From The iPhone Wiki
Jump to: navigation, search

Why no AFC2?

Is there any reason why even RC3 doesn't add afc2 to services.plist? --Redart 13:40, 4 November 2009 (UTC)


I notice pages like the one for ultrasn0w contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like purplera1n will be published? MaybachMan 08:25, 1 August 2010 (UTC)

That would be really awesome to see. Anyone able to negotiate communicate with geohot? Iemit737 09:07, 1 August 2010 (UTC)
I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for Spirit. -- http 09:51, 1 August 2010 (UTC)
I have blackra1n open in IDA right now, here's what it gave me (I hope I did this right).
UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
UPX1:004E9A40                 public start
UPX1:004E9A40 start           proc near
UPX1:004E9A40 var_AC          = dword ptr -0ACh
UPX1:004E9A40                 pusha
UPX1:004E9A41                 mov     esi, offset byte_455015
UPX1:004E9A46                 lea     edi, [esi-54015h]
UPX1:004E9A4C                 push    edi
UPX1:004E9A4D                 jmp     short loc_4E9A5A
UPX1:004E9A4D ; ---------------------------------------------------------------------------
UPX1:004E9A4F                 align 10h
UPX1:004E9A50 loc_4E9A50:                             ; CODE XREF: start:loc_4E9A61�j
UPX1:004E9A50                 mov     al, [esi]
UPX1:004E9A52                 inc     esi
UPX1:004E9A53                 mov     [edi], al
UPX1:004E9A55                 inc     edi
UPX1:004E9A56 loc_4E9A56:                             ; CODE XREF: start+CF�j
UPX1:004E9A56                                         ; start+E5�j
UPX1:004E9A56                 add     ebx, ebx
UPX1:004E9A58                 jnz     short loc_4E9A61
UPX1:004E9A5A loc_4E9A5A:                             ; CODE XREF: start+D�j
UPX1:004E9A5A                 mov     ebx, [esi]
UPX1:004E9A5C                 sub     esi, 0FFFFFFFCh
UPX1:004E9A5F                 adc     ebx, ebx
UPX1:004E9A61 loc_4E9A61:                             ; CODE XREF: start+18�j
UPX1:004E9A61                 jb      short loc_4E9A50
UPX1:004E9A63                 mov     eax, 1
UPX1:004E9A68 loc_4E9A68:                             ; CODE XREF: start+52�j
UPX1:004E9A68                 add     ebx, ebx
UPX1:004E9A6A                 jnz     short loc_4E9A73
UPX1:004E9A6C                 mov     ebx, [esi]
UPX1:004E9A6E                 sub     esi, 0FFFFFFFCh
UPX1:004E9A71                 adc     ebx, ebx
UPX1:004E9A73 loc_4E9A73:                             ; CODE XREF: start+2A�j
UPX1:004E9A73                 adc     eax, eax
UPX1:004E9A75                 add     ebx, ebx
UPX1:004E9A77                 jnb     short loc_4E9A84
UPX1:004E9A79                 jnz     short loc_4E9AA3
UPX1:004E9A7B                 mov     ebx, [esi]
UPX1:004E9A7D                 sub     esi, 0FFFFFFFCh
UPX1:004E9A80                 adc     ebx, ebx
UPX1:004E9A82                 jb      short loc_4E9AA3
UPX1:004E9A84 loc_4E9A84:                             ; CODE XREF: start+37�j
UPX1:004E9A84                 dec     eax
UPX1:004E9A85                 add     ebx, ebx
UPX1:004E9A87                 jnz     short loc_4E9A90
UPX1:004E9A89                 mov     ebx, [esi]
UPX1:004E9A8B                 sub     esi, 0FFFFFFFCh
UPX1:004E9A8E                 adc     ebx, ebx
