While working on the reverse-engineering effort of the iPhone, I found a vulnerability in the baseband (chip that handles the telephony and the carrier lock) that would allow you to write zeros arbitrarily. Although this seemed useless at first, it quickly became apparent that this could do far more than I had initially thought. With the way ARM works, certain jumps could be made nullified by writing a single zero in the target, causing the execution path to always continue forward. This enabled a software unlock, but was quickly replaced by a more robust hack that allowed you to reflash the baseband entirely.
Still damn proud of that hack, regardless of its uselessness now.
