Archive

Archive for July, 2008

iPhoneDevCamp 2008

July 29th, 2008

I will be at iPhoneDevCamp in SF this Friday. We are sponsoring two awards:

We are looking for a full-time Cocoa developer to join our Mac team. If you are interested in joining doubleTwist, ping me during the event (I’ll only be there on Friday).



Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

The iPhone Wiki

July 27th, 2008
I see a real problem with the iPhone hacking community. Most of the knowledge about the iPhone is somewhere within the dev team. If the dev team disbands and even a minor update is made which breaks things, all we'll have is a couple closed source tools and random information scattered around the internet. And I've had less and less time to work on this, so I can't keep up anymore.

We used to have an open wiki, actually it hasn't been open for a long time at iphone.fiveforty.net But whoever was managing it allowed it to fall apart, until it finally went offline, destroying information. I *hate* losing information. I wish I'd managed that wiki from the beginning, it's almost too late now.

Now we have the iPhone dev "wiki". According to wikipedia "A wiki is a collection of web pages designed to enable anyone who accesses it to contribute or modify content". So I guess it's not really a wiki.

yiphone.org got 400,000 hits. If even 1% of those people contribute to The iPhone Wiki, it will be so awesome. I already added a lot of information. Anyone can create an account and edit, even the main page. I don't filter content, only spam.

I tried really hard to make the wiki a neutral place for information. The hosting costs are paid for by the ads on this blog; I figured I should do something good with the money, so there will never be ads or donate links on the wiki. I'm trying to pass the knowledge of the iPhone onto the next generation of hackers. Will you help me?


Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

2D Sense is available on the iPhone App Store

July 27th, 2008
Finally, all formalities are in past... Visit 2D Sense web site: http://www.2dsense.com
Get it on the App Store right now:



Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

2D Sense for iPhone FW 2.0 (UPDATE)

July 24th, 2008
Well, while Apple is still reviewing 2D Sense application, I can deliver latest version of it to you for installation via iTunes using Ad Hoc method. It is simple and 100% legal process.

Just install Ad Hoc Helper application from Utilities section and run it. It will create e-mail with UDID (unique number of your iPhone). Please add short description on how you will use it send to info@2dsense.com.

This method is for next days only.

More about new version here: www.2dsense.com/2dsp/default.aspx
and here: www.2dsense.com/page.aspx?id=matrix&sid=0

Well, Apple approved application few hours ago! iTunesConnect Contract is in pending condition still but at least all technical steps are in past... (2008-07-25 00:25)


Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

Infineon, we have a problem

July 23rd, 2008
The 3G bootloader is sig checked by the bootrom. So even removing the NOR and patching the bootloader(to remove main fw sig checks) and main firmware doesn't work for an unlock. Big thanks to TA_Mobile for dumping the NOR and confirming this. You have some real skills.

The X-Gold 608 is the chip used. The lame "datasheet" infineon gives us shows the hardware RSA and the secure bootrom. So we have a real problem. Even if we find an unsigned code exploit, which wasn't done for the previous two bootloaders in software(we found tricks to play with the nor), we still can't unlock.

Even though the bootloader isn't available for download, theres really nothing there. This bootloader doesn't contain any of the interactive mode functions, just a stub which is very similar to the old bootrom(but with sig checking). The interactive loader is tacked on to the end of every fls and eep file, and is loaded at 0x86000. BBUpdaterExtreme contains several ramloaders as well, but I believe the one used is from the update file itself. You do not need the bootloader to work on the baseband, you just need the files off the ramdisk. Also interesting to note, the 2 rsa keys the bootloaders use haven't changed since 3.9 or 4.6 So you have these too.

Killing CommCenter on 2.0 kills the wi-fi, which will make working with the baseband a bit harder. Entering interactive mode is now done with a call to the kernel to raise an I/O pin before resetting.

The first step to tackling this is dumping the bootrom. We need some exploit, I don't care where, to dump arbitrary memory. Then we can dump 0x400000, which is the new "secure" bootrom.


Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

Return of the Living Blog

July 21st, 2008

Hi Everyone,

I feel guilty, like a home town friend who just walked in to the local diner after disappearing from the face of the Earth. Sorry I didn’t write. The truth is, I never left.

