On 2G, there are no games. On 3G, the games are digitally signed, so we can't modify them.
But there are some TTFs in RSRC.fw on 3G, which we can probably modify. mat h schrieb: > I was thinking just putting them in the photos or games, after all the > games are just zip files extracted when installed. Although I dont > have a game to test it on. > > On Jan 4, 2008 8:36 PM, MsTiFtS <[EMAIL PROTECTED]> wrote: > >> Uh... Is there a possibility to load TTF/PNG files on a nano2G? On 3G >> this may indeed work, there are a lot of them in the games and in RSRC. >> >> [EMAIL PROTECTED] schrieb: >> >> >>> I like the idea of Play "Start Ipodlinux" song But Try a TFF or PNG >>> exploit. >>> >>> -----Original Message----- >>> From: MsTiFtS <[EMAIL PROTECTED]> >>> To: Hardware and developpement mailing list. <[email protected]> >>> Sent: Sun, 30 Dec 2007 12:12 pm >>> Subject: [Linux4nano-dev] I had some (rather sad) thoughts... >>> >>> During Christmas vacation, I had some thoughts about what Apple could >>> have done to the firmware, if they were pretty clever. I've had a look >>> at some Nano3G firmware images recently, which sadly seem to support >>> that theory. They have changed something on the Nano3G, there is some >>> unencrypted data at the end of the the OSOS and AUPD images. It pretty >>> much looks like some kind of footer which is INCLUDED in the file size >>> given in the directory-like structure, unlike the header. That footer >>> contains something that looks like a digital signature of the firmware >>> image or some other kind of certificate. It contains the string >>> "SecureBoot", which further supports the guess that it's a signature. >>> Even if we manage to hack the encryption, that would mean, that we need >>> to get our hands on their private key in order to recreate that >>> signature, which seems pretty impossible. So even if we extract the >>> bootloader (and all the other things that might be in that utility flash >>> chip), we can not modify the firmware, unless we do a hardware-based >>> reflash of the bootloader. That would hack ONE iPod, but wouldn't be of >>> any use to iPodLinux users, as they won't disassemble their iPods and >>> rip off chips just to be able to use iPodLinux. So we would still need a >>> software security leak in order to enable users to perform that reflash >>> using a software-only hack. But a hardware flash dump would of course be >>> of much use in order to work out a software exploit. But would the users >>> really want to take the risk of reflashing the boot chip? If something >>> goes wrong there, their iPods are toast and warranty is probably void. >>> So the only approach left would be to directly boot iPodLinux through a >>> software exploit every time, by playing the "Start iPodLinux" song ;) >>> Now the question is, how different are the Nano2Gs to the Nano3Gs? >>> While, on the 3Gs, it looks like a digital signature was used, we could >>> hope, that on the 2Gs, there is only some kind of checksum, which we can >>> break by reverse engineering the boot loader. Is the digital signature >>> just somewhere else on the 2Gs? Or is there really just a checksum? A >>> hardware-based dump is probably the only way to find an answer to that >>> question... Is it possible to rip that flash chip off the base board >>> without damaging it? How realistic is a JTAG attack? How many touch >>> points are there on the base board? How many of them are right beside >>> the ARM? >>> BTW What about setting up a wiki or using a section of the iPL wiki? >>> Could be pretty useful. >>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] <mailto:[email protected]> >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org <http://www.linux4nano.org/> >>> ------------------------------------------------------------------------ >>> More new features than ever. Check out the new AIM(R) Mail >>> <http://o.aolcdn.com/cdn.webmail.aol.com/mailtour/aol/en-us/text.htm?ncid=aimcmp00050000000001>! >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> >> > > > > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
