, and are more unstable against firmware changes, but many of the inter
    35 KB (4,011 words) - 06:41, 25 December 2021
  • MobileDevice Library
    ...] (OS X framework written in C that can be used interchangeably with Apple's private framework MobileDevice.framework) Unlike OS X's dynamically linkable libraries, Windows dynamic libraries do not support po
    6 KB (609 words) - 13:18, 24 January 2020
  • Xcode
    ...le as a free download on [https://developer.apple.com/download/more/ Apple's developer site] and the [https://itunes.apple.com/app/xcode/id497799835 Mac
    13 KB (1,385 words) - 20:35, 20 September 2022
  • Apple Push Service Protocol
    ...send a notification to Apple servers, which will then send it to the user's device to be displayed, even when the app is not running. **<code>01</code> device's push token
    8 KB (1,140 words) - 22:18, 15 August 2021
  • IPhone 5s
    This is the iPhone 5s introduced by Tim Cook at Apple's 'iPhone' event in late 2013. It is very similar to the [[iPhone 5]].
    2 KB (223 words) - 12:57, 16 August 2020
  • Image3maker
    -s, --imageSecurityEpoch [epoch] Set epoch
    2 KB (232 words) - 16:28, 25 August 2013
  • Image3maker (Internal Tool)
    ...er''' is an Apple internal tool used to create [[img3]] firmware files. It's implemented in mostly C with its symbols stripped. There is an open source
    6 KB (664 words) - 20:39, 9 March 2015
  • Keylimepie
    ...generated are not all accurate from 7.1+. It can still be used to get KBAG's.
    1 KB (180 words) - 12:29, 23 March 2017
  • IDA Pro Setup
    The [[X-Gold 608]] has a memory map, as seen in it's page. ...pack), and the CODE starts at the ROM start address of 0x20040000(since it's the main firmware)
    4 KB (641 words) - 09:18, 10 February 2012
  • Address Mapping
    * 0x7858 - memzero (this looks funny in IDA, kind of, but really it's just optimized as part of memset)
    3 KB (546 words) - 12:29, 23 March 2017
  • Phone.app codes
    <!-- call blocking and divert codes, plus your carrier's services --> ...e incoming call; the phone will become kind of messed up, thinking that it's on a call until you restart. Can be used to stream music to Bluetooth heads
    3 KB (421 words) - 12:51, 14 September 2013
  • System Log
    ...place of the method mentioned above. It functions similar to Ryan Petrich's [https://github.com/rpetrich/deviceconsole deviceconsole] tool, but runs di ...n be convenient): install '''syslogd to /var/log/syslog''' from [[saurik]]'s repo and reboot your device.
    8 KB (1,382 words) - 17:44, 26 August 2015
  • S5L File Formats
    ...beta 3, or the [[S5L8900]] [[VROM]]. The [[S5L8720]] and newer [[bootrom]]s have no support for it. * [http://www.jbfaq.com/article.asp?id=70 cmw's IMG3 Unpacker]
    4 KB (641 words) - 17:01, 12 July 2017
  • IRecovery
    ...talk to [[iBoot (Bootloader)|iBoot]] and [[iBSS]] and [[iBEC]] via USB. It's completely open source; the source code is released under the terms of the ./iRecovery -s
    4 KB (569 words) - 14:05, 17 September 2021
  • /private/var/backups
    This is an empty folder. It's usage is unknown.
    170 bytes (20 words) - 00:50, 4 January 2013
  • /private/var/lib
    ...wikipedia:Filesystem Hierarchy System|HFS]] 2.3 as /var/lib, but per Apple's naming scheme, they decided to place it here. To work around this issue, th * {{ipfw|apt}} (file lists of installed [[wikipedia:deb (file format)|deb]]s)
    1 KB (182 words) - 17:17, 1 February 2015
  • /private/var/cache/apt
    * {{ipfw|archives}} (where the actual <code>deb</code>s are)
    990 bytes (154 words) - 10:38, 27 August 2013
  • MobileTerminal
    ...by default). The default configuration of bash will also change the prompt's <code>$</code> to a <code>#</code>.
    2 KB (380 words) - 12:16, 27 August 2015
  • /Applications
    | {{ipfw|What's New?.app}} | {{ipfw|What's New?.app}}
    33 KB (3,712 words) - 20:10, 4 February 2021
  • GIDecrypt
    printf("Can't open file %s\n", input);
    3 KB (462 words) - 18:25, 9 March 2017
  • /private/etc
    ...ard|FHS]] as a place that "contains configuration files" (i.e. "local file[s] used to control the operation of a program"). Most of the folders here are
    1 KB (165 words) - 23:57, 22 July 2020
  • /private/var
    .../disk0s1s2</code> on modern iOS versions), which is the [[iDevice|device]]'s user/data partition. This deviates from the [[wikipedia:Filesystem Hierarch
    2 KB (313 words) - 19:21, 31 August 2020
  • IPhone Restore Procedure
    metadata-whitening was found and it's set to 1 default-ftl-version was found and it's set to 1
    31 KB (3,832 words) - 04:45, 25 June 2019
  • History: Decrypt 1.1.1 (Talk Page)
    ==FULL information about iBoot's handling of crypted 8900 images== ...ion. However, if you look at the encrypted applelogo.img2 from 1.1.1, that's not the case (the unencrypted applelogo.img2 from 1.0.2 has a whole bunch o
    37 KB (6,324 words) - 21:12, 20 March 2015
  • IBoot Flags
    ROM:0FF0BD38 ; =============== S U B R O U T I N E ======================================= ROM:0FF0BD04 ; =============== S U B R O U T I N E =======================================
    16 KB (2,016 words) - 08:46, 14 March 2017
  • SDOM
    ...be ran on. It allows Apple to make sure you are not running another device's firmware files on an incompatible device, probably to prevent using old exp
    661 bytes (96 words) - 23:39, 21 April 2020
  • Ultrasn0w
    The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent becau ROM:00000000 ; =============== S U B R O U T I N E =======================================
    27 KB (3,160 words) - 13:28, 17 September 2021
  • KBAG
    Apple's [[IMG3 File Format|IMG3]] and [[IMG4 File Format|IMG4]] security scheme use
    4 KB (546 words) - 18:55, 29 March 2022
  • S5L8720
    ...e Format|IMG3]] containers, and the [[bootrom]] can properly check [[LLB]]'s signature. That being said, unsigned images can still be run using the [[0x ...h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S]
    1 KB (167 words) - 12:33, 23 March 2017
  • Jailbreak (S5L8720x)
    So lets post whats been tried and what doesn't work. It's only a matter of time before the 3G has this DFU. Apple revved the silicon ...in the summer of 2008 that called iBoot's AES function to decrypt [[KBAG]]s. This way, we could examine iBoot for any other vulnerabilities, the kernel
    14 KB (2,533 words) - 18:42, 28 May 2017
  • ARM7 Go
    ...to the [[N72AP|iPod touch (2nd generation)]]. It is present in the device's 2.1.1 firmware, as well as the [[iBEC]]/[[iBSS]] if you choose to upload it
    2 KB (305 words) - 06:24, 11 February 2021
  • Redsn0w Lite
    ...] on iPhone OS 2.1.1. It is their payload for the [[ARM7 Go]] backdoor. It's analagous to how [[yellowsn0w]] is the actual unlocking payload injected by
    3 KB (385 words) - 04:31, 17 March 2018
  • GenPass
    ...e decrypted ramdisk messes with the structure of the image rending GenPass's keys false.