UPX1:004E9A90 loc_4E9A90:                             ; CODE XREF: start+47�j
UPX1:004E9A90                 adc     eax, eax
UPX1:004E9A92                 jmp     short loc_4E9A68
UPX1:004E9A94 ; ---------------------------------------------------------------------------
UPX1:004E9A94 loc_4E9A94:                             ; CODE XREF: start:loc_4E9AC6�j
UPX1:004E9A94                                         ; start:loc_4E9AD4�j
UPX1:004E9A94                 add     ebx, ebx
UPX1:004E9A96                 jnz     short loc_4E9A9F
UPX1:004E9A98                 mov     ebx, [esi]
UPX1:004E9A9A                 sub     esi, 0FFFFFFFCh
UPX1:004E9A9D                 adc     ebx, ebx
UPX1:004E9A9F loc_4E9A9F:                             ; CODE XREF: start+56�j
UPX1:004E9A9F                 adc     ecx, ecx
UPX1:004E9AA1                 jmp     short loc_4E9AF5
UPX1:004E9AA3 ; ---------------------------------------------------------------------------
UPX1:004E9AA3 loc_4E9AA3:                             ; CODE XREF: start+39�j
UPX1:004E9AA3                                         ; start+42�j
UPX1:004E9AA3                 xor     ecx, ecx
UPX1:004E9AA5                 sub     eax, 3
UPX1:004E9AA8                 jb      short loc_4E9ABB
UPX1:004E9AAA                 shl     eax, 8
UPX1:004E9AAD                 mov     al, [esi]
UPX1:004E9AAF                 inc     esi
UPX1:004E9AB0                 xor     eax, 0FFFFFFFFh
UPX1:004E9AB3                 jz      short loc_4E9B2A
UPX1:004E9AB5                 sar     eax, 1
UPX1:004E9AB7                 mov     ebp, eax
UPX1:004E9AB9                 jmp     short loc_4E9AC6
UPX1:004E9ABB ; ---------------------------------------------------------------------------
UPX1:004E9ABB loc_4E9ABB:                             ; CODE XREF: start+68�j
UPX1:004E9ABB                 add     ebx, ebx
UPX1:004E9ABD                 jnz     short loc_4E9AC6
UPX1:004E9ABF                 mov     ebx, [esi]
UPX1:004E9AC1                 sub     esi, 0FFFFFFFCh
UPX1:004E9AC4                 adc     ebx, ebx
UPX1:004E9AC6 loc_4E9AC6:                             ; CODE XREF: start+79�j
UPX1:004E9AC6                                         ; start+7D�j
UPX1:004E9AC6                 jb      short loc_4E9A94
UPX1:004E9AC8                 inc     ecx
UPX1:004E9AC9                 add     ebx, ebx
UPX1:004E9ACB                 jnz     short loc_4E9AD4
UPX1:004E9ACD                 mov     ebx, [esi]
UPX1:004E9ACF                 sub     esi, 0FFFFFFFCh
UPX1:004E9AD2                 adc     ebx, ebx
UPX1:004E9AD4 loc_4E9AD4:                             ; CODE XREF: start+8B�j
UPX1:004E9AD4                 jb      short loc_4E9A94
UPX1:004E9AD6 loc_4E9AD6:                             ; CODE XREF: start+A5�j
UPX1:004E9AD6                                         ; start+B0�j
UPX1:004E9AD6                 add     ebx, ebx
UPX1:004E9AD8                 jnz     short loc_4E9AE1
UPX1:004E9ADA                 mov     ebx, [esi]
UPX1:004E9ADC                 sub     esi, 0FFFFFFFCh
UPX1:004E9ADF                 adc     ebx, ebx
UPX1:004E9AE1 loc_4E9AE1:                             ; CODE XREF: start+98�j
UPX1:004E9AE1                 adc     ecx, ecx
UPX1:004E9AE3                 add     ebx, ebx
UPX1:004E9AE5                 jnb     short loc_4E9AD6
