Page 1 of 2 12 LastLast
Results 1 to 10 of 11
Discuss Looking into what it checks to verify, anyone know? at the General - Hackint0sh.org; I'd like to look into the verification process and see if there is a way ...
  1. #1
    Advanced Array

    Join Date
    Aug 2007
    Posts
    41
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Looking into what it checks to verify, anyone know?

    I'd like to look into the verification process and see if there is a way to make it ignore hacked phones. Has anyone looked into this before?

    I have a ktrace of an upgrade (including the restore) and am searching in there for the part where it verifies the phone.

    Does anyone else want to work on this?



  2. #2
    Advanced Array

    Join Date
    Aug 2007
    Posts
    41
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Looks like these are the files tripping the restore:
    ./System/Library/LaunchDaemons/com.apple.update.plist 100644 0/0 489 788847281 Tue May 22 23:43:00 2007
    ./private/etc/master.passwd 100600 0/0 619 1785390162 Wed May 23 01:51:43 2007
    ./private/etc/passwd 100644 0/0 763 3447601478 Tue May 22 22:53:58 2007
    ./private/var/log/lastlog 100640 0/80 0 4294967295 Tue May 22 22:53:59 2007
    ./private/var/log/wtmp 100644 0/80 0 4294967295 Tue May 22 22:53:59 2007
    ./private/var/run/utmp 100644 0/0 0 4294967295 Tue May 22 22:54:01 2007
    ./usr/sbin/update 100555 0/0 8924 1594396772 Sat May 26 15:48:42 2007
    ./private/etc/fstab 100644 0/0 70 1967767704 Tue May 22 22:53:58 2007

    ./System/Library/CoreServices/SpringBoard.app/Default_CARRIER_ATT.png 100644 0/0 983 3626791359 Wed May 23 02:03:45 2007
    ./System/Library/CoreServices/SpringBoard.app/FSO_CARRIER_ATT.png 100644 0/0 738 838971844 Wed May 23 02:03:48 2007

    So our way into the system (update) needs to be set back to the proper date and we need to rewrite login and dropbear/sshd to use /etc/shadow or /etc/master.passwd2 or something so we can run stock /etc/master.passwd and /etc/passwd. We also need to make login log to /var/run/utmp2 or something.

    I will try to work up some new binaries that do this soon.

    More info on the update can be found here:
    http://iphone.fiveforty.net/wiki/ind...Update_Service
    Last edited by risner; 08-24-2007 at 02:52 PM.

  3. #3
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    I think a better approach would be to patch the pre/post BOMs to only check the files that are going to be patched.

    And provide a "pre-checker" that'll advise the user to fix the problem before wiping out everything (for example if a patched lockdownd is installed), or skip a patch.

    Then the common update process can be run (it seems to be able to free some used space in the NOR, so I think it's better to use the official process, and just modify the data files to suit our needs).

    I'll try to have a look tonight at this BOM tweaking to see if it's realistic (or has already been done for OS X, but I don't think so, the format looks proprietary) and report on the Wiki page.

  4. #4
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    227
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    Quote Originally Posted by risner View Post
    Looks like these are the files tripping the restore:
    ./System/Library/LaunchDaemons/com.apple.update.plist 100644 0/0 489 788847281 Tue May 22 23:43:00 2007
    ./private/etc/master.passwd 100600 0/0 619 1785390162 Wed May 23 01:51:43 2007
    ./private/etc/passwd 100644 0/0 763 3447601478 Tue May 22 22:53:58 2007
    ./private/var/log/lastlog 100640 0/80 0 4294967295 Tue May 22 22:53:59 2007
    ./private/var/log/wtmp 100644 0/80 0 4294967295 Tue May 22 22:53:59 2007
    ./private/var/run/utmp 100644 0/0 0 4294967295 Tue May 22 22:54:01 2007
    ./usr/sbin/update 100555 0/0 8924 1594396772 Sat May 26 15:48:42 2007
    ./private/etc/fstab 100644 0/0 70 1967767704 Tue May 22 22:53:58 2007

    ./System/Library/CoreServices/SpringBoard.app/Default_CARRIER_ATT.png 100644 0/0 983 3626791359 Wed May 23 02:03:45 2007
    ./System/Library/CoreServices/SpringBoard.app/FSO_CARRIER_ATT.png 100644 0/0 738 838971844 Wed May 23 02:03:48 2007

    So our way into the system (update) needs to be set back to the proper date and we need to rewrite login and dropbear/sshd to use /etc/shadow or /etc/master.passwd2 or something so we can run stock /etc/master.passwd and /etc/passwd. We also need to make login log to /var/run/utmp2 or something.