    713 bytes (106 words) - 23:02, 4 January 2016
  • Kernelcache
    ...or iOS12, 17xx for iOS13), likely an artifact of misconfiguration on Apple's side, since it matches the source version of the kernelcache builder. ...ract kexts anymore from these caches). Joker has been superseded by jtool2's --analyze option, which can effectively symbolicate 1000s (3,000-8,000, dep
    20 KB (2,721 words) - 22:02, 13 December 2021
  • Victoria
    '''Victoria''' is Apple's internal codename for [[wikipedia:Nike+iPod|Nike+iPod]] functionality avail
    435 bytes (46 words) - 16:29, 14 November 2013
  • NOR (SysCfg)
    ...5L [[NOR]] (or [[NAND]]) that stores vital information such as your device's model number and serial number.
    617 bytes (104 words) - 11:13, 24 March 2017
  • 0x24000 Segment Overflow
    ...ointer to the bdev list structure, task list structures for the Secure ROM's scheduler, as well as the addresses of the hardware SHA1 registers. All of ...File Format|IMG3]], so that the payload code can be placed within the LLB's IMG3.
    11 KB (1,918 words) - 17:13, 22 October 2021
  • NitroKey
    ...it CAN NOT be directly jailbroken from its release. In addition, NitroKey's irresponsible handling gave Apple enough time to add the [[ECID]] tag to th
    1 KB (242 words) - 23:14, 16 September 2021
  • Restore Ramdisk
    ...nd firmware you are trying to flash). On [[N51AP|iPhone 5S]] and newer, it's also responsible for updating the [[Secure Enclave|SEP]] via [[seputil]]
    626 bytes (107 words) - 13:32, 5 September 2017
  • Mknod
    ...taller, and update to 1.1.2 in [[iTunes]], and use the [[iPhone Dev Team]]'s jailbreak utility, [[touchFree]], written by [[User:Planetbeing|planetbeing
    2 KB (226 words) - 20:44, 12 March 2017
  • Redsn0w
    ...s to restore to a custom [[IPSW File Format|IPSW]], akin to [[PwnageTool]]'s DFU button. * Allows you to "deactivate" a hacktivated phone, so sbingner's [http://www.bingner.com/SAM.html Subscriber Artificial Module] (SAM) can tr
    23 KB (3,037 words) - 10:20, 15 May 2021
  • /usr/lib
    *pf2 (Used for [[User:comex|comex]]'s [[kernel]] patch) *libgmalloc.dylib (Used for [[User:comex|comex]]'s [[Incomplete Codesign Exploit]])
    562 bytes (73 words) - 11:36, 28 August 2015
  • Decrypting Firmwares
    ...]] page or from the <code>Info.plist</code> file underneath [[PwnageTool]]'s <code>/FirmwareBundles</code> folder. ...3.0 (what beta?), Apple began using Snow Leopard to package the [[ramdisk]]s. This results in some zero sized files in the disk image if you don't use S
    8 KB (1,342 words) - 08:42, 7 February 2022
  • Baseband Commands
    ...lder [[:/usr/etc]] exists. SSH into your iPhone and then, type: ''minicom -s''.
    2 KB (359 words) - 14:12, 7 July 2014
  • EDA
    And this is just phase one. There's planned support for differential paths (run twice and graphical compare), a ...running a web server that any webkit browser can run the front end in. It's fully cross platform. Initially, we plan only to support ARM, but it should
    3 KB (594 words) - 13:07, 17 September 2021
  • Downbb
    Then follow the How To's
    1 KB (158 words) - 08:29, 13 October 2015
  • Jailbreak (S5L8920+)
    ...0x24000 Segment Overflow]] exploit. Many of them are susceptible to geohot's bootrom exploit (originally found in [[limera1n]]), which allows unsigned c ...(Bootloader)|iBoot]] exploits won't be so useful for [[tethered jailbreak]]s, because such exploits will be closed in new firmwares. [http://iphonejtag.
    3 KB (399 words) - 09:52, 26 March 2017
  • Greenpois0n (jailbreak)
    ...0|09}}, which led to a delay in greenpois0n's release (to implement geohot's exploit, not SHAtter). * Use an exploit that Apple already knew about (newer [[iBoot]]s shows the exploit patched)
    4 KB (585 words) - 23:37, 16 September 2021
  • 02.07.01
    ...]] [[Baseband Firmware|baseband]] in iOS 4.1 beta (developers only). There's no public [[unlock]] for it.
