The file is a zip file. It's interesting to note the encrypted DMG image "694-5262-39.dmg" of 82MB . It ask for a password.
Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's not encrypted (strings 694-5259-38.dmg | less) . Some selected information to have an idea of what's inside: DWD_USIF_BOOTLOADER_FILENAME/Secure_USIF_Bootloader.3.9.fls MN_SMS_CB_MESSAGE_ID_LIMIT_IND sio#wake-ind SI_PHONE_NUMBER_READ_IND ../../ms-gprs-l1-src/text/l1d_rshd.c ../../ms-ds-src/at/atc/common/text/atc_sdl_mn.c SIMULATED RESET due to AT+CFUN=16. This is NOT a crash! ../../ms-bt-src/src/bt-ctrl/io_bt.c ../../ms-gprs-l2-src/ma/mac/text/decoders/mac_decoders.c ../../ms-gprs-l2-src/rl/rlc/text/rlc_op2.c ../../ms-l3-src/rr/grr/text/grr_op2.c 1 ==> output of EQUALIZER RAW DATA acc. to <rx_channel / 0 FOR SPEECH CALLS> using a Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz value],[int: 1 - 100] GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s, GPRS Ciphering Algorithm: GEA/%d /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/IfxSource/DLL_source/OS_dependent_code/timer_if/../../../../IFWD_timer.c /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp /System/Library/PrivateFrameworks/Bom.framework/Bom /SourceCache/Bom/Bom-122.0.0.3/Common/BOMSystemCmds.c /dev/tty.baseband /private/tmp/.SafeBoot /bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst -sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature Boot-loader is active Skip secure loader Injecting EBL-Loader (PSI). DWD_RAM_BOOTLOADER_FILENAME/Default_RAM_Bootloader.7.0.fls GsmRadioModule::fEnableMobileAnalyzer Signature cannot be authenticated single user shell terminated. Singleuser boot -- fsck not done sq->capacity >= (((((4096 + 7) / 8) + (sizeof(giantDigit)) - 1) / (sizeof(giantDigit))) + 1) /System/Library/Lockdown/SBOOT_S5L8900.pem /System/Library/Lockdown/SBOOT_S5L8900_DEV.pem There are a couple of user with their password: root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh Does someone have some time to arrange a quick john session (should be quick)? In Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img2 there is the string: Apple Secure Boot Certification Authority1 * The password of the encrypted DMG? * The user root and mobile with preconfigured passwords? * The "GsmRadioModule::fEnableMobileAnalyzer" ? * The /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp that maybe use at command to update the firmware of the GSM transceiver? * What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom * The security of the boot system plenty of digital signatures to prevent firmware hacking? -naif Kevin Finisterre (lists) wrote: > While you are at it... > > http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ > 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw > > -KF > > On Jun 29, 2007, at 8:10 PM, John Smith wrote: > > >> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html >> >> John >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/