|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "User talk:Geohot"
ChronicDev (talk | contribs) |
ChronicDev (talk | contribs) (→hardware hax: new section) |
||
| Line 1: | Line 1: | ||
== yo == |
== yo == |
||
Hey, we are working on jailbreaking the new ipt2 in #iphone-hax at irc.osx86.hu right now. wEsTbAeR-- and Tom3Q have written a tool to communicate with the new DFU 2.0 (WTF 2.0 its burned into the new ipt2 bootrom) but we are having some problems getting it to work correctly. wb and Tom3Q said that they plan to clean the code a bit then post it here on the wiki, and we were wondering if you could help us it get working fully. getting a response from it like shown on the devteam blog is the hardest step of all it seems... |
Hey, we are working on jailbreaking the new ipt2 in #iphone-hax at irc.osx86.hu right now. wEsTbAeR-- and Tom3Q have written a tool to communicate with the new DFU 2.0 (WTF 2.0 its burned into the new ipt2 bootrom) but we are having some problems getting it to work correctly. wb and Tom3Q said that they plan to clean the code a bit then post it here on the wiki, and we were wondering if you could help us it get working fully. getting a response from it like shown on the devteam blog is the hardest step of all it seems... |
||
| + | |||
| + | == hardware hax == |
||
| + | |||
| + | Hey, I was looking into the permissions thing in iPod Touch 2G iBSS and it seems that certain hardware addresses are checked for certain things, depending on the iBoot command that called it. According to some Devteamers that I asked, very tiny wire would need to be soldered that would need electron microscopes and stuff, if I wanted to replicate what Apple uses for developer / debug devices...so I guess that is out. Then I found [http://infectus.biz/|this], and was wondering what you thought about using it to manipulate the S5L. I know size would be a concern, but that is kind of a non-issue, because if using the infectus2 chip + injectus could get a permissions-patched img3-integrity-patched iBSS onto the device, we can simply use some reworked AES code to decrypt the KBAGs, then on the computer side patch + pwn the files, then its just a matter for restoring to a custom firmware that could even be made with PwnageTool 2 since there is only a new GID key, no change to the encryption type itself (ie. no img4 or anything) |
||
| + | |||
| + | PM me back or email me at cdevadmin@gmail.com about what you think about this. I already have bought a few things to try some experiments, and I will add this to the list if you think there is hope with using this. |
||
Revision as of 02:26, 7 October 2008
yo
Hey, we are working on jailbreaking the new ipt2 in #iphone-hax at irc.osx86.hu right now. wEsTbAeR-- and Tom3Q have written a tool to communicate with the new DFU 2.0 (WTF 2.0 its burned into the new ipt2 bootrom) but we are having some problems getting it to work correctly. wb and Tom3Q said that they plan to clean the code a bit then post it here on the wiki, and we were wondering if you could help us it get working fully. getting a response from it like shown on the devteam blog is the hardest step of all it seems...
hardware hax
Hey, I was looking into the permissions thing in iPod Touch 2G iBSS and it seems that certain hardware addresses are checked for certain things, depending on the iBoot command that called it. According to some Devteamers that I asked, very tiny wire would need to be soldered that would need electron microscopes and stuff, if I wanted to replicate what Apple uses for developer / debug devices...so I guess that is out. Then I found [1], and was wondering what you thought about using it to manipulate the S5L. I know size would be a concern, but that is kind of a non-issue, because if using the infectus2 chip + injectus could get a permissions-patched img3-integrity-patched iBSS onto the device, we can simply use some reworked AES code to decrypt the KBAGs, then on the computer side patch + pwn the files, then its just a matter for restoring to a custom firmware that could even be made with PwnageTool 2 since there is only a new GID key, no change to the encryption type itself (ie. no img4 or anything)
PM me back or email me at cdevadmin@gmail.com about what you think about this. I already have bought a few things to try some experiments, and I will add this to the list if you think there is hope with using this.