    166 bytes (23 words) - 11:40, 7 October 2015
  • AT+XLOG Vulnerability
    j's are junk
    584 bytes (77 words) - 00:35, 28 January 2013
  • SSH Ramdisk
    ...y.blogspot.ca/2012/01/automatic-ssh-ramdisk-creation-and.html#more msftguy's blog on SSH ramdisk creation] * [https://github.com/msftguy/ssh-rd msftguy's SSH ramdisk source code on Github]
    1 KB (187 words) - 16:03, 4 November 2022
  • Kernel Syscalls
    ...normal registers, like arg1 in R0/X0, as usual. Syscall # goes in IP (that's intra-procedural, not instruction pointer!), a.k.a R12/X16. ...ese can be found at [http://newosxbook.com/index.php?page=Appendix ''Wiley's OS X and iOS Internals'' online appendix]. The joker tool (shown below) can
    20 KB (2,465 words) - 21:48, 2 February 2018
  • N88AP/Device Tree
    This page is a dump of the [[N88AP|iPhone 3GS]]'s [[Device Tree]].
    20 KB (2,417 words) - 09:09, 13 October 2015
  • IBoot Environment Variable Overflow
    This is an exploit in [[iBoot (Bootloader)|iBoot]]'s parsing of commands and environment variables. This is a heap overflow in 3.0's [[iBoot (Bootloader)|iBoot]].
    1 KB (149 words) - 16:15, 22 May 2022
  • BCM4325
    ...luetooth modules's UART or I2C and digital audio streaming over the module's I2S/PCM hardware. bcm -s 0x01,0x00,0x00,0x01,0x01,0x00,0x01,0x00,0x00,0x00,0x00,0x01
    3 KB (520 words) - 11:23, 24 March 2017
  • Bluetooth
    ...a: BTstack Keyboard, BTstack Mouse, WiiMote OpenGL Demo and some of ZodTTD's emulators. '''Update''': It is not necessary to disable the BTserver. It's enough to keep Bluetooth turned off in the control panel.
    8 KB (1,221 words) - 15:20, 20 September 2020
  • ITunes
    '''iTunes''' is Apple's music and video management software. It also serves as a desktop client for ...display the [[iTunes Store]], as well as [[wikipedia:iTunes LP|iTunes LP]]s and iTunes Extras.
    110 KB (14,628 words) - 19:50, 25 October 2022
  • IPSW File Format
    ...to .zip and double click). IPSWs are used to deliver the [[iDevice|device's]] firmware to the end-user.
    5 KB (677 words) - 00:44, 21 March 2022
  • IPhone Hacking Presentation - History 1.0-1.1.4
    2. Using a hardware test point, pull an address line high, so it thinks it's all erased (fakeblank, more information @ http://www.theiphonewiki.com/wiki Site: Jon "DVD Jon" Lech Johansen’s blog
    6 KB (948 words) - 13:38, 17 September 2021
  • IPhone 7
    ...ate|2016|09|16}}. The firmware identifiers are iPhone9,1 and iPhone9,3. It's models are [[D10AP]] and [[D101AP]]. There are four model numbers, A1660, A The iPhone 7 makes use of Apple's [[T8010|A10]] SoC.
    1 KB (209 words) - 02:23, 18 June 2022
  • IPhone 7 Plus
    ...ate|2016|09|16}}. The firmware identifiers are iPhone9,2 and iPhone9,4. It's models are [[D11AP]] and [[D111AP]]. There are four model numbers, A1661, A
    1 KB (213 words) - 02:23, 18 June 2022
  • Apple Watch Series 1
    The '''Apple Watch Series 1''' was first introduced at Apple's "See you on the 7th" [[keynote]] on {{date|2016|09|07}}. Unlike [[Apple Wat
    1 KB (200 words) - 23:47, 5 September 2021
  • Apple Watch Series 2
    The '''Apple Watch Series 2''' was first introduced at Apple's "See you on the 7th" [[keynote]] on {{date|2016|09|07}}. The Apple Watch Ed
    1 KB (183 words) - 23:48, 5 September 2021
  • D11AP
    ...820-00229''' compared to '''D111AP''' which has Intel brand BB related IC's.
    339 bytes (58 words) - 11:04, 22 July 2018
  • D111AP
    ...BRD: 820-00249''' compared to '''D11AP''' which has Qualcomm BB related IC's.
    334 bytes (57 words) - 11:02, 22 July 2018
  • T8002
    ...ers to the CPU inside of two of Apple's [[wikipedia:System in package|SiP]]s: the S1P and the S2. The '''S1P''' is currently used in the [[Apple Watch S It's also used in first edition of '''iBridge''', AKA the MacBook Pro TouchBar p
    481 bytes (76 words) - 11:04, 27 June 2020
  • Purplesn0w
    ...lity]]. Its implementation of the vulnerability differs from [[ultrasn0w]]'s, and requires a legitimately [[Activation|activated]] [[List of iPhones|iPh ...n one. And since the ticket is already delivered on baseband resets, there's no need to write another daemon to use the battery. Instead the daemon alre
    8 KB (842 words) - 11:36, 14 November 2015
  • CHIP
    <!--The values are created by taking the four digits from the processor's model number, and encoding them in [[wikipedia:Binary-coded decimal|BCD]].- === "S" and "T" Series ===
    2 KB (295 words) - 14:22, 23 September 2022
  • SHSH
    ...lled on your device, e.g. 4.3.3), while TinyUmbrella gets SHSHs from Apple's servers (whatever firmwares Apple is currently signing). ! For Device(s)
    78 KB (8,893 words) - 02:38, 8 December 2022
  • IBSS
    '''iBSS''' (short for '''''iB'''oot '''S'''ingle '''S'''tage'') is a stripped down version of [[IBoot (Bootloader)|iBoot]], missi ...pple’s source code, ''“dongle products get an iBSS with all of iBoot’s recovery mode accroutements, EXCEPT for filesystem support”''.
