Talk:0x24000 Segment Overflow

From The iPhone Wiki
Revision as of 11:29, 13 March 2009 by Pod2g (talk | contribs)
Jump to: navigation, search

I have questions. What is the LR? How do we write to the NOR?

LR is the link register. it usually contains a pointer to where the current routine is to return to. NOR is written by putting the device into dfu mode and writing to the nor0 block device using a tools like iRecovery --posixninja 17:58, 12 March 2009 (UTC)

I rewrote the article as one geared more toward the technical/security community than hobbyists trying to manually perform the patch. My hope is that it will be more useful in this form for the linux4nano community, who are trying to jailbreak the iPod Nano 4G, which apparently uses the same SoC. --Planetbeing 07:46, 13 March 2009 (UTC)

Nice work guys. Did you use a debugger of some sort? this would be difficult without a debugger. Here's how I understand it, so we overwrite pointers pointing to where and what data is written. By writing to the stack, we can overwrite the subroutine's return address(LR). The subroutine will now return to the payload. Is this correct?--paulzero 11:23, 13 March 2009 (UTC)

Hi Paul0. No debugger at all. Only hundreds of tests to find the LR in the stack :) [thx to posixninja for the tests, planetbeing for the analysis of the tests].