It seems to me that you have to use also have iBoot for iRecovery to work. It seems like that we could use a similar exploit though like the iPhone/iPod touch through DFU mode, but I'm no expert. Just thought I'd chime in my $.02.
Sent from my iPhone On Apr 8, 2009, at 8:59 PM, Cory Walker <[email protected]> wrote: > Update: I was poking around in the source of iRecovery, and apparently > the device needs to be in recovery mode (not DFU mode) for the shell > to > work. I was hoping to be able to use this with the Nano 4G, but I > don't > know if it's possible without recovery mode. Does anyone know if the > 4G > has a recovery mode or not? > > -Cory Walker > > Cory Walker wrote: >> This sounds interesting. Maybe the ARM7 Go exploit >> (http://theiphonewiki.com/wiki/index.php?title=ARM7_Go) could be >> used on >> the iPod Nano 4G? Be sure to look at the 'Talk' page for the previous >> link; it has some good info. You use iRecovery >> (http://theiphonewiki.com/wiki/index.php?title=IRecovery) to execute >> arm7_go. >> A W wrote: >>> I have stuck. Must be a lack of experience on exploiting things. >>> Most important question: what kind of code can be used to >>> understand when >>> this code is actually executed? There is no point on wasting time >>> searching >>> exploit entry address, unless you shure you'll notice the hit. I >>> were >>> thinkin of some kind of dead loop, but my iPod freezed few times >>> just at >>> overflow, so its probably not the best way. >>> And what kind of data one must corrupt to completely freeze iPod? >>> >>> The overflow I'm tryin to exploit is at A tag: [a href="here"]; >>> iPod goes >>> reboot when target file name is longer than 266 bytes. And Notes >>> does handle >>> such names with out any problems, so I think its goes out of bounds >>> somewhere at file existance check (inside interrupt handler?). >>> Notes apply some restrictions to exploit code: it turns bytes with >>> value>127 >>> to two-byte (UTF?) sequences and, probably, converts lowercase latin >>> chars(0x61-0x7A) to uppercase. This makes unusable some >>> conditional codes >>> (including ALWAYS), branches to negative offset, few ALU >>> instructions, and >>> some other, less useful things. Still I think there is enough >>> freedom to >>> code something interesting, and its always possible to generate >>> necessary >>> instructions in-place. >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >> >> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