    2 KB (264 words) - 03:07, 8 February 2018
  • CERT
    Apple's certificates on [[S5L File Formats#IMG2|IMG2]], [[IMG3 File Format|IMG3]],
    14 KB (1,526 words) - 13:47, 17 August 2016
  • S5L8922
    ...sed bootrom exploit in [[limera1n]]. It is also implemented in Chronic Dev's [[Greenpois0n (toolkit)|greenpois0n]]. Source code for Greenpois0n can be f ...h/DDI0301H_arm1176jzfs_r0p7_trm.pdf Technical Reference Manual: ARM1176JZF-S]
    1 KB (165 words) - 09:53, 26 March 2017
  • Usb control msg(0x21, 2) Exploit
    ...terature/white_papers/Vector-Rewrite-Attack.pdf vector rewrite attack], it's possible to replace the address of the irq vector handler (0x38) within a 0
    5 KB (677 words) - 16:17, 22 May 2022
  • IBoot-99
    This version of iBoot can be found in [[Alpine 1A420]] NOR dump. It's stored in unencrypted form.
    273 bytes (38 words) - 04:27, 23 January 2023
  • Blackra1n
    ...]] utility. It is an updated version of [[purplera1n]] but now uses geohot's implementation of the [[usb_control_msg(0x21, 2) Exploit]]. [http://iphonejtag.blogspot.com/ Geohot's blog (private)]
    3 KB (423 words) - 14:09, 17 September 2021
  • WinterBoard
    ...ng GUI elements, such as app icons. See [http://www.saurik.com/id/9 saurik's website] for more information. ...estion that WinterBoard would at least do things like theme icons, if that's what you are concerned with; the issue is that there are many more advanced
    2 KB (370 words) - 13:47, 17 September 2021
  • Freeze
    Freeze is installed when you [[jailbreak]] using [[User:geohot|geohot]]'s [[purplera1n]]. When run, it installs [[Cydia Application|Cydia]]. Freeze h ...from [[Cydia]] and use it to delete Freeze. Installing [[Cydia]] is Freeze's sole purpose
    821 bytes (124 words) - 19:45, 21 November 2013
  • Bootrom 240.4
    ...patches the [[Pwnage]] exploit, as the bootrom now properly checks [[LLB]]'s signature. This bootrom is, however, vulnerable to the [[0x24000 Segment Ov
    792 bytes (115 words) - 13:54, 17 September 2021
  • Bootrom 240.5.1
    For "Symbols", see also [[Address Mapping]], although that's probably for the [[Bootrom 240.4|old bootrom]] only, but might be similar.
    608 bytes (90 words) - 13:54, 17 September 2021
  • Tethered jailbreak
    ...exploits take advantage of code that is permanently embedded in the device's hardware, which Apple cannot update with iOS updates. Those tools do usuall
    2 KB (310 words) - 09:26, 26 March 2017
  • Cydia Substrate
    '''Cydia Substrate''' (formerly '''Mobile Substrate''') is [[saurik]]'s platform that makes it easier to develop third-party addons for iOS. Exampl *[http://www.saurik.com saurik's Web Site]
    2 KB (270 words) - 09:50, 8 April 2020
  • /System/Library/CoreServices/SpringBoard.app
    SpringBoard.app is essentially iOS's graphical user interface (much the same as GNOME is to Linux, Explorer is t Starting in iOS 6, some of SpringBoard's former functions are now in [[backboardd]].
    2 KB (240 words) - 21:01, 11 March 2021
  • Respring
    Respringing is the term for restarting the device's [[SpringBoard]]. The process takes about 10 seconds and, by default, return SpringBoard's daemon, referenced at [[/System/Library/LaunchDaemons]]/com.apple.SpringBoa
    1 KB (216 words) - 00:17, 3 October 2015
  • SwitchBoard.app
    ...set of applications (new test apps are created to test new features). It's usually located in the [[Apple_Internal_Apps#Internal_diagnostic_apps_known
    2 KB (307 words) - 01:59, 27 January 2022
  • SkankPhone
    SkankPhone is a part of Apple's internal debug utilities suite. It can be defined as a [[SpringBoard]] alte ...kPhone was a notable part of Non-UI firmwares from versions 1.0 to 5.1. It's last appearance was on prototypes running 5.1. Versions 6.0 and above no lo
    2 KB (325 words) - 01:04, 20 April 2022
  • Operator
    ...ratorInternal.jpg|thumb|right|Built-in Operator screen in [[Alpine 1A420]]'s [[SkankPhone]] app]] ...comes with some INXS sound samples (from the album The year 1979-1997). It's generally located in <code>AppleInternal/Applications/</code>.
    3 KB (431 words) - 05:07, 1 March 2020
  • AT+XEMN Heap Overflow
    ...stigation and discovers that this crash is indeed exploitable, and that it's a heap overflow. [https://twitter.com/geohot/status/5196861045]
    3 KB (353 words) - 13:35, 17 September 2021
  • Sn0wbreeze
    '''sn0wbreeze''' is a tool used to create custom [[IPSW File Format|IPSW]]s to restore, similar to [[PwnageTool]]. Can be used to jailbreak and unlock * Removed [[ultrasn0w]] integration. (Due to MuscleNerd's request citing version management issues. Install it through the "custom pa
    16 KB (2,052 words) - 18:41, 7 November 2022
  • Blacksn0w
    [[User:Geohot|Geohot]]'s runtime [[unlock]] for [[Baseband Firmware|baseband]] [[05.11.07]] (used by ...stall. [[Commcenter]] will restart and you will have an unlocked iPhone 3G(S).
    1,017 bytes (155 words) - 11:09, 12 October 2015
  • Ikee-virus
    ...ttp://blog.jeltel.com.au/2009/11/interview-with-ikee-iphone-virus.html JD's Thoughts on Everything.: Interview with ikee (iPhone Virus Creator) - ikee
    839 bytes (115 words) - 08:25, 1 September 2015
  • K48AP
    The 3G-equipped iPad also contains Broadcom's [[BCM4750]] chip.
