Talk:Bootrom

Extraction / Disassembly
Which versions have been successfully extracted and reverse engineered? And instructions on how to do so? -- http 08:26, 26 September 2010 (UTC)
 * the S5L8900 is mapped to 0x20000000 so inject iBoot that is mapped to 0x18000000 then run range check and find where the bootrom ends --liamchat 12:01, 26 October 2010 (UTC)
 * the ipod 2g bootrom is mapped to 0x22000000 --liamchat 12:01, 26 October 2010 (UTC)
 * the iphone 3gs and ipod 3g bootrom is mapped to 0x84000000 --liamchat 12:01, 26 October 2010 (UTC)
 * the S5L8930 bootrom is mapped to 0x84000000 ( i think ) --liamchat 12:01, 26 October 2010 (UTC)
 * Did MuscleNerd manage to extract the Bootrom version 838.3 or not? reference 1 reference 2 reference 3 Some people interpreted these tweets as a successful extraction confirmation. -- http 04:40, 17 October 2011 (MDT)

Untethered/Tethered
Well all jailbreaks with greenpois0n are untethered, so shouldn't we say that they are untethered at least for now? I understand that the original exploit alone is tethered, but the jailbreak isn't.
 * greenpois0n does indeed do untethered jailbreaks for its supported devices. I've done a little housekeeping on the articles, which replaced the mention of jailbreak utilities for a slightly more technical explanation on what's different, so hopefully that tackles this issue. :) (If people really want the utilities' names, I suppose they could be added back, but I omitted them because I felt it was unnecessary.) -- Dialexio 19:38, 25 October 2010 (UTC)

Bootrom version of the 3G
M2m added the bootrom link IBoot-596.24 as the one for the iPhone 3G. I highly doubt that. Why should the 3G have a higher version than the two versions of the 3GS? Where do you have this info from? I don't have a 3G and the 3GS-method to get version doesn't work on the 3G. -- http 03:16, 31 December 2011 (MST)
 * I already thought that my edit will generate some discussion. This version is reported if I plug the 3G into a MacBook Air, put the 3G into DFU and check in System Profiler. I was also astonished to find this version on the 3G, which leads me into thinking that either the method to get the bootrom version (as described here) is not correct or some of the versions here are somehow faulty. I think that there has been some mixup between bootrom iboot and 2nd stage boot loader iboot.--M2m 04:18, 31 December 2011 (MST)
 * Yes, there has been some confusion. On the pages like IBoot-596.24 it is not clear if it's a bootrom version or a stage 2 bootloader. We have to fix that. But I think all versions listed on this page are correct bootrom versions except the version you added. The method for checking the bootrom version does not work on the 3G, it's intended only for the 3GS. What was the full string that was reported? If there was this version you wrote, maybe it was the stage 2 bootloader. I'll revert to the previous edit until someone can tell what the real version is. -- http 11:24, 31 December 2011 (MST)
 * Information from my 3G as follows from System Profiler when put in DFU

Product-ID: 0x1227 Manufacturer-ID: 0x05ac (Apple Inc.) Version: 0.00 Serial number: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000000XXXXXXXXXX IBFL:00 SRTG:[iBoot-596.24]
 * That isn't the stage two bootloader as 4.2.1 is iBoot-931.71.16~9 --Cole Johnson 16:32, 1 January 2012 (MST)
 * This is the stage two bootloader belonging to iOS 3.0.1. --http 04:38, 2 January 2012 (MST)
 * But I am on iOS4.2.1 not 3.0.1. I am confused.--M2m 04:55, 2 January 2012 (MST)
 * I have an ipt1, which should have the same bootrom. If I find some time, I'll try to extract it. If you're an advanced user, you might also try to extract the bootrom with the Bootrom Dumper Utility. In the extracted binary you should find the correct version. --http 05:04, 2 January 2012 (MST)
 * Hmm well couldn't find the usb_wait_for_image call offset values and exploit values for the 3G, as the bdu tool is based on the laimra1n exploit which is not available for the 3G, but will keep searching. --M2m 09:19, 2 January 2012 (MST)
 * Hmm well couldn't find the usb_wait_for_image call offset values and exploit values for the 3G, as the bdu tool is based on the laimra1n exploit which is not available for the 3G, but will keep searching. --M2m 09:19, 2 January 2012 (MST)