Difference between revisions of "Ultrasn0w"

Revision as of 22:41, 1 January 2009

The first iPhone 3G unlock. Released on 01/01/09. [1]

A demo (of a console-only version of the app though) can be seen at http://qik.com/video/729275.

Credit

geohot (injection exploit), MuscleNerd, and The dev team (payload).

Exploit

Relies on an unsigned code exploit.

The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.

The exploit itself is a buffer overflow in the at+stkprof cmd that devteam used to patch out the carrier checks in RAM.

Source Code

The source code for yellowsn0w is now live [2]

External links

@@ Line 4: / Line 4: @@
 ==Credit==
-[[The dev team]].
+[[geohot]] (injection exploit), MuscleNerd, and [[The dev team]] (payload).
 ==Exploit==
@@ Line 11: / Line 11: @@
 The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.
+The exploit itself is a buffer overflow in the at+stkprof cmd that devteam used to patch out the carrier checks in RAM.
-(Currently there's no any further information)
+==Source Code==
+The source code for yellowsn0w is now live [http://xs1.iphwn.org/releases/yellowsn0w.tar.bz2]
 ==See Also==

Difference between revisions of "Ultrasn0w"

Revision as of 22:41, 1 January 2009

Contents

Credit

Exploit

Source Code

See Also

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools