Re: [Full-disclosure] iPhone Security Settings
On 7/1/07, Fabio Pietrosanti (naif) <[EMAIL PROTECTED]> wrote: ... text zapped... > * What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom On any Mac OS X system, type "man lsbom" or "man 5 bom" for details. bom = bill of materials. "The Mac OS X Installer uses a file system "bill of materials" to determine which files to install, remove, or upgrade." > * The security of the boot system plenty of digital signatures to > prevent firmware hacking? > > > -naif -- Simon Cooper ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Security Settings
If anyone winds up with crash dumps from when Tunes syncs with the iPhone I wouldn't mind having a few of them. They should be located in /Library/Logs/CrashReporter/MobileDevice/ Wee everything runs with Effective UID: 0 -KF On Jul 1, 2007, at 6:32 PM, Stephen Hildrey wrote: Fabio Pietrosanti (naif) wrote: root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh Nice find. Even my AMD 4200+ can cope with that... $ john pw Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) Steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Security Settings
Fabio Pietrosanti (naif) wrote: > root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh > mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh Nice find. Even my AMD 4200+ can cope with that... $ john pw Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) Steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Security Settings
Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif): > There are a couple of user with their password: > > root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh > mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh > > Does someone have some time to arrange a quick john session (should be > quick)? Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8 Yes, it was quick signature.asc Description: Dies ist ein digital signierter Nachrichtenteil ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Security Settings
The file is a zip file. It's interesting to note the encrypted DMG image "694-5262-39.dmg" of 82MB . It ask for a password. Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's not encrypted (strings 694-5259-38.dmg | less) . Some selected information to have an idea of what's inside: DWD_USIF_BOOTLOADER_FILENAME/Secure_USIF_Bootloader.3.9.fls MN_SMS_CB_MESSAGE_ID_LIMIT_IND sio#wake-ind SI_PHONE_NUMBER_READ_IND ../../ms-gprs-l1-src/text/l1d_rshd.c ../../ms-ds-src/at/atc/common/text/atc_sdl_mn.c SIMULATED RESET due to AT+CFUN=16. This is NOT a crash! ../../ms-bt-src/src/bt-ctrl/io_bt.c ../../ms-gprs-l2-src/ma/mac/text/decoders/mac_decoders.c ../../ms-gprs-l2-src/rl/rlc/text/rlc_op2.c ../../ms-l3-src/rr/grr/text/grr_op2.c 1 ==> output of EQUALIZER RAW DATA acc. to using a Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz value],[int: 1 - 100] GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s, GPRS Ciphering Algorithm: GEA/%d /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/IfxSource/DLL_source/OS_dependent_code/timer_if/../../../../IFWD_timer.c /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp /System/Library/PrivateFrameworks/Bom.framework/Bom /SourceCache/Bom/Bom-122.0.0.3/Common/BOMSystemCmds.c /dev/tty.baseband /private/tmp/.SafeBoot /bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst -sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature Boot-loader is active Skip secure loader Injecting EBL-Loader (PSI). DWD_RAM_BOOTLOADER_FILENAME/Default_RAM_Bootloader.7.0.fls GsmRadioModule::fEnableMobileAnalyzer Signature cannot be authenticated single user shell terminated. Singleuser boot -- fsck not done sq->capacity >= (4096 + 7) / 8) + (sizeof(giantDigit)) - 1) / (sizeof(giantDigit))) + 1) /System/Library/Lockdown/SBOOT_S5L8900.pem /System/Library/Lockdown/SBOOT_S5L8900_DEV.pem There are a couple of user with their password: root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh Does someone have some time to arrange a quick john session (should be quick)? In Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img2 there is the string: Apple Secure Boot Certification Authority1 * The password of the encrypted DMG? * The user root and mobile with preconfigured passwords? * The "GsmRadioModule::fEnableMobileAnalyzer" ? * The /SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp that maybe use at command to update the firmware of the GSM transceiver? * What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom * The security of the boot system plenty of digital signatures to prevent firmware hacking? -naif Kevin Finisterre (lists) wrote: > While you are at it... > > http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ > 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw > > -KF > > On Jun 29, 2007, at 8:10 PM, John Smith wrote: > > >> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html >> >> John >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Security Settings
While you are at it... http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw -KF On Jun 29, 2007, at 8:10 PM, John Smith wrote: > http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html > > John > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iPhone Security Settings
http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/