    I will try to work up some new binaries that do this soon.

    More info on the update can be found here:
    http://iphone.fiveforty.net/wiki/ind...Update_Service


    To be honest what you are seeing from the ktrace on these files:

    ./private/etc/master.passwd 100600 0/0 619 1785390162 Wed May 23 01:51:43 2007
    ./private/etc/passwd 100644 0/0 763 3447601478 Tue May 22 22:53:58 2007
    ./private/var/log/lastlog 100640 0/80 0 4294967295 Tue May 22 22:53:59 2007
    ./private/var/log/wtmp 100644 0/80 0 4294967295 Tue May 22 22:53:59 2007
    ./private/var/run/utmp 100644 0/0 0 4294967295 Tue May 22 22:54:01 2007

    Are probably the result of privileged processes being run on the iPhone by the update process....

    i.e. it will be effectively "logging in" resulting in fopen() to all of those files.

    One thing that has occurred to me, is that by changing the passwd from "dottie" would a user effectively be causing the iPhone update process to fail if it attempting to su to root....


    in other words maybe the following occurs:

    1. Update process starts
    2. Itunes attempts to login as root with password "dottie" to execute privileged tasks
    3. iPhone denies access (incorrect password)
    4. ITunes scratches head.... "I cant login..."
    5. Itunes comes to conclusion "IPhone is clearly knackered"
    6. Tells User to perform full restore as it would be the only way for it to perform the update.


    Has anyone tried changing the root password back to dottie prior to running the update...?

  5. #5
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Quote Originally Posted by MetalRat View Post
    Has anyone tried changing the root password back to dottie prior to running the update...?
    Shouldn't matter, iTunes got a "free lunch" through the specific interface used to talk to I-don't-remember-which-one daemon.

    Things get ugly if the file system is not compliant with what the BOM file is listing (should happen in the verify_uberbom function of the decrypted libupdate_brain.dylib)


  6. #6
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    OK the BOM API is quite easy to reverse - I'll post sample code later tonight on the Wiki

  7. #7
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Page updated with BOM headers and a sample code

    http://iphone.fiveforty.net/wiki/ind...Update_Service

  8. #8
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Page update with some very alpha utilities to play with the updates and an even more alpha guide to hack one (I used this to update from a jailbreaked+ssh+terminal 1.0.1 to 1.0.2 without losing anything, with minor issues)

    Don't hesitate to report your ideas on the Wiki discussion page

    http://iphone.fiveforty.net/wiki/ind...Update_Service

  9. #9
    Respected Professional Array pendalf's Avatar

    Join Date
    Jul 2007
    Posts
    548
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by Zf_ View Post
    Page update with some very alpha utilities to play with the updates and an even more alpha guide to hack one (I used this to update from a jailbreaked+ssh+terminal 1.0.1 to 1.0.2 without losing anything, with minor issues)

    Don't hesitate to report your ideas on the Wiki discussion page

    http://iphone.fiveforty.net/wiki/ind...Update_Service


    thats great,

    will try it, when im back from vacation

    good work Zf_ !

    • -

    *̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ *̡͌l̡*

  10. #10
    Advanced Array

    Join Date
    Aug 2007
    Posts
    41
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Just got the chance to look at your updates, and they are long way to where I'd like to be with this. I can't download the link provided from the French site.


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Installation checks failed - OSX
    By ISpitNapalm in forum Installation
    Replies: 0
    Last Post: 03-30-2011, 08:10 PM
  2. How to verify if software is broken?
    By Cristi_m in forum iOS 3.x (iPhone OS 3.x)
    Replies: 3
    Last Post: 04-08-2010, 09:22 PM
  3. How to verify if GPS is working?
    By jbloggs in forum iPhone 3GS
    Replies: 4
    Last Post: 11-07-2009, 08:09 PM
  4. check list, someone please verify!
    By treeml in forum Installation
    Replies: 0
    Last Post: 09-22-2009, 05:44 AM
  5. Application for Printing Checks?
    By andyboutte in forum Genuine Mac Support
    Replies: 1
    Last Post: 02-01-2009, 12:51 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 09:45 AM.
twitter, follow us!