|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "N72AP"
ChronicDev (talk | contribs) |
ChronicDev (talk | contribs) |
||
| Line 6: | Line 6: | ||
== Decryption of it's Ramdisks, iBoot, LLB, Kernel, and friends == |
== Decryption of it's Ramdisks, iBoot, LLB, Kernel, and friends == |
||
The application processor has a new [[GID]] key in it, so you can't decrypt kbags from it on any other device than itself. So, you pretty much will not even be able to make a pwned IPSW, let alone decrypt the RootFS, unless a low level (like, bootrom/kernel/iBoot) exploit is found. From there, it can be used to run code to decrypt the kbags so that we can in turn decrypt the files, and then to run code to actually pwn the device. |
The application processor has a new [[GID]] key in it, so you can't decrypt kbags from it on any other device than itself. So, you pretty much will not even be able to make a pwned IPSW, let alone decrypt the RootFS, unless a low level (like, bootrom/kernel/iBoot) exploit is found. From there, it can be used to run code to decrypt the kbags so that we can in turn decrypt the files, and then to run code to actually pwn the device. |
||
| + | |||
| + | == Bootrom exploit = No Go == |
||
| + | DFU in the iPod Touch 2 is now [[WTF 2.0|0x1227]], so basically they took the patched up WTF and burned it into the bootrom, meaning the bootrom stack overflow is a no go...other methods are being tested though, no word on if they work yet... |
||
== Notes == |
== Notes == |
||
Revision as of 00:56, 15 September 2008
This is the 2nd Generation iPod Touch
Model: n72ap Application Processor (OS Chip): s5l8720x
Contents
Decryption of it's Ramdisks, iBoot, LLB, Kernel, and friends
The application processor has a new GID key in it, so you can't decrypt kbags from it on any other device than itself. So, you pretty much will not even be able to make a pwned IPSW, let alone decrypt the RootFS, unless a low level (like, bootrom/kernel/iBoot) exploit is found. From there, it can be used to run code to decrypt the kbags so that we can in turn decrypt the files, and then to run code to actually pwn the device.
Bootrom exploit = No Go
DFU in the iPod Touch 2 is now 0x1227, so basically they took the patched up WTF and burned it into the bootrom, meaning the bootrom stack overflow is a no go...other methods are being tested though, no word on if they work yet...
Notes
-It has a new GID key.
-iBoot seems to map itself at 0xFF00000.
-LLB is encrypted, which is new.
-The s5l8900 WTF is still in the firmware strangely enough, but there is no n72ap WTF.
-It uses the same KBAG method, but as previously stated, it has a new GID key so nothing can be decrypted at the time without allowing unsigned code.
Internals
See: n72ap (Internals) - Remarkably it has a Bluetooth Chip, shown by iFixit, but apparently it may only be used for Rf transmission to the Nike+ kit.
