Pwnage

This exploit is in the VROM

Credit
The dev team

Exploit
The VROM doesn't sig check the stuff it jumps to in the NOR. So to use the exploit, one finds a way of writing to the NOR unsigned, either with iBoot hacks or kernel patches.

Implementation

 * PwnageTool
 * iPhoneLinux