Same problem with it... I'm gonna try the DFU file creation with my 6G to see the differences between the files. The earlier the easier? :)
3mpty 2009/2/23, Ari <[email protected]>: > I tried compiling dfu-util (the original version from OpenMoko, not > the dev team hacked version that runs the pwnage2 exploit) to upload a > file to a 3G iPod touch (the one that is downloaded by iTunes, to be > specific) but it errored out every time, even though it recognized the > nano as a DFU device... I'm sure a simple patch would fix this, but > I'm not smart enough to write one :p > > If the system is extremely similar, we'll have to find a gid key to > decrypt these 8702 files or whatever... The iPhone's gid key was used > to decrypt the 8900 files, until Apple switched to img3 which featured > a more complex encryption system. You can find a little more > information on the iPhone keys at > http://wikee.iphwn.org/s5l8900:encryption_keys > and http://www.theiphonewiki.com/wiki/index.php?title=AES_Keys > > By the way, where is this IRC channel you're talking about? > > Ari > > On Feb 23, 2009, at 12:16 PM, Taylor Gordon wrote: > >> Very nice! >> >> Indeed, it It looks like maybe Ari would be a great help in >> developing an >> exploit for the ipod nano 3g/4g. The hardware does look much alike. >> >> I believe that TheSeven had compiled a modified version of iran and >> wrote a >> "junk" file to the ipod to test the transfer and he was succesful. Im >> guessing out next step is to look closely at this "Apple Safe boot" >> file >> downloaded by itunes and see if it is anything similar to the iPhone >> iBoot. >> >> BTW - As you guys probably know the DFU files are also encrypted but >> there >> might be some interesting keys in there. We might even be able to >> find the >> buffer overflow in the certificate like with the i/touch/phone. I >> should be >> on IRC sometime later today. >> >> Taylor >> On Mon, Feb 23, 2009 at 11:15 AM, Ari <[email protected]> wrote: >> >>> Interesting! Clearly the iPod nano 3G is built off the iPhone... I >>> think it's likely that we'll find an iPod nano exploit similar to one >>> of the iPhone ones we've found over the years! >>> >>> The 8900 does seem to be the same as the iPod nano's format, but it >>> is >>> called 8900 because that's the suffix of the iPhone's application >>> processor (the S5L8900), so the 8702 format is not necessarily an >>> earlier version of the format, just an earlier processor. >>> >>> And Raoul did not "generate" these files, they are downloaded by >>> iTunes when a DFU 3G iPod nano is detected :) >>> >>> Although I'm not a member of the iPhone dev team, I do have some >>> knowledge of the iPhone platofrm, as I'm a member of the Chronic Dev >>> Team (http://chronic-dev.org/blog/), who jailbroke the iPod touch 2G >>> before the iPhone dev team released theirs. In addition, I wrote >>> iJailBreak, the original automated iPod touch Mac jailbreak back in >>> the 1.1.1 days at http://ijailbreak.com/. >>> >>> Ari >>> >>> On Feb 23, 2009, at 10:14 AM, 3mpty wrote: >>> >>>> How did it generate it? >>>> >>>> By the way, take a look at this >>> http://wikee.iphwn.org/s5l8900:8900_format >>>> ... >>>> I bet that the format is identical (all the struct fields seem to >>>> match), >>>> only an earlier version (8900 vs 8702). >>>> >>>> Someone should contact iPhone Dev Team guys... >>>> >>>> 3mpty >>>> >>>> 2009/2/22 Raoul Guggenheim <[email protected]> >>>> >>>>> Hello >>>>> Found the DFU mode on my nano 3g >>>>> And it generated those restoring files! have fun >>>>> >>>>> >>>>> _______________________________________________ >>>>> Linux4nano-dev mailing list >>>>> [email protected] >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>> http://www.linux4nano.org >>>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>> >>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
