S5L8900

Contents

The S5L8900 is a 32-bit ARM processor used in the original iPhone, iPhone 3G, and first generation iPod touch. It is an ARM1176JZ(F)-S capable of running at 620 MHz, but downclocked to 412 MHz (400 MHz until iPhone OS 1.1.2).

Exploits

The S5L8900 is one of the few iDevice processors to have an untethered bootrom exploit; The advantage of a bootrom level exploit is the ability to jailbreak any device utilizing the processor, regardless of the version of iPhone OS/iOS installed. By having an untethered bootrom level exploit, a computer is not needed to assist in booting the device.

There are two known exploits for the S5L8900: Pwnage and Pwnage 2.0.

Key 0x837

"Key 0x837" is generated by encrypting the byte string 345A2D6C5050D058780DA431F0710E15 with the GID key, resulting in 188458A6D15034DFE386F23B61D43774. This key is used as the encryption key alongside a zero IV for 8900 files. While this key exists in later versions of iPhone OS, the introduction of IMG3 files and KBAGs in iPhone OS 2.0 beta 4 rendered this key useless.