User Tag List

  1. Paulsquaredson's Avatar
    Thanks for the response. I wouldn't proclaim myself as an expert in hacking in any sense of the word, but I'm definitely going to look into it.
    2014-01-17 09:34 PM
  2. Orby's Avatar
    Thanks for the response. I wouldn't proclaim myself as an expert in hacking in any sense of the word, but I'm definitely going to look into it.
    A quick Google search revealed a modified version of cdev's iRecovery and extract2g (from the iPod nano 2g, the firmware hasn't changed too much since then apparently). The tool's README is entirely in Spanish, so using it is kinda fun at the moment...

    I'm guessing the header format and structure for the firmware files is published somewhere. The firmware files are probably encrypted, so maybe iRecovery can get us a decrypted version and/or a key. If we can poke around in the firmware, we can start inspecting the kernel and/or bootloader (which, interestingly enough, is outside of the firmware.mse file and is its own discrete file, n20.bootloader.release.rb3).

    It's also worth noting that iRecovery will let us send a USB exploit with the -k argument. I'd buy a lottery ticket (or ten) if an already-existing USB exploit worked out-of-the-box, but it might not be implausible for a steaks4uce or limera1n to work with some changed offsets or addresses or something.

    However, we left my realm of technical savoir-faire and ability about twenty minutes ago.
    2014-01-17 09:54 PM
42 123
LINK TO POST COPIED TO CLIPBOARD