Update: I was poking around in the source of iRecovery, and apparently the device needs to be in recovery mode (not DFU mode) for the shell to work. I was hoping to be able to use this with the Nano 4G, but I don't know if it's possible without recovery mode. Does anyone know if the 4G has a recovery mode or not?
-Cory Walker Cory Walker wrote: > This sounds interesting. Maybe the ARM7 Go exploit > (http://theiphonewiki.com/wiki/index.php?title=ARM7_Go) could be used on > the iPod Nano 4G? Be sure to look at the 'Talk' page for the previous > link; it has some good info. You use iRecovery > (http://theiphonewiki.com/wiki/index.php?title=IRecovery) to execute > arm7_go. > A W wrote: >> I have stuck. Must be a lack of experience on exploiting things. >> Most important question: what kind of code can be used to understand when >> this code is actually executed? There is no point on wasting time searching >> exploit entry address, unless you shure you'll notice the hit. I were >> thinkin of some kind of dead loop, but my iPod freezed few times just at >> overflow, so its probably not the best way. >> And what kind of data one must corrupt to completely freeze iPod? >> >> The overflow I'm tryin to exploit is at A tag: [a href="here"]; iPod goes >> reboot when target file name is longer than 266 bytes. And Notes does handle >> such names with out any problems, so I think its goes out of bounds >> somewhere at file existance check (inside interrupt handler?). >> Notes apply some restrictions to exploit code: it turns bytes with value>127 >> to two-byte (UTF?) sequences and, probably, converts lowercase latin >> chars(0x61-0x7A) to uppercase. This makes unusable some conditional codes >> (including ALWAYS), branches to negative offset, few ALU instructions, and >> some other, less useful things. Still I think there is enough freedom to >> code something interesting, and its always possible to generate necessary >> instructions in-place. >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
