Talk:PwnageTool

From The iPhone Wiki
Revision as of 21:48, 26 November 2011 by Rdqronos (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is probably explained somewhere, but... how does pwnagetool actually implement an exploit such as limera1n? --rdqronos 16:00, 25 November 2011 (MST)

limera1n's exploit is used to put the device in "pwned DFU" mode, so you can restore to the custom IPSW in iTunes. --Dialexio 16:57, 25 November 2011 (MST)
If you were asking how PwnageTool actually implements the jailbreaks (in general): They "just" patch the firmware by decrypting it, change a few bytes and add some custom code and re-encrypt it again. The limera1n exploit is a bootrom vulnerability and this is needed to allow the installation of such new firmware, as Dialexio already mentioned. But you can use redsn0w instead. PwnageTool is mainly to create the new ipsw. Was there any specific question, like how any jailbreak works? -- http 05:06, 26 November 2011 (MST)
Actually, you nailed it spot on, http. Thanks a bunch, it's always nagged me how that worked :P --rdqronos 14:48, 26 November 2011 (MST)