I think I did something wrong when posting to this list the first time, but now it should be right...
Great reply both of you! Emmanuel Fleury: > I don't get what you mean here... Are talking about second and third > generation iPods ? Yes. aupd.fw contains the decryption program, and although it is encrypted, it needs to be decrypted before loading it to the flash. If we can use an old ipod with linux on it to read it's flash memmory, we could get the output. When that's done we got the input and output and should be able to crack the encryption right? I'm not a crypto guy.... Then we can use the same method and meybe key to uncrypt our aupd MsTiFtS: > > One main problem is that they changed the kind of processors they use. > I didn't know that, and that clearly complicates things... > > The old iPods all used PortalPlayer CPUs, the Nano2G (and some others) use ARM > CPUs. One could maybe attack the update cipher that way, it's quite an > interesting > thought. If the first few bytes match in the decrypted AUPD, we could maybe > somehow > get the key out that way, but I don't know which ciphers are vulnerable to > this. We do not > need to assume that they used the same cipher / key, because if we can > decrypt AUPD, > we can also decrypt the main firmware, because it's AUPD's (the bootloader's) > job to do > that. I think one should have a look into this, but this requires a not very > sophisticated > cipher, and we need to successfully guess which cipher they used. > The most promising approach by now is to try to find the JTAG pins on the > baseboard > and then try to somehow read out the supplementary flash through them. > Hmm, that's an intresting approach. Shouldn't it be possible somehow power the pins of the flash and then read directly from it? I had a look at how the flash looks like: http://www.datasheet4u.com/html/S/S/T/SST39WF800A_SiliconStorageTechnology.pdf.html and I observed that the pins aren't visible, so one have to remove it from the board to read it. Niklas Ulvinge wishes you Happy Hacking and Merry Christmas. _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
