#linux4nano-dev on freenode On Mon, Feb 23, 2009 at 1:25 PM, Ari <[email protected]> wrote:
> I tried compiling dfu-util (the original version from OpenMoko, not > the dev team hacked version that runs the pwnage2 exploit) to upload a > file to a 3G iPod touch (the one that is downloaded by iTunes, to be > specific) but it errored out every time, even though it recognized the > nano as a DFU device... I'm sure a simple patch would fix this, but > I'm not smart enough to write one :p > > If the system is extremely similar, we'll have to find a gid key to > decrypt these 8702 files or whatever... The iPhone's gid key was used > to decrypt the 8900 files, until Apple switched to img3 which featured > a more complex encryption system. You can find a little more > information on the iPhone keys at > http://wikee.iphwn.org/s5l8900:encryption_keys > and http://www.theiphonewiki.com/wiki/index.php?title=AES_Keys > > By the way, where is this IRC channel you're talking about? > > Ari > > On Feb 23, 2009, at 12:16 PM, Taylor Gordon wrote: > > > Very nice! > > > > Indeed, it It looks like maybe Ari would be a great help in > > developing an > > exploit for the ipod nano 3g/4g. The hardware does look much alike. > > > > I believe that TheSeven had compiled a modified version of iran and > > wrote a > > "junk" file to the ipod to test the transfer and he was succesful. Im > > guessing out next step is to look closely at this "Apple Safe boot" > > file > > downloaded by itunes and see if it is anything similar to the iPhone > > iBoot. > > > > BTW - As you guys probably know the DFU files are also encrypted but > > there > > might be some interesting keys in there. We might even be able to > > find the > > buffer overflow in the certificate like with the i/touch/phone. I > > should be > > on IRC sometime later today. > > > > Taylor > > On Mon, Feb 23, 2009 at 11:15 AM, Ari <[email protected]> wrote: > > > >> Interesting! Clearly the iPod nano 3G is built off the iPhone... I > >> think it's likely that we'll find an iPod nano exploit similar to one > >> of the iPhone ones we've found over the years! > >> > >> The 8900 does seem to be the same as the iPod nano's format, but it > >> is > >> called 8900 because that's the suffix of the iPhone's application > >> processor (the S5L8900), so the 8702 format is not necessarily an > >> earlier version of the format, just an earlier processor. > >> > >> And Raoul did not "generate" these files, they are downloaded by > >> iTunes when a DFU 3G iPod nano is detected :) > >> > >> Although I'm not a member of the iPhone dev team, I do have some > >> knowledge of the iPhone platofrm, as I'm a member of the Chronic Dev > >> Team (http://chronic-dev.org/blog/), who jailbroke the iPod touch 2G > >> before the iPhone dev team released theirs. In addition, I wrote > >> iJailBreak, the original automated iPod touch Mac jailbreak back in > >> the 1.1.1 days at http://ijailbreak.com/. > >> > >> Ari > >> > >> On Feb 23, 2009, at 10:14 AM, 3mpty wrote: > >> > >>> How did it generate it? > >>> > >>> By the way, take a look at this > >> http://wikee.iphwn.org/s5l8900:8900_format > >>> ... > >>> I bet that the format is identical (all the struct fields seem to > >>> match), > >>> only an earlier version (8900 vs 8702). > >>> > >>> Someone should contact iPhone Dev Team guys... > >>> > >>> 3mpty > >>> > >>> 2009/2/22 Raoul Guggenheim <[email protected]> > >>> > >>>> Hello > >>>> Found the DFU mode on my nano 3g > >>>> And it generated those restoring files! have fun > >>>> > >>>> > >>>> _______________________________________________ > >>>> Linux4nano-dev mailing list > >>>> [email protected] > >>>> https://mail.gna.org/listinfo/linux4nano-dev > >>>> http://www.linux4nano.org > >>>> > >>> _______________________________________________ > >>> Linux4nano-dev mailing list > >>> [email protected] > >>> https://mail.gna.org/listinfo/linux4nano-dev > >>> http://www.linux4nano.org > >> > >> > >> _______________________________________________ > >> Linux4nano-dev mailing list > >> [email protected] > >> https://mail.gna.org/listinfo/linux4nano-dev > >> http://www.linux4nano.org > >> > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
