3mpty: Can you tell me again, when you create a regular text file, with the corrupt link in it, does it take 280 or 268/267 bytes to crash?
On Mon, Jul 13, 2009 at 10:59 AM, 3mpty <[email protected]> wrote: > Ok, update, TheSeven's iBuggerLoader seems to work (Windows finds a > new "unknown" USB device) so the code is actually executed... Time to > reboot windows, start Linux and to begin to play with it :) > > 2009/7/13, 3mpty <[email protected]>: > > Well guys, I think I'm quite lucky xD > > First try on my 6G, a080a2004.htm (choosen randomly :D), after a few > > seconds after the reboot the iPod freezes (Menu doesn't work > > anymore)... I can only reset it :) > > > > Details: > > iPod Win version (with FAT) > > Model: MB147 > > FW version: 1.0.3 PC > > > > Btw, I'll try to execute some code on it, so how can I reset the iPod > > from SW? Or will the reset key combination still works? > > Guys, this is awesome > > > > 2009/7/13, Tyler Steinmetz <[email protected]>: > >> Yes, as far as I have tested the files are constantly rebooting my iPod. > >> I'm not having any problems at all with that. > >> > >> On Sun, Jul 12, 2009 at 7:05 PM, The Seven <[email protected]> wrote: > >> > >>> taylor told me, that somebody with a 4g was reporting crashes, so this > >>> is pretty weird. i think somebody else with a different 3g should have > a > >>> look what happens for him, to check whether this is related to 3g in > >>> general, or to your device. > >>> > >>> can you open the note file on the ipod? what do you see in there? > >>> > >>> tyler, did they crash your ipod? > >>> > >>> Finn Wilke schrieb: > >>> > So what shall I do now? > >>> > > >>> > Should I refomat the iPod to FAT32? > >>> > And: Does it make any sense to test these files atm? > >>> > > >>> > Finn > >>> > > >>> > Am 13.07.2009 um 00:55 schrieb tof: > >>> > > >>> >> > >>> >> Finn Wilke a écrit : > >>> >> > >>> >>> P.S: Does it make any change whether the iPod is Windows or Mac > >>> >>> formatted? > >>> >>> > >>> >> yes ! > >>> >> > >>> >> it could make a difference. as the overflow is happening in a > >>> >> function very close to the file system, and the link(file) size > >>> >> limit could have to do with the FD limits, we could have > differences. > >>> >> > >>> >> > >>> >>> I also have a 4th gen nano and have already tried out some files. > >>> >>> There was no file that froze or reboot-looped the ipod, it was > >>> >>> always > >>> >>> working as before. > >>> >> It is not normal to have no crash, perhaps the simplification of the > >>> >> link to a shorter overflow has "broken the portability" of the notes > >>> >> bug. > >>> >> I remember Taylor mentionning that the link size for crash was > >>> >> different depending n the model... > >>> >> > >>> >> > >>> >> > >>> >> sto > >>> >> > >>> >> > >>> >> > >>> >>> Am 12.07.2009 um 22:28 schrieb Taylor Gordon: > >>> >>> > >>> >>>> If you see anything earth shattering (like the ipod freezes) just > >>> >>>> feel free > >>> >>>> to let us know on the ML. > >>> >>>> > >>> >>>> Taylor > >>> >>>> > >>> >>>> On Sun, Jul 12, 2009 at 3:48 PM, Tyler Steinmetz < > >>> >>>> [email protected]> wrote: > >>> >>>> > >>> >>>>> Alright, I'm on it... where can I post the results I experience > on > >>> >>>>> my 4g > >>> >>>>> nano? Is the wiki fine? > >>> >>>>> > >>> >>>>> On Sun, Jul 12, 2009 at 2:38 PM, The Seven <[email protected]> > >>> >>>>> wrote: > >>> >>>>> > >>> >>>>>> As a little hint: a0864.... upward is the most probable range. > >>> >>>>>> you > >>> >>>>>> can > >>> >>>>>> also try the b variants. i wouldn't expect lower numbers than > >>> >>>>>> 0864...., > >>> >>>>>> though. > >>> >>>>>> > >>> >>>>>> Taylor Gordon schrieb: > >>> >>>>>>> Just to let everyone know, and kind of in response to Tyler's > >>> >>>>>>> message: > >>> >>>>>>> > >>> >>>>>>> Because we don't have JTAG on the 3g or 4g nano (yet anyways), > >>> >>>>>>> we > >>> >>>>>>> can't > >>> >>>>>>> clearly see the return address for the PoC files. TheSeven has > >>> >>>>> generated > >>> >>>>>>> some test files which all have different return addresses. > >>> >>>>>>> Hopefully, > >>> >>>>> if > >>> >>>>>> we > >>> >>>>>>> can try some of these, we will eventually find the correct file > >>> >>>>>>> that > >>> >>>>> has > >>> >>>>>> the > >>> >>>>>>> desired behavior. Please refer to > >>> >>>>>>> http://n00b81.fileave.com/ipod/sweep.txtfor more details about > >>> >>>>>>> what > >>> >>>>>>> you want to be looking out for. > >>> >>>>>>> > >>> >>>>>>> Also, just two quick warnings. This is a 500 kb