Difference between revisions of "Talk:Ultrasn0w"

From The iPhone Wiki
Jump to: navigation, search
(About AT+STKPROF exploit: new section)
(RE: About AT+STKPROF exploit: new section)
Line 19: Line 19:
   
 
Does only 2.28 vulnerable to at+stkprof exploit?
 
Does only 2.28 vulnerable to at+stkprof exploit?
  +
  +
== RE: About AT+STKPROF exploit ==
  +
  +
afaik all versions 1.45 through 2.28 are vulnerable, but devteam only designed a payload for 2.28. not 100% on that though.

Revision as of 16:03, 2 January 2009

Thinking about this, I know how I could've done the unlock. I'm so lazy. This might be what yellowsn0w does already; theres a little object code in your source, so I don't know :-)

1. copy task_sim into memory
2. patch task_sim in the usual way(too bad i don't really understand the baseband at all)
3. modify the nucleus task struct to use the in memory task_sim(although idk why theres no execute on the stack, normal ram seems ok)
4. reset the sim card

no real reversing required. i could've had this in july dammit :-P

i also think this approach might solve some peoples problems with it dying after 10 minutes

~geohot

nx

heh, I think it is a standard thing for ARM for the stack to be nx. btw, of course there was reversing required, how else would you have found the injection hack itself x)

About AT+STKPROF exploit

Does only 2.28 vulnerable to at+stkprof exploit?

RE: About AT+STKPROF exploit

afaik all versions 1.45 through 2.28 are vulnerable, but devteam only designed a payload for 2.28. not 100% on that though.