The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Search results

Jump to: navigation, search

  • IBoot (Bootloader)
    '''iBoot''', also referred to as “iBoot second-stage loader” in the source code, is Apple's stage 2 bootloader fo ...sh</code> subdir, e.g. <code>Firmware/all_flash/all_flash.n81ap.production/iBoot.n81ap.RELEASE.img3</code>, where the "n81ap", "k90", etc.. are for the i-De
    123 KB (8,553 words) - 00:24, 13 November 2022
  • Diags (iBoot command)
    ...ission checks in 1.0-1.1.4 iBoots, so it was exploitable to load a patched iBoot, but in 2.0 iBoots, this command has a permission check to make sure it is ...iPod touch]], and can be used to boot a modified 2.0+ [[iBoot (Bootloader)|iBoot]]. Therefore, it is still an open exploit for these devices.
    2 KB (306 words) - 06:22, 11 February 2021
  • Recovery Mode
    Recovery Mode is a failsafe in [[iBoot (Bootloader)|iBoot]] that is used to reflash the device with a new OS, whether the currently i ...sh amber in an SOS style to indicate that the Mac mini or Mac Studio is in iBoot Recovery Mode.
    6 KB (950 words) - 20:24, 16 September 2022
  • Talk:AES Keys
    ...AES engine gets disabled when the kernel is booting up. Jumping back into iBoot won't reenable it. --[[User:Aker|Aker]] 21:56, 12 September 2014 (GMT+1) ...to work. In iRecovery, 'go aes dec [long KBAG string]' gives no output. Commands like bgcolor, reboot, etc. work, but I cannot get any feedback from the dev
    8 KB (1,417 words) - 15:15, 28 March 2017
  • IRecovery
    ...r Mac OS X, Linux, and Windows. It is able to talk to [[iBoot (Bootloader)|iBoot]] and [[iBSS]] and [[iBEC]] via USB. It's completely open source; the sourc Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.
    4 KB (569 words) - 14:05, 17 September 2021
  • Talk:ARM7 Go
    ...exploit is that, in the iPod Touch 2G 2.1.1 firmware, they left behind two commands: arm7_stop and arm7_go", the word "exploit" is not used properly. You are h ...ther exploit since you have confirmation that the vuln is exploitable. The iBoot envvar one happened to be reasonably easy to find yet reasonably hard to ex
    3 KB (580 words) - 21:53, 7 July 2009
  • History: Decrypt 1.1.1 (Talk Page)
    ==FULL information about iBoot's handling of crypted 8900 images== ...or 0x0220a0e3 or 0x0020a0e3 would take me to the MOV r2, #2 and MOV r2, #0 commands respectively, but if I found anything, it wasn't near anything that resembl
    37 KB (6,324 words) - 21:12, 20 March 2015
  • IBoot Flags
    ===Commands=== Reversings of various routines that relate to the iBoot flags in an effort to find out what does what.
    16 KB (2,016 words) - 08:46, 14 March 2017
  • ARM7 Go
    ...d two commands from what was presumably a DEBUG fused [[iBoot (Bootloader)|iBoot]]: arm7_stop and arm7_go. They were promptly removed in 2.2, but in 2.1.1 i ...yload for it to run, but one that patches [[iBEC]] or [[iBoot (Bootloader)|iBoot]] in memory would do fine.
    2 KB (305 words) - 06:24, 11 February 2021
  • Redsn0w Lite
    ROM:00000014 ; this patches the iboot flags to allow no range check, ...; no permission check for restricted commands, aes gid
    3 KB (385 words) - 04:31, 17 March 2018
  • Redsn0w
    *Includes Terminal shell commands into the GUI. ** Untethered for iPhone 3GS devices with the [[iBoot-359.3|old bootrom]].
    23 KB (3,037 words) - 10:20, 15 May 2021
  • Decrypting Firmwares
    ...n of the ramdisks in an [[IPSW File Format|IPSW]] file. The listed console commands are applicable to the [[S5L File Formats#IMG2|IMG2]] or [[IMG3 File Format| ...]]. The decryption key wasn't obscured however, and a simple analysis of [[iBoot]] by [[User:Zibri|Zibri]] revealed the [[AES Keys#Key 0x837|0x837 key]].
    8 KB (1,342 words) - 08:42, 7 February 2022
  • Greenpois0n (jailbreak)
    * Use an exploit that Apple already knew about (newer [[iBoot]]s shows the exploit patched) Initializing commands
    4 KB (585 words) - 23:37, 16 September 2021
  • Purplera1n
    ....0.1 or later). Currently available for Windows and Mac. It utilizes the [[iBoot Environment Variable Overflow]]. # purplera1n sends the enter recovery commands using [[MobileDevice Framework]]
    3 KB (413 words) - 11:23, 24 March 2017
  • IBoot Environment Variable Overflow
    {{DISPLAYTITLE:iBoot Environment Variable Overflow}} This is an exploit in [[iBoot (Bootloader)|iBoot]]'s parsing of commands and environment variables.
    1 KB (149 words) - 16:15, 22 May 2022
  • IBSS
    ...'''ingle '''S'''tage'') is a stripped down version of [[IBoot (Bootloader)|iBoot]], missing things such as interacting with the [[/|filesystem]]. Can be upl ...ing to Apple’s source code, ''“dongle products get an iBSS with all of iBoot’s recovery mode accroutements, EXCEPT for filesystem support”''.
    2 KB (264 words) - 03:07, 8 February 2018
  • Talk:IBoot (Bootloader)
    == Commands used as an exploit vector == ...0x21, 2) Exploit has a vector and there may be lots of tiny write zones in iboot --[[User:Liamchat|liamchat]] 21:23, 29 August 2010 (UTC)
    6 KB (957 words) - 20:54, 24 August 2015
  • Talk:IRecovery
    == Supported Raw Commands == A list of raw commands supported by each firmware and short description i think would be great. Mo
    3 KB (481 words) - 22:04, 26 February 2016
  • IBoot-636.66.33
    === Commands === * [[bootx (iBoot command)|bootx]]
    1 KB (112 words) - 08:45, 14 March 2017
  • Talk:Bootx (iBoot command)
    ...y interested in iBoot commands. Do you have an IDA file laying around with iBoot functions documented? Or maybe LLB? --[[User:Charybdis|Charybdis]] 04:14, 8
    1 KB (160 words) - 04:14, 8 March 2010

View (previous 20 | next 20) (20 | 50 | 100 | 250 | 500)

Retrieved from "https://www.theiphonewiki.com/wiki/Special:Search"