archive, but > >>> >>>>>>> there are > >>> >>>>>> 65000 > >>> >>>>>>> files in there :) So if you extract it, it will be about 500 mb > >>> >>>>>>> worth > >>> >>>>> of > >>> >>>>>>> files, so I suggest you extract them a few at a time, or all > >>> >>>>>>> together, > >>> >>>>>> your > >>> >>>>>>> choice ;) > >>> >>>>>>> > >>> >>>>>>> Remember you'll have to put your ipod into disk mode if it gets > >>> >>>>>>> into an > >>> >>>>>>> endless crash-reboot loop. You can feel free to try these on 6g > >>> >>>>>> classic/3g > >>> >>>>>>> nano/4g nano which all have the bug also. > >>> >>>>>>> > >>> >>>>>>> Both the Readme and the archive for the testing files can be > >>> >>>>>>> found > >>> >>>>> here: > >>> >>>>>>> http://n00b81.fileave.com/ipod. > >>> >>>>>>> > >>> >>>>>>> Hopefully we will find the file that freezes the ipod :) > >>> >>>>>>> > >>> >>>>>>> Taylor > >>> >>>>>>> > >>> >>>>>>> On Sun, Jul 12, 2009 at 12:17 PM, Tyler Steinmetz < > >>> >>>>>>> [email protected]> wrote: > >>> >>>>>>> > >>> >>>>>>>> Great work, thanks so much... > >>> >>>>>>>> > >>> >>>>>>>> Any chance we can get this working on 3rd or 4th gen? > >>> >>>>>>>> > >>> >>>>>>>> On Sun, Jul 12, 2009 at 1:32 AM, mat h <[email protected]> > >>> >>>>>>>> wrote: > >>> >>>>>>>> > >>> >>>>>>>>> Very interesting read thanks > >>> >>>>>>>>> > >>> >>>>>>>>> On 7/12/09, tof <[email protected]> wrote: > >>> >>>>>>>>>> Hello > >>> >>>>>>>>>> > >>> >>>>>>>>>> > >>> >>>>>>>>>> I put on the wiki some useful info about the HW part, and > the > >>> >>>>>>>> exploit... > >>> >>>>>>>>>> http://l4n.clustur.com/index.php/Nano2G_getting_exec > >>> >>>>>>>>>> > >>> >>>>>>>>>> > >>> >>>>>>>>>> > >>> >>>>>>>>>> > >>> >>>>>>>>>> sto > >>> >>>>>>>>>> > >>> >>>>>>>>>> _______________________________________________ > >>> >>>>>>>>>> Linux4nano-dev mailing list > >>> >>>>>>>>>> [email protected] > >>> >>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>>>>>>>> http://www.linux4nano.org > >>> >>>>>>>>>> > >>> >>>>>>>>> _______________________________________________ > >>> >>>>>>>>> Linux4nano-dev mailing list > >>> >>>>>>>>> [email protected] > >>> >>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>>>>>>> http://www.linux4nano.org > >>> >>>>>>>>> > >>> >>>>>>>> _______________________________________________ > >>> >>>>>>>> Linux4nano-dev mailing list > >>> >>>>>>>> [email protected] > >>> >>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>>>>>> http://www.linux4nano.org > >>> >>>>>>>> > >>> >>>>>>> _______________________________________________ > >>> >>>>>>> Linux4nano-dev mailing list > >>> >>>>>>> [email protected] > >>> >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>>>>> http://www.linux4nano.org > >>> >>>>>>> > >>> >>>>>> _______________________________________________ > >>> >>>>>> Linux4nano-dev mailing list > >>> >>>>>> [email protected] > >>> >>>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>>>> http://www.linux4nano.org > >>> >>>>>> > >>> >>>>> _______________________________________________ > >>> >>>>> Linux4nano-dev mailing list > >>> >>>>> [email protected] > >>> >>>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>>> http://www.linux4nano.org > >>> >>>>> > >>> >>>> _______________________________________________ > >>> >>>> Linux4nano-dev mailing list > >>> >>>> [email protected] > >>> >>>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>>> http://www.linux4nano.org > >>> >>> > >>> >>> _______________________________________________ > >>> >>> Linux4nano-dev mailing list > >>> >>> [email protected] > >>> >>> https://mail.gna.org/listinfo/linux4nano-dev > >>> >>> http://www.linux4nano.org > >>> >>> > >>> >> _______________________________________________ > >>> >> Linux4nano-dev mailing list > >>> >> [email protected] > >>> >> https://mail.gna.org/listinfo/linux4nano-dev > >>> >> http://www.linux4nano.org > >>> > > >>> > > >>> > _______________________________________________ > >>> > Linux4nano-dev mailing list > >>> > [email protected] > >>> > https://mail.gna.org/listinfo/linux4nano-dev > >>> > http://www.linux4nano.org > >>> > > >>> > >>> > >>> _______________________________________________ > >>> Linux4nano-dev mailing list > >>> [email protected] > >>> https://mail.gna.org/listinfo/linux4nano-dev > >>> http://www.linux4nano.org > >>> > >> _______________________________________________ > >> Linux4nano-dev mailing list > >> [email protected] > >> https://mail.gna.org/listinfo/linux4nano-dev > >> http://www.linux4nano.org > >> > > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
