Taking a look into the updater used earlier to flash airport base stations. It was a stand alone updater before Leopard was out. I think you will find similar stuff if reversign the much bigger Airport utility from Leopard which is used to flash the device today.
a little bump on this one!
unfortunately the instructions did not help my limited knowledge.
Any more hints on how to start?
I know its not as popular as hacking the iPhone - but should be at least a lot easier :-9
The Time Capsule could certainly use some useful augmentations which Apple has left out. PPTP VPN server? SSH?
Another bump on this one.
Afaik Apple is not giving the source code of its firmware.
The arm chip should contain
a) the bootloader, that decrypts (if needed) apple's firmware updates
b) the actual firmware
Maybe we can get the firmware directly from the chip (by connecting to its pins) ?
edit: removed stupid note about the licence
Netbsd is NOT gpl it is BSD licensed as it's name suggests, which allows commercial distribution of products without forcing the modified source code to be published like GPL does.
Originally Posted by Maconnect
Any hacking is going to have to be without source code.
Yes, of course it's bsd. I wasn't fully awake ^^
Anyways, the first step may be to reverse apple's protocol for speaking to the bootloader.
Detailed infos about the airport extreme can be found here:
It has 512MB RAM and a 128MB flash chip. That's plenty for... anything !
I am still interested in this a lot - but unfortunately this has not the attention as an iPhone or a PS3 :-)
do you have any clue about reversing the communication?
I did a complete network-log of the initialization and update process of one of the last firmwares - but I am missing the knowledge on where to start.
Well the airport is using the snmp protocol, that's where I'd start. There are also a couple of free tools that can configure an Airport, like net-mgmt (which uses snmp).
Unfortunately I'm very short on spare time, so I won't be able to help a lot
I would like to give it a bump.
TC is out for so long and no one ever came up with a suggestion on how to start. I think this would really be some interesting trick to run SSH, Mediaserver or whatever on the TC.
I donīt know where to start. but there is a basebinary file on the one hand. I guess it needs to be decrypted to see how it is set up. Any Idea how?
The other way might be the update process? I logged the whole process with a package-logger. i this of any use to process?
Anyone? iPhone, iPad, AppleTV... letīs make TC one of them :-)
I also think there is a great potential unexplored.
Did anyone ever advanced in decrypting the firmware?