UPX1:004E9AE7                 jnz     short loc_4E9AF2
UPX1:004E9AE9                 mov     ebx, [esi]
UPX1:004E9AEB                 sub     esi, 0FFFFFFFCh
UPX1:004E9AEE                 adc     ebx, ebx
UPX1:004E9AF0                 jnb     short loc_4E9AD6
UPX1:004E9AF2 loc_4E9AF2:                             ; CODE XREF: start+A7�j
UPX1:004E9AF2                 add     ecx, 2
UPX1:004E9AF5 loc_4E9AF5:                             ; CODE XREF: start+61�j
UPX1:004E9AF5                 cmp     ebp, 0FFFFFB00h
UPX1:004E9AFB                 adc     ecx, 2
UPX1:004E9AFE                 lea     edx, [edi+ebp]
UPX1:004E9B01                 cmp     ebp, 0FFFFFFFCh
UPX1:004E9B04                 jbe     short loc_4E9B14
UPX1:004E9B06 loc_4E9B06:                             ; CODE XREF: start+CD�j
UPX1:004E9B06                 mov     al, [edx]
UPX1:004E9B08                 inc     edx
UPX1:004E9B09                 mov     [edi], al
UPX1:004E9B0B                 inc     edi
UPX1:004E9B0C                 dec     ecx
UPX1:004E9B0D                 jnz     short loc_4E9B06
UPX1:004E9B0F                 jmp     loc_4E9A56
UPX1:004E9B14 ; ---------------------------------------------------------------------------
UPX1:004E9B14 loc_4E9B14:                             ; CODE XREF: start+C4�j
UPX1:004E9B14                                         ; start+E1�j
UPX1:004E9B14                 mov     eax, [edx]
UPX1:004E9B16                 add     edx, 4
UPX1:004E9B19                 mov     [edi], eax
UPX1:004E9B1B                 add     edi, 4
UPX1:004E9B1E                 sub     ecx, 4
UPX1:004E9B21                 ja      short loc_4E9B14
UPX1:004E9B23                 add     edi, ecx
UPX1:004E9B25                 jmp     loc_4E9A56
UPX1:004E9B2A ; ---------------------------------------------------------------------------
UPX1:004E9B2A loc_4E9B2A:                             ; CODE XREF: start+73�j
UPX1:004E9B2A                 pop     esi
UPX1:004E9B2B                 mov     edi, esi
UPX1:004E9B2D                 mov     ecx, 0F1h
UPX1:004E9B32 loc_4E9B32:                             ; CODE XREF: start+F9�j
UPX1:004E9B32                                         ; start+FE�j
UPX1:004E9B32                 mov     al, [edi]
UPX1:004E9B34                 inc     edi
UPX1:004E9B35                 sub     al, 0E8h
UPX1:004E9B37 loc_4E9B37:                             ; CODE XREF: start+11C�j
UPX1:004E9B37                 cmp     al, 1
UPX1:004E9B39                 ja      short loc_4E9B32
UPX1:004E9B3B                 cmp     byte ptr [edi], 1
UPX1:004E9B3E                 jnz     short loc_4E9B32
UPX1:004E9B40                 mov     eax, [edi]
UPX1:004E9B42                 mov     bl, [edi+4]
UPX1:004E9B45                 shr     ax, 8
UPX1:004E9B49                 rol     eax, 10h
UPX1:004E9B4C                 xchg    al, ah
UPX1:004E9B4E                 sub     eax, edi
UPX1:004E9B50                 sub     bl, 0E8h
UPX1:004E9B53                 add     eax, esi
UPX1:004E9B55                 mov     [edi], eax
UPX1:004E9B57                 add     edi, 5
UPX1:004E9B5A                 mov     al, bl
UPX1:004E9B5C                 loop    loc_4E9B37
UPX1:004E9B5E                 lea     edi, [esi+0E7000h]
UPX1:004E9B64 loc_4E9B64:                             ; CODE XREF: start+146�j
