Page 1 of 6 123456 LastLast
Results 1 to 10 of 56
Discuss !!! New Bootloader Exploits !!! at the iPhone "2G" (Rev. 1) - Hackint0sh.org; Hey Guys, pls check this site, I think we have good devolopments and looking for ...
  1. #1
    Newbie Array

    Join Date
    Nov 2007
    Posts
    7
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default !!! New Bootloader Exploits !!!

    Hey Guys,

    pls check this site, I think we have good devolopments and looking for a cryptology expert friends in order to finalize research and reach final Happy end

    http://www.g e o hotblog.com/

    **********************************

    I found two exploits into the new bootloader, one hardware and one software. They are both untested and hard to implement, but I'm sure they will both work.

    Hardware:
    The version check reads from 0xA0021000 and 0xA0021004 to get the version of the main firmware. It then compares the values [0xA0021000]==~[0xA0021004]. If that check fails it ignores the version check. It is also the only bootloader access into high flash. So when A16 goes high, pull any data line high or low. That will cause the check to fail, and hence the version check to be skipped. And they shouldn't be any memory accesses in the bootloader, so it'll be fine.

    Software:
    This exploit is in the the way the secpack signature is padded. They did a lot to remove the really bad signature checking of the old bootloader that IPSF exploited. Although the secpack still has 0x28 bytes of data at the end that isn't checked for normal secpack sigs. The secpack sig is(0x30 header/padding, 0x14 main fw sha, 0x14 secpack sha, 0x28 unchecked padding) So by spoofing the first 0x58 of the RSA, you can set any secpack and main fw sha hash you want. It is very easy in exponent 3 RSA cryptosystems to spoof the first 1/3 of the message bytes. I believe with some clever math and brute force, the whole 0x58 can be spoofed. Any cryptology experts out there?

    **********************************



  2. #2
    Senior Professional Array

    Join Date
    Nov 2007
    Posts
    174
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    15

    Default

    this is awesome news. despite no new firmware, iphone will get unlocked! Very nice finding

  3. #3
    Rookie Array

    Join Date
    Oct 2007
    Posts
    27
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Can one of the more technically minded members explain GeoHotz discovery in lamen terms and what needs to be accomplished next to achieve unlock prior to 1.1.3?

  4. #4
    Rookie Array

    Join Date
    Nov 2007
    Posts
    26
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Regarding the secpack spoof - I thought that'd been proposed before but ruled out as too difficult?

    Having said that, love to be wrong
    Last edited by Dare; 12-01-2007 at 12:28 AM.

  5. #5
    Advanced Array

    Join Date
    Oct 2007
    Posts
    45
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    its just difficult right? but not impossible.. thats the price u pay to get the 1.1.2 iphone unlocked..


  6. #6
    Newbie Array

    Join Date
    Mar 2007
    Posts
    5
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Yay! Fantastic news! Great work, geohot

  7. #7
    Advanced Array

    Join Date
    Nov 2007
    Posts
    41
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Incredible. Small step to hacker, big step to iPhone users :p

  8. #8
    Senior Professional Array

    Join Date
    Nov 2007
    Posts
    120
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    Very Nice....

  9. #9
    Respected Professional Array abrasBR's Avatar

    Join Date
    Sep 2007
    Location
    Belo Horizonte, Brasil
    Posts
    508
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    33

    Default

    Excellent news, cant wait for this new unlock.
    Abras

  10. #10
    Advanced Array

    Join Date
    Oct 2007
    Posts
    37
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    How about a distributed computing effort to crack the secpack? I'm probably way out line here, but it's a funny thought Thousands of iPhone geeks all over the world joining in the common goal of sticking it to the man (and to be able to make thousands of dollars selling unlocked phones on ebay


 

 
Page 1 of 6 123456 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 08-24-2011, 07:00 AM
  2. Slashdot: Guide To Building a Cable That Improves iOS Exploits
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 08-08-2011, 11:30 AM
  3. MacNN: QuickTime 7.6.4 fixes video, FlashPix exploits
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 09-09-2009, 10:40 PM
  4. Dev-Team/Geohot exploits different?
    By .:max:. in forum iPhone 3GS
    Replies: 13
    Last Post: 06-30-2009, 01:51 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 07:50 PM.
twitter, follow us!