S5L8920

This is the processor used in the iPhone 3GS.

S5L8920 using THUMB-2 instruction set as well as ARM and THUMB ones. Binaries included in iOS are compiled for only ARMv7 and are not compatible with older CPUs.

Bootrom

 * 0x24000 Segment Overflow - only in iBoot-359.3
 * Limera1n Exploit

iBoot

 * iBoot Environment Variable Overflow - Works up to iOS 3.1 beta 3
 * usb_control_msg(0x21, 2) Exploit - Works up to iOS 3.1.2

Kernel

 * BPF STX Kernel Write Exploit - Works up to iOS 3.1.3
 * IOSurface Kernel Exploit - Works up to iOS 4.0.1
 * Packet Filter Kernel Exploit - Works up to iOS 4.1
 * HFS Legacy Volume Name Stack Buffer Overflow - Works up to iOS 4.2.1

Userland

 * MobileBackup Copy Exploit - Works up to iOS 3.1.3
 * Malformed CFF Vulnerability - Works up to iOS 4.0.1

Boot Chain
Bootrom&#8594;LLB&#8594;iBoot&#8594;Kernel&#8594;System Software