UPX1:004E9B64                 mov     eax, [edi]
UPX1:004E9B66                 or      eax, eax
UPX1:004E9B68                 jz      short loc_4E9BA6
UPX1:004E9B6A                 mov     ebx, [edi+4]
UPX1:004E9B6D                 lea     eax, [eax+esi+0EA164h]
UPX1:004E9B74                 add     ebx, esi
UPX1:004E9B76                 push    eax
UPX1:004E9B77                 add     edi, 8
UPX1:004E9B7A                 call    dword ptr [esi+0EA1C8h]
UPX1:004E9B80                 xchg    eax, ebp
UPX1:004E9B81 loc_4E9B81:                             ; CODE XREF: start+15E�j
UPX1:004E9B81                 mov     al, [edi]
UPX1:004E9B83                 inc     edi
UPX1:004E9B84                 or      al, al
UPX1:004E9B86                 jz      short loc_4E9B64
UPX1:004E9B88                 mov     ecx, edi
UPX1:004E9B8A                 push    edi
UPX1:004E9B8B                 dec     eax
UPX1:004E9B8C                 repne scasb
UPX1:004E9B8E                 push    ebp
UPX1:004E9B8F                 call    dword ptr [esi+0EA1CCh]
UPX1:004E9B95                 or      eax, eax
UPX1:004E9B97                 jz      short loc_4E9BA0
UPX1:004E9B99                 mov     [ebx], eax
UPX1:004E9B9B                 add     ebx, 4
UPX1:004E9B9E                 jmp     short loc_4E9B81
UPX1:004E9BA0 ; ---------------------------------------------------------------------------
UPX1:004E9BA0 loc_4E9BA0:                             ; CODE XREF: start+157�j
UPX1:004E9BA0                 call    dword ptr [esi+0EA1DCh]
UPX1:004E9BA6 loc_4E9BA6:                             ; CODE XREF: start+128�j
UPX1:004E9BA6                 mov     ebp, [esi+0EA1D0h]
UPX1:004E9BAC                 lea     edi, [esi-1000h]
UPX1:004E9BB2                 mov     ebx, 1000h
UPX1:004E9BB7                 push    eax
UPX1:004E9BB8                 push    esp
UPX1:004E9BB9                 push    4
UPX1:004E9BBB                 push    ebx
UPX1:004E9BBC                 push    edi
UPX1:004E9BBD                 call    ebp
UPX1:004E9BBF                 lea     eax, [edi+19Fh]
UPX1:004E9BC5                 and     byte ptr [eax], 7Fh
UPX1:004E9BC8                 and     byte ptr [eax+28h], 7Fh
UPX1:004E9BCC                 pop     eax
UPX1:004E9BCD                 push    eax
UPX1:004E9BCE                 push    esp
UPX1:004E9BCF                 push    eax
UPX1:004E9BD0                 push    ebx
UPX1:004E9BD1                 push    edi
UPX1:004E9BD2                 call    ebp
UPX1:004E9BD4                 pop     eax
UPX1:004E9BD5                 popa
UPX1:004E9BD6                 lea     eax, [esp+2Ch+var_AC]
UPX1:004E9BDA loc_4E9BDA:                             ; CODE XREF: start+19E�j
UPX1:004E9BDA                 push    0
UPX1:004E9BDC                 cmp     esp, eax
UPX1:004E9BDE                 jnz     short loc_4E9BDA
UPX1:004E9BE0                 sub     esp, 0FFFFFF80h
UPX1:004E9BE3                 jmp     near ptr dword_401240
UPX1:004E9BE3 start           endp
UPX1:004E9BE3 ; ---------------------------------------------------------------------------
UPX1:004E9BE8                 dd 6 dup(0)
UPX1:004E9C00                 dd 100h dup(?)
UPX1:004E9C00 UPX1            ends
UPX1:004E9C00                 end start
--MaybachMan 17:37, 3 August 2010 (UTC)