stooo, i'm using a special script here, not the 2g one. in these files, i'm putting 256 bytes of return addresses after the end of the buffer, so we should hit it. no idea what's going on here, though.
tof schrieb: > > Finn Wilke a écrit : > >> P.S: Does it make any change whether the iPod is Windows or Mac >> formatted? >> > > yes ! > > it could make a difference. as the overflow is happening in a function very > close to the file system, and the link(file) size limit could have to do with > the FD limits, we could have differences. > > > > I also have a 4th gen nano and have already tried out some files. > > There was no file that froze or reboot-looped the ipod, it was always > > working as before. > > It is not normal to have no crash, perhaps the simplification of the link to > a shorter overflow has "broken the portability" of the notes bug. > I remember Taylor mentionning that the link size for crash was different > depending n the model... > > > > sto > > > >> Am 12.07.2009 um 22:28 schrieb Taylor Gordon: >> >>> If you see anything earth shattering (like the ipod freezes) just >>> feel free >>> to let us know on the ML. >>> >>> Taylor >>> >>> On Sun, Jul 12, 2009 at 3:48 PM, Tyler Steinmetz < >>> [email protected]> wrote: >>> >>>> Alright, I'm on it... where can I post the results I experience on >>>> my 4g >>>> nano? Is the wiki fine? >>>> >>>> On Sun, Jul 12, 2009 at 2:38 PM, The Seven <[email protected]> wrote: >>>> >>>>> As a little hint: a0864.... upward is the most probable range. you >>>>> can >>>>> also try the b variants. i wouldn't expect lower numbers than >>>>> 0864...., >>>>> though. >>>>> >>>>> Taylor Gordon schrieb: >>>>>> Just to let everyone know, and kind of in response to Tyler's >>>>>> message: >>>>>> >>>>>> Because we don't have JTAG on the 3g or 4g nano (yet anyways), we >>>>>> can't >>>>>> clearly see the return address for the PoC files. TheSeven has >>>> generated >>>>>> some test files which all have different return addresses. >>>>>> Hopefully, >>>> if >>>>> we >>>>>> can try some of these, we will eventually find the correct file >>>>>> that >>>> has >>>>> the >>>>>> desired behavior. Please refer to >>>>>> http://n00b81.fileave.com/ipod/sweep.txtfor more details about what >>>>>> you want to be looking out for. >>>>>> >>>>>> Also, just two quick warnings. This is a 500 kb archive, but >>>>>> there are >>>>> 65000 >>>>>> files in there :) So if you extract it, it will be about 500 mb >>>>>> worth >>>> of >>>>>> files, so I suggest you extract them a few at a time, or all >>>>>> together, >>>>> your >>>>>> choice ;) >>>>>> >>>>>> Remember you'll have to put your ipod into disk mode if it gets >>>>>> into an >>>>>> endless crash-reboot loop. You can feel free to try these on 6g >>>>> classic/3g >>>>>> nano/4g nano which all have the bug also. >>>>>> >>>>>> Both the Readme and the archive for the testing files can be found >>>> here: >>>>>> http://n00b81.fileave.com/ipod. >>>>>> >>>>>> Hopefully we will find the file that freezes the ipod :) >>>>>> >>>>>> Taylor >>>>>> >>>>>> On Sun, Jul 12, 2009 at 12:17 PM, Tyler Steinmetz < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Great work, thanks so much... >>>>>>> >>>>>>> Any chance we can get this working on 3rd or 4th gen? >>>>>>> >>>>>>> On Sun, Jul 12, 2009 at 1:32 AM, mat h <[email protected]> wrote: >>>>>>> >>>>>>>> Very interesting read thanks >>>>>>>> >>>>>>>> On 7/12/09, tof <[email protected]> wrote: >>>>>>>>> Hello >>>>>>>>> >>>>>>>>> >>>>>>>>> I put on the wiki some useful info about the HW part, and the >>>>>>> exploit... >>>>>>>>> http://l4n.clustur.com/index.php/Nano2G_getting_exec >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> sto >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Linux4nano-dev mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>> http://www.linux4nano.org >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Linux4nano-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>> http://www.linux4nano.org >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Linux4nano-dev mailing list >>>>>>> [email protected] >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>> http://www.linux4nano.org >>>>>>> >>>>>> _______________________________________________ >>>>>> Linux4nano-dev mailing list >>>>>> [email protected] >>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>> http://www.linux4nano.org >>>>>> >>>>> _______________________________________________ >>>>> Linux4nano-dev mailing list >>>>> [email protected] >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>> http://www.linux4nano.org >>>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
