Sunday, June 28, 2009
Thursday, June 25, 2009
And so it shall be pwned for life
Earlier today, we got our hands on the bootrom. With the help of chronic, posixninja, and pod2g, I verified that it is still vulnerable to the 24kpwn exploit present in the iPod Touch 2G. This is great news for all of you. Basically, this means if someone makes a tethered jailbreak, it easily becomes untethered, because the boot chain is broken. Expect big things soon
On a personal note, I'm sad. Apple, it took me a week to break through your new defenses. And to let us reuse an exploit like that; 24kpwn was so 5 months ago. Although I imagine it must have been painful watching the devices roll by on the assembly line, knowing they all had a hole in them and you couldn't fix it.
On a personal note, I'm sad. Apple, it took me a week to break through your new defenses. And to let us reuse an exploit like that; 24kpwn was so 5 months ago. Although I imagine it must have been painful watching the devices roll by on the assembly line, knowing they all had a hole in them and you couldn't fix it.
usbdump huh? how?
Apple has added a new layer of security to the iPhone 3GS. I mentioned it several posts earlier; it's the ECID field. When iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It's important you get these signatures for your phone before a new version of the software comes out. I had previously suggested doing this by dumping usb while the iPhone restores. But this is complicated.
Fortunately, the good folks at purplera1n are here for you, the end user who wants a jailbreak. Follow these instructions to generate a unique certificate for your phones iBSS. And don't delay, Apple may change their minds. To clarify, this is instead of a usb dump. Do this, and you are good!
1. Put your phone into recovery mode and connect it to your computer.
2. Using usbview on Windows(enable Config Descriptors), System Profiler on Mac, or lsusb on Linux, read your phones ECID. It's the 16 digit hex number after "ECID:"
3. Go to purplera1n, type it, and hit enter
4. Save the generated file for a purplera1nyday...
Fortunately, the good folks at purplera1n are here for you, the end user who wants a jailbreak. Follow these instructions to generate a unique certificate for your phones iBSS. And don't delay, Apple may change their minds. To clarify, this is instead of a usb dump. Do this, and you are good!
1. Put your phone into recovery mode and connect it to your computer.
2. Using usbview on Windows(enable Config Descriptors), System Profiler on Mac, or lsusb on Linux, read your phones ECID. It's the 16 digit hex number after "ECID:"
3. Go to purplera1n, type it, and hit enter
4. Save the generated file for a purplera1nyday...
SecureROM for s5l8920xsi
522F448E276B09E7D3F90950BC1AC3B99602A3A9
Thanks planetbeing for help with the MIU. It was playing hard to get.
And Apple, you have bugs in "usb put". Want the patches?
Thanks planetbeing for help with the MIU. It was playing hard to get.
And Apple, you have bugs in "usb put". Want the patches?
Tuesday, June 23, 2009
Ramdisk Key
IV: E345E23BB266FCC2BA23A2E0BE77A3BF
KEY: 44514633CE2AEAD62BCFA8836CDA4A3C
and a little more...
7BDE483F8B1E9F19D22F9D8FDF753E02
Props to whoever gets the vfdecrypt one
KEY: 44514633CE2AEAD62BCFA8836CDA4A3C
and a little more...
7BDE483F8B1E9F19D22F9D8FDF753E02
Props to whoever gets the vfdecrypt one
Monday, June 22, 2009
Subscribe to:
Posts (Atom)