JailBreaking
Application processor firmware modification to allow unsigned code to run (i.e. applications from outside the AppStore)
- Similar to other OSes, the iPhone OS is loaded in stages
- Boot ROM loads the LLB
- LLB loads the Firmware
- At each stage, signature checks performed to validate the next stage
- In theory...
- The boot ROM does not perform a signature check on the LLB
- More recently, the LLB is subject to a buffer overflow which allows unsigned code to be loaded that can override the signature checks of all subsequent checks.
No comments:
Post a Comment