oki, no problem.
in fact if it's really arm on ipod, the basic think is arm instruction lenght are 4 bytes long (always ) and addresses are then multiples of 4 so it' a bit easier to disasm :) little doc can be found at bear.ces.cwru.edu/eecs_382/ARM7-TDMI-manual-pt2.pdf Note: IDA (from datarescue) supports ARM (most ARMs in fact) (it's sexy, and all...) but erf, if you don't have IDA you can try disassembling using other tools A funny one to do this could be METASM (cr0.org). I know, it's rubby vangog style code but erf, it disasm arm :) another one could be objdump for arm ! + serpilliere On Wed, Sep 26, 2007 at 11:31:48PM -0700, mat h wrote: > Sorrry all I dont know much about asm, Im not sure weather its a nop or the > end > of an address. As I said, I need someone that knows ASM particualarly ARM asm > > On 9/26/07, Fabrice Desclaux <[EMAIL PROTECTED]> wrote: > > humm sorry about that but i think i missed something. > > You say there is a jump &nop at 0x5E00: > EB 3C 90 > > but this is x86 assembly mnemonic. The Ipod isn't in ARM? > > > another question: > the x86 jump is effectively EB 3C at 3C is the relative offset so when you > say: > unencrypted boot loader should be located around 0x5E00+0x3c90 = 0x9A90 or > 39568. Again I dont > > shouldn't it be: > 0x5E00+ 0x3C ? > (thus, if it's x86 again..) > > > > > + > serpilliere > > > > > > On Thu, Sep 27, 2007 at 03:15:28PM +1000, mat h wrote: > > Btw I may be off slightly with that offset. > > > > On 9/27/07, mat h <[EMAIL PROTECTED]> wrote: > > > > Since ur new Ill re send part of my previous mail: > > Before I continue I think I found the program used to make the disk > image > > and the FAT16 header: > > Fat16 header: 5E00 after all the 0's > > jump instruction (3bytes): > > > > 0xEB - something in asm > > 0x3C - something in asm > > 0x90 - asm nop > > > > bytes per sector - 0x02,0x03 i think > > im not sure if theres any padding. but i think the fat16 partition > starts > > at 5E00 > > > > > > > > 5E10 - total number of file alocation tables, has to be 2 and it is > 2 > > > > > > > > > > OEM name (8bytes): > > MTOOL399 - reference to MTOOLS version 3.99 > > > > > > > > Try keys like: MTOOLS, MTOOLS399 etc, look for ascii strings in the > > firmware > > > > BTW. the boot loader start with the following code > > 0xEB - short jump (EB JMP SHORT rel8) > > 0x3C - value part 1 > > 0x90 - value part 2 > > > > I'm no expert at asm but If im correct then the unencrypted boot > loader > > should be located around 0x5E00+0x3c90 = 0x9A90 or 39568. Again I > dont > > program in much assembelly so could someone more knowlegable please > confirm > > this. > > > > On 9/27/07, Jeremy Prater <[EMAIL PROTECTED] > wrote: > > > > > > Hey team, I just got on the linux4nano team mailing list because > I have > > a 2g nano and don't like apple anymore because they decided to > encrypt > > the osos. Anyways I decided to do some key breaking. Anyways im > sad > > now,I assumed a 32-bit RC4 key which is a big assumption,I used > visual > > studio and got some rc4 decrypting functions from sourceforge > and > > started coding a little app. Sure, ill crack this code? in > 57,732 > days > > my app predicted yeah. So much for a core2 duo t5600 doing high > speed. > > Lol, guess .net framework isn't optimized for speed. 2^32 keys > is > a lot > > of keyspace. Anyways, so the brute force idea is pretty much out > I > > guess. Unless someone has a mega-cluster of computers. I don't > really > > know what is going on with the mailing group the gna.org list > kinda > > sucks to join in and catch up on. I like the idea of a ram-dump > of to > > get the un-encrypted firmware. Before my brute force attack I > used > > sg3_tools and the ipod in diagnostic mode, no luck. The ipod > vendor/ > > device in diagnostic mode is 0000/0000 and does not respond to > any usb > > commands. A usb dump of the ram is kinda silly. To do that we > need to > > run our own code on the cpu, which means we need to write an > encrypted > > osos so the bootloader will parse it correctly. Which came first > the > > chicken or the egg? The decipher key or the memdumper? Haha. > Using > > buffer overruns seems safe b/c osos will crash and reboot into > the > > bootloader, too bad they're aren't any. Well this is what I have > read/ > > discovered the last 30 hours or so trying to brick my ipod. Any > ideas? > > ? Jeremy > > > > > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > > > > > > > > > -- > > We explore... and you call us criminals. > > We seek after knowledge... and you call us criminals. > > We exist without skin color, without nationality, without religious > bias... > > and you call us criminals. > > You build atomic bombs, you wage wars, you murder, cheat, and lie to > us and > > try to make us believe it's for our own good... > > ....yet we're the criminals. > > > > ____________WAUSHARE ROX ______________ > > Join the dark side we've got cheese > > Annoying people since 1992 > > If you hate me, I love you too. It ain't my fault I'm better than > you > > Save Water, Drink Beer > > God Made Women First, Then He Had A Better Idea. > > If Barbie is soo popular...how come you have to buy her friends? > > Don't play stupid with me... I'm better at it! > > You were so cute when you were a baby...What happened? > > My folks were always asking me to wear underpants. What am I, the > pope? > > I'm calling the police!... Right after I flush some tings. > > Join the army, see the world, meet interesting people, and kill > them. > > > > > > > > > > -- > > We explore... and you call us criminals. > > We seek after knowledge... and you call us criminals. > > We exist without skin color, without nationality, without religious > bias... and > > you call us criminals. > > You build atomic bombs, you wage wars, you murder, cheat, and lie to us > and try > > to make us believe it's for our own good... > > ....yet we're the criminals. > > > > ____________WAUSHARE ROX ______________ > > Join the dark side we've got cheese > > Annoying people since 1992 > > If you hate me, I love you too. It ain't my fault I'm better than you > > Save Water, Drink Beer > > God Made Women First, Then He Had A Better Idea. > > If Barbie is soo popular...how come you have to buy her friends? > > Don't play stupid with me... I'm better at it! > > You were so cute when you were a baby...What happened? > > My folks were always asking me to wear underpants. What am I, the pope? > > I'm calling the police!... Right after I flush some tings. > > Join the army, see the world, meet interesting people, and kill them. > > > _______________________________________________ > > Linux4nano-dev mailing list > > [email protected] > > https://mail.gna.org/listinfo/linux4nano-dev > > http://www.linux4nano.org > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > > > > > -- > We explore... and you call us criminals. > We seek after knowledge... and you call us criminals. > We exist without skin color, without nationality, without religious bias... > and > you call us criminals. > You build atomic bombs, you wage wars, you murder, cheat, and lie to us and > try > to make us believe it's for our own good... > ....yet we're the criminals. > > ____________WAUSHARE ROX ______________ > Join the dark side we've got cheese > Annoying people since 1992 > If you hate me, I love you too. It ain't my fault I'm better than you > Save Water, Drink Beer > God Made Women First, Then He Had A Better Idea. > If Barbie is soo popular...how come you have to buy her friends? > Don't play stupid with me... I'm better at it! > You were so cute when you were a baby...What happened? > My folks were always asking me to wear underpants. What am I, the pope? > I'm calling the police!... Right after I flush some tings. > Join the army, see the world, meet interesting people, and kill them. > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