    1 KB (187 words) - 18:29, 16 September 2021
  • IBoot-636.66.33
    * There are no longer assert()'s for the usb otg hardware handler functions, normally checked for in usb_cor
    1 KB (112 words) - 08:45, 14 March 2017
  • Bootx (iBoot command)
    printf("usage:\n\t%s [<address>]\n", argv[0].string);
    1,023 bytes (116 words) - 08:37, 13 October 2015
  • F0recast
    == How does it determine if it's restricted to a [[tethered jailbreak]]? ==
    970 bytes (144 words) - 16:34, 3 October 2014
  • Go (iBoot command)
    N88AP_iBoot:4FF0103C ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF0105A 018 LDR R0, =aSAddress ; "%s [<address>]\n"
    13 KB (1,757 words) - 15:33, 26 March 2017
  • Reboot (iBoot command)
    N88AP_iBoot:4FF00F60 ; =============== S U B R O U T I N E =======================================
    1 KB (179 words) - 04:01, 21 September 2021
  • Ramdisk (iBoot command)
    printf("usage:\n\t%s [<len>] [<address>]\n", argv[0].string);
    2 KB (176 words) - 05:24, 19 May 2015
  • Kernelcache loader (iBoot command)
    N88AP_iBoot:4FF15E04 ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF15FF8 0C4 LDR.W R2, =aKernelS ; "Kernel-%s"
    156 KB (22,990 words) - 20:52, 4 March 2012
  • S5L8930
    A [[wikipedia:system on a chip|system on a chip]] ("SoC") developed by Apple's in-house chip design department. Publicly, Apple refers to this chip as the Aside from the [[iPhone 4]]'s additional RAM and an overall higher clock speed, these are the same specif
    1 KB (215 words) - 12:19, 2 November 2020
  • List of iPads
    * Internal Name(s): iPad12,1, iPad12,2
    8 KB (925 words) - 12:26, 25 September 2021
  • BTServer
    ...ual function table of functions inherited from a base service class, so it's possible to easily intercept all functions for a given service and/or modif
    1 KB (212 words) - 08:08, 11 August 2014
  • Ness
    ...It is believed to be a reincarnation of the application "BurnIn". The app's icon is a picture of the character Ness from the Nintendo game [[wikipedia:
    2 KB (351 words) - 00:26, 23 August 2022
  • N90AP
    The iPhone 4 uses Broadcom's [[BCM4750]] single-chip GPS receiver, like the [[K48AP|iPad]]. [http://www.
    2 KB (289 words) - 22:44, 14 September 2021
  • IOS
    Prior to iOS 4, the OS would take up ~350&nbsp;MB of the device's storage on a 500&nbsp;MB partition.
    4 KB (677 words) - 16:30, 6 September 2022
  • Tutorial:Creating a NOR-only IPSW
    This will create an [[IPSW File Format|IPSW]] that only flashes your device's [[NOR]]. It will not touch the [[iOS|operating system]] or [[NAND]].
    923 bytes (125 words) - 12:18, 27 August 2013
  • FaceTime
    ...don't know about) to Apple, that registers your telephone number on Apple's servers used for FaceTime. Apple then returns a "silent coded text message" ...ve an active SIM card with the ability to send and receive SMSes. If there's an issue sending or receiving SMS messages, FaceTime can't be enabled or ac
    25 KB (1,898 words) - 10:12, 26 March 2017
  • 06.15.00
    ...s iPad version which still is vulnerable. This works because part of Apple's security system is to only allow the installation of signed baseband firmwa
    2 KB (300 words) - 11:37, 14 November 2015
  • X-Gold 618 Unlock
    ...ke the [[X-Gold 608]], the baseband now requires a signature akin to Apple's [[SHSH]] blobs for firmware files, so downgrading an updated baseband, prov
    1 KB (216 words) - 13:46, 17 September 2021
  • Switchboard (App Store)
    ...d within Switchboard may vary from employee to employee depending upon one's [[AppleConnect (SSO)|AppleConnect]] permissions. Enrollment is done through ...ng that this app first came out relatively close to the end of Switchboard's life, compared to the iOS version. Unfortunately the app informs that it re
    6 KB (747 words) - 03:23, 20 November 2021
  • /Applications/AppStore.app
    * cs.lproj ('''C'''zech) (s comes from z) * ms.lproj ('''M'''alay -- Pronounced '''m'''alai'''s''' in country)
    4 KB (483 words) - 13:33, 17 September 2021
  • 25C3 presentation "Hacking the iPhone"
    ...updates for the Mac platform, as I mentioned. An interesting lead: There’s a 180 very active users from Apple who update their [[QuickPwn]] and [[Pwna ...my colleagues here. We’ve got [[User:Bushing|bushing]] on the end. He’s one of the guys. This is [[User:MuscleNerd|MuscleNerd]] (laughter) - I don
    49 KB (8,611 words) - 13:26, 17 September 2021
  • ARM
    * [[Baseband_Device|Baseband processors]]: [[S-Gold_2|PMB8876]], [[X-Gold_608|PMB8878]], [[XMM_6180|XMM6180]], [[MDM6600]] ...itter.com/0xcharlie/status/403879951473991680 written for ''The iOS Hacker's Handbook'' but not published in it]).
    1 KB (170 words) - 10:09, 3 July 2016
  • TinyUmbrella
    * [https://twitter.com/notcom semaphore's twitter]
    3 KB (408 words) - 09:50, 14 October 2015
  • IBooty
    ...en uploads and sets up the device tree. Now it uploads and sets up iH8sn0w's logo. Finally, it uploads the [[kernelcache]] for it to boot the device. There's an open-source version of iBooty by [[User:Fallensn0w|Fallensn0w]] availabl
    1 KB (192 words) - 20:55, 26 August 2015
  • ITunes Errors
    Most of the errors can be found at Apple's [http://support.apple.com/kb/ts1275 Knowledge Base]. Here is a list of '''[
    1 KB (207 words) - 21:35, 28 December 2014
  • ITunes Errors/20xx
    [[iTunes]] can't connect because another program is using it or it's disconnected during the Apple Server check.
