so the 90 was a nop, Anyway my theory is that if the encryption is a stream based cypher that mabey in order to prevent us cracking it easily between different releases they might change the decryption code, which would be loaded on boot from the fat16 partition. Unless anyone else can think of a use of FAT16 boot code unencrypted?
On 9/26/07, Fabrice Desclaux <[EMAIL PROTECTED]> wrote: > > oki, no problem. > > > in fact if it's really arm on ipod, the basic think is arm instruction > lenght are 4 bytes long (always ) and addresses are then multiples of 4 > so it' a bit easier to disasm :) > > little doc can be found at > bear.ces.cwru.edu/eecs_382/ARM7-TDMI-manual-pt2.pdf > > Note: IDA (from datarescue) supports ARM (most ARMs in fact) (it's sexy, > and all...) > but erf, if you don't have IDA you can try disassembling using other tools > A funny one to do this could be METASM (cr0.org). > > I know, it's rubby vangog style code but erf, it disasm arm :) > another one could be objdump for arm ! > > > + > serpilliere > > > On Wed, Sep 26, 2007 at 11:31:48PM -0700, mat h wrote: > > Sorrry all I dont know much about asm, Im not sure weather its a nop or > the end > > of an address. As I said, I need someone that knows ASM particualarly > ARM asm > > > > On 9/26/07, Fabrice Desclaux <[EMAIL PROTECTED]> wrote: > > > > humm sorry about that but i think i missed something. > > > > You say there is a jump &nop at 0x5E00: > > EB 3C 90 > > > > but this is x86 assembly mnemonic. The Ipod isn't in ARM? > > > > > > another question: > > the x86 jump is effectively EB 3C at 3C is the relative offset so > when you > > say: > > unencrypted boot loader should be located around 0x5E00+0x3c90 = > 0x9A90 or > > 39568. Again I dont > > > > shouldn't it be: > > 0x5E00+ 0x3C ? > > (thus, if it's x86 again..) > > > > > > > > > > + > > serpilliere > > > > > > > > > > > > On Thu, Sep 27, 2007 at 03:15:28PM +1000, mat h wrote: > > > Btw I may be off slightly with that offset. > > > > > > On 9/27/07, mat h <[EMAIL PROTECTED]> wrote: > > > > > > Since ur new Ill re send part of my previous mail: > > > Before I continue I think I found the program used to make the > disk > > image > > > and the FAT16 header: > > > Fat16 header: 5E00 after all the 0's > > > jump instruction (3bytes): > > > > > > 0xEB - something in asm > > > 0x3C - something in asm > > > 0x90 - asm nop > > > > > > bytes per sector - 0x02,0x03 i think > > > im not sure if theres any padding. but i think the fat16 > partition > > starts > > > at 5E00 > > > > > > > > > > > > 5E10 - total number of file alocation tables, has to be 2 and > it is 2 > > > > > > > > > > > > > > > OEM name (8bytes): > > > MTOOL399 - reference to MTOOLS version 3.99 > > > > > > > > > > > > Try keys like: MTOOLS, MTOOLS399 etc, look for ascii strings > in the > > > firmware > > > > > > BTW. the boot loader start with the following code > > > 0xEB - short jump (EB JMP SHORT rel8) > > > 0x3C - value part 1 > > > 0x90 - value part 2 > > > > > > I'm no expert at asm but If im correct then the unencrypted > boot > > loader > > > should be located around 0x5E00+0x3c90 = 0x9A90 or 39568. > Again I > > dont > > > program in much assembelly so could someone more knowlegable > please > > confirm > > > this. > > > > > > On 9/27/07, Jeremy Prater <[EMAIL PROTECTED] > wrote: > > > > > > > > > Hey team, I just got on the linux4nano team mailing list > because > > I have > > > a 2g nano and don't like apple anymore because they > decided to > > encrypt > > > the osos. Anyways I decided to do some key breaking. > Anyways im > > sad > > > now,I assumed a 32-bit RC4 key which is a big assumption,I > used > > visual > > > studio and got some rc4 decrypting functions from > sourceforge and > > > started coding a little app. Sure, ill crack this code? in > 57,732 > > days > > > my app predicted yeah. So much for a core2 duo t5600 doing > high > > speed. > > > Lol, guess .net framework isn't optimized for speed. 2^32 > keys is > > a lot > > > of keyspace. Anyways, so the brute force idea is pretty > much out > > I > > > guess. Unless someone has a mega-cluster of computers. I > don't > > really > > > know what is going on with the mailing group the gna.orglist > > kinda > > > sucks to join in and catch up on. I like the idea of a > ram-dump > > of to > > > get the un-encrypted firmware. Before my brute force > attack I > > used > > > sg3_tools and the ipod in diagnostic mode, no luck. The > ipod > > vendor/ > > > device in diagnostic mode is 0000/0000 and does not > respond to > > any usb > > > commands. A usb dump of the ram is kinda silly. To do that > we > > need to > > > run our own code on the cpu, which means we need to write > an > > encrypted > > > osos so the bootloader will parse it correctly. Which came > first > > the > > > chicken or the egg? The decipher key or the memdumper? > Haha. > > Using > > > buffer overruns seems safe b/c osos will crash and reboot > into > > the > > > bootloader, too bad they're aren't any. Well this is what > I have > > read/ > > > discovered the last 30 hours or so trying to brick my > ipod. Any > > ideas? > > > ? Jeremy > > > > > > > > > _______________________________________________ > > > Linux4nano-dev mailing list > > > [email protected] > > > https://mail.gna.org/listinfo/linux4nano-dev > > > http://www.linux4nano.org > > > > > > > > > > > > > > > -- > > > We explore... and you call us criminals. > > > We seek after knowledge... and you call us criminals. > > > We exist without skin color, without nationality, without > religious > > bias... > > > and you call us criminals. > > > You build atomic bombs, you wage wars, you murder, cheat, and > lie to > > us and > > > try to make us believe it's for our own good... > > > ....yet we're the criminals. > > > > > > ____________WAUSHARE ROX ______________ > > > Join the dark side we've got cheese > > > Annoying people since 1992 > > > If you hate me, I love you too. It ain't my fault I'm better > than you > > > Save Water, Drink Beer > > > God Made Women First, Then He Had A Better Idea. > > > If Barbie is soo popular...how come you have to buy her > friends? > > > Don't play stupid with me... I'm better at it! > > > You were so cute when you were a baby...What happened? > > > My folks were always asking me to wear underpants. What am I, > the > > pope? > > > I'm calling the police!... Right after I flush some tings. > > > Join the army, see the world, meet interesting people, and > kill them. > > > > > > > > > > > > > > > -- > > > We explore... and you call us criminals. > > > We seek after knowledge... and you call us criminals. > > > We exist without skin color, without nationality, without > religious > > bias... and > > > you call us criminals. > > > You build atomic bombs, you wage wars, you murder, cheat, and lie > to us > > and try > > > to make us believe it's for our own good... > > > ....yet we're the criminals. > > > > > > ____________WAUSHARE ROX ______________ > > > Join the dark side we've got cheese > > > Annoying people since 1992 > > > If you hate me, I love you too. It ain't my fault I'm better than > you > > > Save Water, Drink Beer > > > God Made Women First, Then He Had A Better Idea. > > > If Barbie is soo popular...how come you have to buy her friends? > > > Don't play stupid with me... I'm better at it! > > > You were so cute when you were a baby...What happened? > > > My folks were always asking me to wear underpants. What am I, the > pope? > > > I'm calling the police!... Right after I flush some tings. > > > Join the army, see the world, meet interesting people, and kill > them. > > > > > _______________________________________________ > > > Linux4nano-dev mailing list > > > [email protected] > > > https://mail.gna.org/listinfo/linux4nano-dev > > > http://www.linux4nano.org > > > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > > > > > > > > > -- > > We explore... and you call us criminals. > > We seek after knowledge... and you call us criminals. > > We exist without skin color, without nationality, without religious > bias... and > > you call us criminals. > > You build atomic bombs, you wage wars, you murder, cheat, and lie to us > and try > > to make us believe it's for our own good... > > ....yet we're the criminals. > > > > ____________WAUSHARE ROX ______________ > > Join the dark side we've got cheese > > Annoying people since 1992 > > If you hate me, I love you too. It ain't my fault I'm better than you > > Save Water, Drink Beer > > God Made Women First, Then He Had A Better Idea. > > If Barbie is soo popular...how come you have to buy her friends? > > Don't play stupid with me... I'm better at it! > > You were so cute when you were a baby...What happened? > > My folks were always asking me to wear underpants. What am I, the pope? > > I'm calling the police!... Right after I flush some tings. > > Join the army, see the world, meet interesting people, and kill them. > > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > -- We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good... ....yet we're the criminals. ____________WAUSHARE ROX ______________ Join the dark side we've got cheese Annoying people since 1992 If you hate me, I love you too. It ain't my fault I'm better than you Save Water, Drink Beer God Made Women First, Then He Had A Better Idea. If Barbie is soo popular...how come you have to buy her friends? Don't play stupid with me... I'm better at it! You were so cute when you were a baby...What happened? My folks were always asking me to wear underpants. What am I, the pope? I'm calling the police!... Right after I flush some tings. Join the army, see the world, meet interesting people, and kill them.
_______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
