Uh... Is there a possibility to load TTF/PNG files on a nano2G? On 3G this may indeed work, there are a lot of them in the games and in RSRC.
[EMAIL PROTECTED] schrieb: > > I like the idea of Play "Start Ipodlinux" song But Try a TFF or PNG > exploit. > > -----Original Message----- > From: MsTiFtS <[EMAIL PROTECTED]> > To: Hardware and developpement mailing list. <[email protected]> > Sent: Sun, 30 Dec 2007 12:12 pm > Subject: [Linux4nano-dev] I had some (rather sad) thoughts... > > During Christmas vacation, I had some thoughts about what Apple could > have done to the firmware, if they were pretty clever. I've had a look > at some Nano3G firmware images recently, which sadly seem to support > that theory. They have changed something on the Nano3G, there is some > unencrypted data at the end of the the OSOS and AUPD images. It pretty > much looks like some kind of footer which is INCLUDED in the file size > given in the directory-like structure, unlike the header. That footer > contains something that looks like a digital signature of the firmware > image or some other kind of certificate. It contains the string > "SecureBoot", which further supports the guess that it's a signature. > Even if we manage to hack the encryption, that would mean, that we need > to get our hands on their private key in order to recreate that > signature, which seems pretty impossible. So even if we extract the > bootloader (and all the other things that might be in that utility flash > chip), we can not modify the firmware, unless we do a hardware-based > reflash of the bootloader. That would hack ONE iPod, but wouldn't be of > any use to iPodLinux users, as they won't disassemble their iPods and > rip off chips just to be able to use iPodLinux. So we would still need a > software security leak in order to enable users to perform that reflash > using a software-only hack. But a hardware flash dump would of course be > of much use in order to work out a software exploit. But would the users > really want to take the risk of reflashing the boot chip? If something > goes wrong there, their iPods are toast and warranty is probably void. > So the only approach left would be to directly boot iPodLinux through a > software exploit every time, by playing the "Start iPodLinux" song ;) > Now the question is, how different are the Nano2Gs to the Nano3Gs? > While, on the 3Gs, it looks like a digital signature was used, we could > hope, that on the 2Gs, there is only some kind of checksum, which we can > break by reverse engineering the boot loader. Is the digital signature > just somewhere else on the 2Gs? Or is there really just a checksum? A > hardware-based dump is probably the only way to find an answer to that > question... Is it possible to rip that flash chip off the base board > without damaging it? How realistic is a JTAG attack? How many touch > points are there on the base board? How many of them are right beside > the ARM? > BTW What about setting up a wiki or using a section of the iPL wiki? > Could be pretty useful. > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] <mailto:[email protected]> > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org <http://www.linux4nano.org/> > ------------------------------------------------------------------------ > More new features than ever. Check out the new AIM(R) Mail > <http://o.aolcdn.com/cdn.webmail.aol.com/mailtour/aol/en-us/text.htm?ncid=aimcmp00050000000001>! > ------------------------------------------------------------------------ > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