    2 KB (303 words) - 08:58, 12 August 2014
  • ITunes Errors/Error Texts
    ...ware file's filename will contain the internal identifier of the device it's intended<!-- don't change: through hacks, one can put incorrect firmware on To determine which firmware should be downloaded, find your device's model numbers on [[Models]]. Look at the "Identifier" column; when download
    3 KB (440 words) - 00:40, 29 August 2022
  • ITunes Errors/Below 100
    ...created by [[PwnageTool]]/[[sn0wbreeze]] or use [[User:semaphore|notcom]]'s [[FixRecovery]] utility available on [http://thefirmwareumbrella.blogspot.c * Root file-system partition size was set too small in the ramdisk's options plist, or the root filesystem size somehow exceeds the storage capa
    9 KB (1,431 words) - 20:49, 11 September 2018
  • PurpleRestore
    ...rpleRestore''' is a tool made by Apple and is used for flashing [[iDevice]]s. It provides far more customization than [[iTunes]], and is known to be use ...0 internal PurpleRestore wiki], which most likely requires access to Apple's internal VPN. A [https://eightball.apple.com/luna/index.php/Software_Restor
    14 KB (2,017 words) - 02:34, 27 June 2022
  • Star
    ...y patched on 4.3.1 in order to prevent the jailbreak of the [[iPad 2]]. It's still possible the site could be repurposed to jailbreak devices up to 4.3, ...n from the library. This allows some UI text to be displayed on the user’s screen to ask whether to go forward with jailbreaking. Then it downloads th
    4 KB (682 words) - 18:57, 12 December 2017
  • QuickPwn
    ...it all. Therefore it can jailbreak any firmware because it find the check's and remove them.
    1 KB (158 words) - 12:15, 27 August 2015
  • GiRecovery
    giRecovery is a graphical interface for [[iRecovery]]. It's completely open source and the source code is released under the terms of t ...updater is implemented. It will connect to [[User:Fallensn0w|Fallensn0w]]'s homepage and read different files. Check out the source code for a better u
    1 KB (212 words) - 17:22, 16 July 2011
  • SHSH Protocol
    curl -i -s -m 1.0 -X POST -A "InetURL/1.0" -H "Proxy-Connection: Keep=Alive" -H "Pragm ...previous step. Each 'build identity' contains a "Manifest" dictionary. It's entries look like
    13 KB (1,906 words) - 00:21, 3 January 2023
  • Leftover Strings
    Backup request received from a new backup protocol version. Let's do the versioning dance. Our version: %@ %s is being feisty. Sending it a SIGKILL
    7 KB (1,130 words) - 20:27, 13 February 2023
  • Hacktivation
    ...s inserted or no SIM card is inserted - this doesn't have to be the iPhone's original SIM card and it doesn't have to be a SIM with active service, it j Official activation using redsn0w: Insert a valid SIM card from the phone's official carrier. Then open redsn0w, click "Jailbreak", and click the "deac
    4 KB (724 words) - 21:59, 22 March 2022
  • IDecrypt
    ...cense = [[wikipedia:Freeware|Freeware]] (violates VFDecrypt's GPL) ...or [[wikipedia:Microsoft Windows|Windows]]/[[wikipedia:Mac OS X|OS X]]. It's used to decrypt .DMG files, namely the rootfs of an [[IPSW File Format|IPSW
    4 KB (578 words) - 14:50, 13 June 2015
  • Recovery Mode Controller
    ...roller can be downloaded from [http://www.blackthund3r.co.uk/ blackthund3r's Website]
    2 KB (259 words) - 11:40, 14 November 2015
  • WinDecrypt
    ...it 'Decrypt' and enter the Keys/IVs for the [[IMG3 File Format|IMG3s]]. It's a simple process, which is considered much more convenient than using the c
    1 KB (160 words) - 09:21, 25 August 2014
  • 02.10.04
    A new [[N90AP|iPhone 4]] [[Baseband Firmware|baseband]] in iOS 4.1. There's no public [[unlock]] for it.
    143 bytes (20 words) - 09:51, 14 October 2015
  • INdependence
    ...nd managing ringtones/wallpapers/applications on your [[M68AP|iPhone]]. It's open source under the GNU v2 license.
    585 bytes (80 words) - 10:04, 12 October 2015
  • Usb control msg(0xA1, 1) Exploit
    ...tion)]] (both [[Bootrom 240.4|old]] and [[Bootrom 240.5.1|new]] [[bootrom]]s) [[DFU Mode]] when sending a USB control message of request type 0xA1, requ ...he image upload is marked as finished, also rebooting the device (but that's not exploitable because the double free() happens in a row). [[User:posixni
    3 KB (430 words) - 09:29, 26 March 2017
  • /Applications/iOS Diagnostics.app
    ...r given to them by Apple over the phone to allow them to send their device's data over to Apple. ...evice and to improve our products and services. For information on Apple’s Privacy Policy, see <a href=\"http://www.apple.com/legal/privacy\">http://w
    4 KB (630 words) - 12:42, 13 November 2015
  • K66AP
    ...on other iOS devices. [[/Applications/AppleTV.app/Appliances|FRAppliance]]s can be added to the [[/Applications/AppleTV.app/Appliances]] folder on a ja ...arently for a 30-pin dock connector]. This is most probably here for Apple's in-house developer units.
    5 KB (827 words) - 01:07, 15 September 2021
  • List of baseband commands
    ==AT+S...==
    7 KB (1,048 words) - 23:46, 22 January 2013
  • Limera1n
    ...closed bootrom exploit (the [[limera1n Exploit]]) and [[User:Comex|comex]]'s [[Packet Filter Kernel Exploit]] to achieve an [[untethered jailbreak]] on ...ion) with an untethered jailbreak] that met [[User:MuscleNerd|MuscleNerd]]'s requirements for a good video. In addition, he took a picture of [http://4.
    8 KB (1,143 words) - 15:59, 21 May 2022
  • /Applications/FieldTest.app
    ...7/a-half-dozen-fun-undocumented-iphone-preferences/ by editing SpringBoard's preferences.])
