|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Ultrasn0w"
Planetbeing (talk | contribs) |
Planetbeing (talk | contribs) (→Current Injection Vector) |
||
| Line 11: | Line 11: | ||
== Current Injection Vector == |
== Current Injection Vector == |
||
| − | yellowsn0w refers to the reuseable '''payload''', but it requires |
+ | yellowsn0w refers to the reuseable '''payload''', but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, [[geohot]] had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people. |
The vulnerability is a stack buffer overflow in the at+stkprof command. |
The vulnerability is a stack buffer overflow in the at+stkprof command. |
||
Revision as of 16:40, 3 January 2009
The first iPhone 3G unlock. Released on 01/01/09. [1]
Contents
Credit
MuscleNerd, and The dev team
Exploit
Relies on an unsigned code injection vulnerability.
The actual unlock works by a daemon patching the baseband's RAM on-the-fly, overriding the carrier lock code. It is not permanent because of the signature checks - the bootloader has to pass the sigchecks and the baseband has to pass them too, so any change to the baseband/bootloader cannot be made.
Current Injection Vector
yellowsn0w refers to the reuseable payload, but it requires an injection vector in order to be inserted into the baseband. yellowsn0w was originally to be released with an injection vector that works on pre-2.28.00 baseband versions. However, geohot had an injection vector for 2.28.00 and the decision was made to release yellowsn0w with this injection vector to benefit the most people.
The vulnerability is a stack buffer overflow in the at+stkprof command.
Source Code
The source code for yellowsn0w is now live [2]
Compatibility
| Country | Provider | yellowsn0w Version | SIM/USIM | Ingoing Calls? | Outgoing Calls? | SMS? | GPRS/EDGE? | UMTS/HSDPA? | Comments |
|---|---|---|---|---|---|---|---|---|---|
| Bermuda | Mobility | ? | SIM | No | No | No | No | No | Works for about ten minutes then "Sim Failure" occurs and yellowsn0w stops working. |
| Germany | O2 | ? | SIM | Yes | Yes | Yes | Icon shown but not tested | Icon shown but not tested | |
| Israel | IL Orange | 0.9.4 | USIM | Yes | No | Yes | Yes | Yes | Requires some tricks to get signal. While trying to place a call, signal is lost and call failed. |
Additional information: http://report.yellowsn0w.com/
