Difference between revisions of "N72AP"

From The iPhone Wiki
Jump to: navigation, search
Line 9: Line 9:
 
== Notes ==
 
== Notes ==
 
-It has a new [[GID]] key.
 
-It has a new [[GID]] key.
  +
 
-[[iBoot]] seems to map itself at 0xFF00000.
 
-[[iBoot]] seems to map itself at 0xFF00000.
  +
 
-[[LLB]] is encrypted, which is new.
 
-[[LLB]] is encrypted, which is new.
  +
 
-The s5l8900 [[WTF]] is still in the firmware strangely enough, but there is no [[n72ap]] WTF.
 
-The s5l8900 [[WTF]] is still in the firmware strangely enough, but there is no [[n72ap]] WTF.
  +
 
-It uses the same [[KBAG]] method, but as previously stated, it has a new [[GID]] key so nothing can be decrypted at the time without allowing unsigned code.
 
-It uses the same [[KBAG]] method, but as previously stated, it has a new [[GID]] key so nothing can be decrypted at the time without allowing unsigned code.
   

Revision as of 02:25, 11 September 2008

This is the 2nd Generation iPod Touch

Model: n72ap Application Processor (OS Chip): s5l8720x

Decryption of it's Ramdisks, iBoot, LLB, Kernel, and friends

The application processor has a new GID key in it, so you can't decrypt kbags from it on any other device than itself. So, you pretty much will not even be able to make a pwned IPSW, let alone decrypt the RootFS, unless a low level (like, bootrom/kernel/iBoot) exploit is found. From there, it can be used to run code to decrypt the kbags so that we can in turn decrypt the files, and then to run code to actually pwn the device.

Notes

-It has a new GID key.

-iBoot seems to map itself at 0xFF00000.

-LLB is encrypted, which is new.

-The s5l8900 WTF is still in the firmware strangely enough, but there is no n72ap WTF.

-It uses the same KBAG method, but as previously stated, it has a new GID key so nothing can be decrypted at the time without allowing unsigned code.

Internals

See: n72ap (Internals) - Remarkably it has a Bluetooth Chip, shown by iFixit, but apparently it may only be used for Rf transmission to the Nike+ kit.