    1 KB (139 words) - 18:38, 25 February 2022
  • IBSS commands
    arm7_stop stop the iPod touch (2nd generation)'s ARM7. Removed in 2.2. arm7_go start the iPod touch (2nd generation)'s ARM7 with a downloaded image. Removed in 2.2.
    9 KB (804 words) - 06:30, 11 February 2021
  • RiPDev
    ...pDev is no longer making products or supporting the ones they have. RipDev's repo closed around 1st October and the RussianApple repository has their pr
    5 KB (750 words) - 14:03, 17 September 2021
  • Cydia SHSH Server
    ...k]] maintains servers that store [[SHSH]] blobs for devices that use Cydia's "on-file" feature. For more details see [[SHSH]] and [[TinyUmbrella]]. To use this process, Cydia's servers must already have saved SHSH blobs on file for your device for the
    4 KB (581 words) - 13:53, 17 September 2021
  • Gunlock
    //geohot's 112 otb unlocker fprintf(stderr, "%i(%s)\n", errno, strerror(errno));
    11 KB (1,600 words) - 00:10, 22 March 2021
  • DMG Decrypter
    [[Image:DMGDecrypter.png|thumb|right|DMG Decrypter's main window]]
    875 bytes (124 words) - 18:18, 24 August 2013
  • PwnStrap
    # <code>irecovery -s</code> # <code>irecovery -s</code>
    775 bytes (113 words) - 16:53, 26 March 2017
  • Beta Firmware
    ...rovided on the following pages link directly to Apple's servers. Some beta's were removed from the servers but download links are kept for archival purp
    1 KB (175 words) - 17:44, 29 November 2022
  • Sandbox
    Apple's software based [[Wikipedia:Mandatory access control|mandatory access contro * [https://developer.apple.com/app-sandboxing/ Apple's articles about App Sandboxing for developers]
    1 KB (158 words) - 20:31, 19 September 2014
  • Nonce
    The device's bootloaders (firmware, baseband and SEP) generate a random value using a no ...sent to Apple's [[Tatsu Signing Server|TSS Server]] along with the device's [[ECID]] and the hashes of the firmware components to be signed.
    5 KB (752 words) - 07:15, 6 December 2021
  • Bootrom Dumper Utility
    It's possible to extend the compatibility to older devices as well (iPhone 3GS, * the offset to the call of usb_wait_for_image in payload.S
    1 KB (232 words) - 09:32, 26 March 2017
  • AppleMobileFileIntegrity
    ...orner stone of iOS's code entitlements model. It is one of the [[Sandbox]]'s (com.apple.security.sandbox) dependencies, along with com.apple.kext.AppleM ...gister), which is used to hook various system operations and enforce Apple's tight security policy.
    2 KB (263 words) - 20:28, 15 February 2012
  • /Applications/blackra1n.app/appList2.plist
    <string>It's a monopoly for a reason</string>
    1 KB (179 words) - 21:10, 11 November 2014
  • 03.09.00
    ...[[Baseband Firmware|baseband]] in iOS 4.1 beta 2 (developers only). There's no public [[unlock]] for it.
    168 bytes (23 words) - 11:40, 7 October 2015
  • 03.10.01
    ...a 3, 4.2 [[Golden Master|GM]], 4.2.1 [[Golden Master|GM]] and 4.2.1. There's no public [[unlock]] for it.
    214 bytes (28 words) - 01:14, 29 January 2017
  • Animate
    [[User:Jaywalker|Jaywalker's]] [http://www.twitlonger.com/show/8lepqg notes]
    2 KB (284 words) - 17:35, 11 August 2014
  • ITunes Store
    ...r content purchased or rented from the store remains encrypted using Apple's [[FairPlay]] DRM.
    396 bytes (58 words) - 20:46, 10 September 2013
  • Making PwnageTool Bundles
    ...can lower the 'fuzzyness' level to apply lower confidence patches, but it's not a very good idea; you would usually want to inspect the file with IDA i ...[[iBSS]] needs to still generate [[nonce]] but not check for [[APTicket]]'s validity or its match for the [[nonce]] created.
    9 KB (1,343 words) - 09:33, 26 March 2017
  • ILog
    ...employees to view key important information about your device, such as it's IMEI, Carrier, and network lock status. It also provides a way to view all
    1,012 bytes (153 words) - 15:27, 8 July 2022
  • Tutorial:Re-Provisioning iPhone 4 from Verizon Wireless for other CDMA Carriers
    8. That's it for now more to come!!
    2 KB (248 words) - 09:37, 30 March 2017
  • Preventing Baseband Update
    ...g an original [[IPSW File Format|IPSW]] will not work, because [[redsn0w]]'s pwned DFU Mode doesn't patch sigchecks in [[iBSS]] (which is loaded from th [[Firmware]]s like 4.2.1 and above have baseband checks on the [[Restore Ramdisk]]. If th
    7 KB (1,010 words) - 09:15, 13 October 2015
  • Editing Braille Command Property Lists
    These are the button codes needed in the .plist file for one's particular display. How these button codes are determined is not known. Som ...user who's used iOS. To modify what buttons perform the command, all that's needed is to change the button code to the desired button or buttons. For e
    4 KB (562 words) - 21:56, 28 August 2013
  • /usr/standalone/firmware/TiSerialFlasher-K66-01.26.txt
    here is a charter to flash ( something in the apple tv's hardware ) version 01.26
    46 KB (6,485 words) - 13:39, 28 August 2015
  • /usr/standalone/firmware/TiSerialFlasher-K66-01.27.txt
    here is a charter to flash ( something in the apple tv's hardware ) version 01.27
    47 KB (6,462 words) - 13:39, 28 August 2015
  • /usr/standalone/firmware/TiSerialFlasher-K66-01.28.txt
    here is a charter to flash ( something in the apple tv's hardware ) version 01.28
    46 KB (6,452 words) - 13:40, 28 August 2015
  • /usr/share
    This folder contains boot utilities for the device. It's location follows the HFS Unix standard.
    371 bytes (43 words) - 11:37, 28 August 2015
  • AirPlay
    '''AirPlay''' is the marketing name of Apple's technology for streaming audio and video between iTunes and iOS devices. It ...not support audio, DRM-protected video, or [[iTunes]] as a source, but it's still an important achievement as the first independent implementation of A
    8 KB (1,172 words) - 13:46, 17 September 2021
  • 01.43.02
    ...grey (This was replaced in iOS 2.1 with a blue "E" and no background). It's almost the same baseband as in the iPhone OS 2.0 firmware for the [[N82AP|i
    988 bytes (161 words) - 11:06, 12 October 2015
  • HFS Legacy Volume Name Stack Buffer Overflow
    ....com/pod2g/status/33997326070583296] was used in conjunction with limera1n's [[bootrom]] exploit or the [[usb_control_msg(0xA1, 1) Exploit]] in [[greenp ...d the kernel and patched the sandbox. After some reverse engineering, here's what
    3 KB (378 words) - 14:21, 28 March 2015
  • 04.08.00
    A new [[N90AP|iPhone 4]] baseband in iOS 4.3 beta. There's no public unlock for it.
    122 bytes (19 words) - 11:42, 7 October 2015
  • 04.09.00
    A new [[N90AP|iPhone 4]] baseband in iOS 4.3 beta 2. There's no public unlock for it.
    124 bytes (19 words) - 11:42, 7 October 2015
  • 05.16.00
    A new [[X-Gold 608]] baseband in iOS 4.3 beta, 4.3 beta 2, 4.3 beta 3. There's no public unlock for it.
    142 bytes (19 words) - 10:22, 7 October 2015
  • Greenpois0n (toolkit)
    * [http://github.com/Chronic-Dev/syringe GreenPois0n Syringe]: Greenpois0n's exploit injector, to assist in booting devices into jailbroken states.
    1 KB (173 words) - 15:21, 10 April 2014
  • Incomplete Codesign Exploit
    Unlike Spirit's and Star's kernel exploits, the [[Packet Filter Kernel Exploit]] is not done in the RO ...was used to replace the launchd binary and kickstart [[User:pod2g|pod2g]]'s [[HFS Legacy Volume Name Stack Buffer Overflow]] kernel exploit. The origin
    13 KB (1,971 words) - 22:19, 9 March 2012
  • Plutil
    ==Apple's plutil== ...rary/mac/documentation/Darwin/Reference/ManPages/man1/plutil.1.html plutil's man page]'''
    5 KB (705 words) - 05:40, 19 March 2013
  • Dyld shared cache
    With that header files using iOS Private API's is sometimes possible.
    1 KB (175 words) - 03:26, 14 September 2017
  • Tutorial:Re-Provisioning iPhone 4 using file system (Incomplete)
    ...TO OTHER CARRIERS AS LONG AS YOUR CARRIER IS WILLING TO ACCEPT THE iPhone's MEID. ...[[N92AP|iPhone 4 (iPhone3,3)]] for carrier's willing to accept the iPhone's ESN/MEID into their database.
    6 KB (995 words) - 09:37, 30 March 2017
  • Tutorial:Unlocking iPhone 4 (iPhone3,3) model with OTA
    8. That's it for now more to come!!
    1 KB (227 words) - 09:37, 30 March 2017
  • 05.16.01
    A new [[X-Gold 608]] baseband in iOS 4.3 [[Golden Master|GM]]. There's no public unlock for it.
    134 bytes (19 words) - 11:44, 27 January 2017
  • IPad 2
    The [[K95AP|iPad2,3]] uses Qualcomm's Gobi chipset, like the [[N92AP|iPhone3,3]]. ...d iOS 4.3.4 to address the exploited vulnerabilities 10 days after Saffron's public debut.
    3 KB (376 words) - 02:19, 5 November 2021
  • 1.0.05
    ....2.5 and 4.2.6 baseband|the [[N61AP|iPhone 6]] and [[N56AP|iPhone 6 Plus]]'s first baseband|1.00.05}}
    301 bytes (39 words) - 07:00, 15 October 2015
  • 03.08.00
    The [[XMM 6180]] baseband in iOS 4.2 beta. There's no public unlock for it.
    114 bytes (16 words) - 11:40, 7 October 2015
  • UDID
    For developers building extensions for jailbroken iOS: it's not recommended to calculate the UDID yourself - instead, use [http://iphon ...(you can call it a form of [[bricked|bricking]]) if you restore and there's no jailbreak available, if the available jailbreaks don't include afc2 and
    3 KB (518 words) - 13:44, 17 September 2021
  • K94AP
    ...d 618]] baseband chip (the same chip as the [[N90AP|iPhone 4 (iPhone3,1)]]'s baseband).
    717 bytes (96 words) - 12:41, 17 September 2021
  • IEmu
    ...wikipedia:Interactive Disassembler|IDA]] debugger to the emulated iPhone’s running kernel. The project's website, <code>iEmu.org</code> was a MediaWiki installation run by [[cmw]].
    3 KB (377 words) - 01:04, 17 September 2021
  • Models
    ...r two characters representing the "[[Model Regions|region]]" of the device's origin. Depending on the software displaying the string, there may be a sla ...leaving us with the first five characters of the string). For example, let's say our model number is "<code>MC922LL/A</code>". The first letter is alrea
    110 KB (15,198 words) - 06:05, 6 June 2023
  • IPhone 6s
    This is the iPhone 6s introduced by Tim Cook at Apple's 'Hey Siri, Give Us a Hint' event on {{date|2015|09|09}}. It was made availa The iPhone 6s makes use of Apple's [[A9]] SoC. The A9 is manufactured by both Samsung and TSMC, and is assigne
    2 KB (251 words) - 02:25, 18 June 2022
  • 05.16.02
    ...band in iOS 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5 and 5.0 beta - beta 4. There's no public unlock for it.
    162 bytes (19 words) - 10:23, 7 October 2015

View (previous 250 | next 250) (20 | 50 | 100 | 250 | 500)

Retrieved from "https://www.theiphonewiki.com/wiki/Special:Search"