Very nice! Indeed, it It looks like maybe Ari would be a great help in developing an exploit for the ipod nano 3g/4g. The hardware does look much alike.
I believe that TheSeven had compiled a modified version of iran and wrote a "junk" file to the ipod to test the transfer and he was succesful. Im guessing out next step is to look closely at this "Apple Safe boot" file downloaded by itunes and see if it is anything similar to the iPhone iBoot. BTW - As you guys probably know the DFU files are also encrypted but there might be some interesting keys in there. We might even be able to find the buffer overflow in the certificate like with the i/touch/phone. I should be on IRC sometime later today. Taylor On Mon, Feb 23, 2009 at 11:15 AM, Ari <[email protected]> wrote: > Interesting! Clearly the iPod nano 3G is built off the iPhone... I > think it's likely that we'll find an iPod nano exploit similar to one > of the iPhone ones we've found over the years! > > The 8900 does seem to be the same as the iPod nano's format, but it is > called 8900 because that's the suffix of the iPhone's application > processor (the S5L8900), so the 8702 format is not necessarily an > earlier version of the format, just an earlier processor. > > And Raoul did not "generate" these files, they are downloaded by > iTunes when a DFU 3G iPod nano is detected :) > > Although I'm not a member of the iPhone dev team, I do have some > knowledge of the iPhone platofrm, as I'm a member of the Chronic Dev > Team (http://chronic-dev.org/blog/), who jailbroke the iPod touch 2G > before the iPhone dev team released theirs. In addition, I wrote > iJailBreak, the original automated iPod touch Mac jailbreak back in > the 1.1.1 days at http://ijailbreak.com/. > > Ari > > On Feb 23, 2009, at 10:14 AM, 3mpty wrote: > > > How did it generate it? > > > > By the way, take a look at this > http://wikee.iphwn.org/s5l8900:8900_format > > ... > > I bet that the format is identical (all the struct fields seem to > > match), > > only an earlier version (8900 vs 8702). > > > > Someone should contact iPhone Dev Team guys... > > > > 3mpty > > > > 2009/2/22 Raoul Guggenheim <[email protected]> > > > >> Hello > >> Found the DFU mode on my nano 3g > >> And it generated those restoring files! have fun > >> > >> > >> _______________________________________________ > >> Linux4nano-dev mailing list > >> [email protected] > >> https://mail.gna.org/listinfo/linux4nano-dev > >> http://www.linux4nano.org > >> > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
