I tried compiling dfu-util (the original version from OpenMoko, not the dev team hacked version that runs the pwnage2 exploit) to upload a file to a 3G iPod touch (the one that is downloaded by iTunes, to be specific) but it errored out every time, even though it recognized the nano as a DFU device... I'm sure a simple patch would fix this, but I'm not smart enough to write one :p
If the system is extremely similar, we'll have to find a gid key to decrypt these 8702 files or whatever... The iPhone's gid key was used to decrypt the 8900 files, until Apple switched to img3 which featured a more complex encryption system. You can find a little more information on the iPhone keys at http://wikee.iphwn.org/s5l8900:encryption_keys and http://www.theiphonewiki.com/wiki/index.php?title=AES_Keys By the way, where is this IRC channel you're talking about? Ari On Feb 23, 2009, at 12:16 PM, Taylor Gordon wrote: > Very nice! > > Indeed, it It looks like maybe Ari would be a great help in > developing an > exploit for the ipod nano 3g/4g. The hardware does look much alike. > > I believe that TheSeven had compiled a modified version of iran and > wrote a > "junk" file to the ipod to test the transfer and he was succesful. Im > guessing out next step is to look closely at this "Apple Safe boot" > file > downloaded by itunes and see if it is anything similar to the iPhone > iBoot. > > BTW - As you guys probably know the DFU files are also encrypted but > there > might be some interesting keys in there. We might even be able to > find the > buffer overflow in the certificate like with the i/touch/phone. I > should be > on IRC sometime later today. > > Taylor > On Mon, Feb 23, 2009 at 11:15 AM, Ari <[email protected]> wrote: > >> Interesting! Clearly the iPod nano 3G is built off the iPhone... I >> think it's likely that we'll find an iPod nano exploit similar to one >> of the iPhone ones we've found over the years! >> >> The 8900 does seem to be the same as the iPod nano's format, but it >> is >> called 8900 because that's the suffix of the iPhone's application >> processor (the S5L8900), so the 8702 format is not necessarily an >> earlier version of the format, just an earlier processor. >> >> And Raoul did not "generate" these files, they are downloaded by >> iTunes when a DFU 3G iPod nano is detected :) >> >> Although I'm not a member of the iPhone dev team, I do have some >> knowledge of the iPhone platofrm, as I'm a member of the Chronic Dev >> Team (http://chronic-dev.org/blog/), who jailbroke the iPod touch 2G >> before the iPhone dev team released theirs. In addition, I wrote >> iJailBreak, the original automated iPod touch Mac jailbreak back in >> the 1.1.1 days at http://ijailbreak.com/. >> >> Ari >> >> On Feb 23, 2009, at 10:14 AM, 3mpty wrote: >> >>> How did it generate it? >>> >>> By the way, take a look at this >> http://wikee.iphwn.org/s5l8900:8900_format >>> ... >>> I bet that the format is identical (all the struct fields seem to >>> match), >>> only an earlier version (8900 vs 8702). >>> >>> Someone should contact iPhone Dev Team guys... >>> >>> 3mpty >>> >>> 2009/2/22 Raoul Guggenheim <[email protected]> >>> >>>> Hello >>>> Found the DFU mode on my nano 3g >>>> And it generated those restoring files! have fun >>>> >>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >> >> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
