summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/limera1n.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/src/limera1n.c b/src/limera1n.c
index 29cb02a..5d9eb4f 100644
--- a/src/limera1n.c
+++ b/src/limera1n.c
@@ -36,20 +36,25 @@ int limera1n_exploit(struct irecv_device *device, irecv_client_t *pclient)
unsigned char shellcode[0x800];
unsigned int max_size = 0x24000;
//unsigned int load_address = 0x84000000;
- unsigned int stack_address = 0x84033F98;
- unsigned int shellcode_address = 0x84023001;
+ unsigned int stack_address = 0;
+ unsigned int shellcode_address = 0;
unsigned int shellcode_length = 0;
-
- if (device->chip_id == 8930) {
+ if (device->chip_id == irecv_devices[DEVICE_IPHONE4].chip_id) {
max_size = 0x2C000;
stack_address = 0x8403BF9C;
shellcode_address = 0x8402B001;
- }
- if (device->chip_id == 8920) {
+ } else if (device->chip_id == irecv_devices[DEVICE_IPHONE3GS].chip_id) {
max_size = 0x24000;
stack_address = 0x84033FA4;
shellcode_address = 0x84023001;
+ } else if (device->chip_id == irecv_devices[DEVICE_IPOD3G].chip_id) {
+ max_size = 0x24000;
+ stack_address = 0x84033F98;
+ shellcode_address = 0x84023001;
+ } else {
+ error("Unsupported ChipID 0x%04x. Can't exploit with limera1n.\n", device->chip_id);
+ return -1;
}
memset(shellcode, 0x0, 0x800);