I remember something about changing menus with ipodWizard and some disassembly. It looks like this bug infects menu stack.(and i've seen menus being hacked on IN1G). Maybe we should check structure of the menu stack and try to execute code :D
Baha On 14/02/2009, The Seven <[email protected]> wrote: > With Nano2G, the magic size seems to be 284 bytes and above. However, > with 276 bytes, it shows some really weird behavior. Menu navigation > works OK, as long as you don't try to play a track, show the about box, > show the notes list, or connect via USB. As soon as you do any of those > things, the iPod will lock up and require a reset combo in order to > reboot. Pretty weird, isn't it? And yes, everything looks like this is > an exploitable bug, however this will need some digging... > > And with ~2000 bytes, connecting to USB will be quicker than crashing, > so you don't need to go into disk mode in order to recover. Even with > ~300 Bytes, you'll be able to scroll some entries in the main menu > before it reboots. > > Does iPL have some kind of properly disassembled firmware of 5G or such? > > Taylor Gordon schrieb: >> Nope - you have to have 268 bytes or more(it is a weird number ha?). >> *NOTE* >> - You will need to put the ipod into disk mode to take the file off when >> you >> are done or it will keep rebooting :) >> >> We can probably download the firmware of the 5.5 or 5g and RE it am I >> correct? I don't have any of these tools sorry. >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