At HomeTips.com, we’ve been completely immersed in work. We decided to make the site better…MUCH better. So we put our noses to the grindstone and our fingers to the keyboards with a focus entirely on improving the site’s navigation and breadth of information. And we worked on it for months.

As a result, we have a newly designed, completely different HomeTips. One where you can quickly search, browse, or jump to the information you’re seeking. We have all kinds of new bells and whistles that you’re going to love, from intuitive navigation menus to extensive content on new subjects such as gardening and landscaping, to forums where you can share questions and answers with other members of the HomeTips community. Bounce around on the site, and you’ll see what I mean.

And the HomeTips blog is evolving, too. As you’ll see in the future, I won’t be the only one posting. HomeTips will have additional regular contributors, such as Juliet Myfanwy Johnson (”Somebody’s Always Hungry”), an author and mom with fun, touching, and insightful essays on what it’s like to be a “Mom About the House.”

So grab a stool at the counter and have a slice of pie. The fun’s just beginning.

Copyright 2008, HomeTips.com



Read the rest of the story from source

Author: Categories: All News, Home Improvement, Life Styles Tags:

How to tether your iPhone 3G and browse the web using your 3G connection

July 21st, 2008
Thanks to the excellent work of the iPhone Dev Team and the porting work of Jay Freeman as well as the authors of 3Proxy, it is now possible to "tether" your iPhone 3G and use its Internet connection on your laptop.

Warning - Tethering your iPhone is against the iPhone data plan terms. AT&T could slap you with huge fees if you overuse this. I recommend only using it during emergencies.

Here's the basic rundown:
- Jailbreak your iPhone 3G
- Install 3Proxy and Terminal
- Create an ad-hoc Wi-fi network using your laptop
- Join the network with your iPhone
- Find the iPhone's IP address
- Open Terminal and run the proxy program
- Open Safari on your iPhone and open a web page
- Configure your browser to use the proxy

I will be using a Mac and Firefox to demonstrate,...

Read the rest of this post



Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

yiPhone and otherwise

July 21st, 2008
I still can't believe how many people believed yiPhone. It's amazing how a couple lines of javascript(the counter) can piss so many people off. I was just trying to push dev to work a little harder ;-)
I have never done the jailbreaks for any previous versions of the phone, what makes you think this one would be different? I also like to think I have more honor than using someone elses exploit before they do. And really, who was the mascot in the picture? Yorro? Once he exists, maybe yiPhone will exist.

Also, heres why a certain person claimed the DFU was the key. You could, without any exploits, upload the 114 iBoot(even to the 3g), the 114 kernelcache(ok, this crashes on the 3g), and a hacked ramdisk. But the filesystems don't mount. And even if they did, you'd need a way around sig checking.

Here is a little program(with source of course) to run whatever you want at the DFU level; an implementation of the dev pwnage 2.0 exploit. Pass it a binary file, it will start executing at the start of the file(no file formats to deal with). I'll leave it to dev to explain the exploit used.


Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

Wow…

July 19th, 2008
Congrats to the dev team for finding the ultimate exploit in the S5L. We may not agree on many things, but I certainly respect your skills.

Pwnage uses an incredible exploit actually at the DFU level, which means it's locked into the hardware. I have managed to reproduce the exploit, but in no way understand it. I can't wait for your explanation. This is akin to finding a soft-exploitable exploit in the bootrom of the baseband.

Apple attempted to cover it up by having the new WTF downloaded as soon as iTunes sees the phone(0x1227) vs DFU(0x1222). I thought they might be covering an exploit but then just figured they didn't want the iBoots unencrypted. Good thing dev looked closer.

Also it's unbelievable they left the LLB unsigchecked in the 3G. They have all the code in the DFU to sig check, they just don't call it.

This is also great news for iphonelinux. We'll be able to boot code without the need for any of Apple's copyrighted software(and maybe without their cert).

Today is a good day for iPhone


Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags:

New Ramdisk

July 19th, 2008
In the KBAG section of the img3 files, you'll find 0x20 bytes after the section header. Decrypt them with the hardware AES engine and get
IV: 29681F625D1F61271EC3116601B8BCDE
KEY: 850AFC271132D15AE6989565567E65BF
(this is the 2.0 ramdisk)


Read the rest of the story from source

Author: Categories: All News, Gadgets, iPhone / iPod Touch, Sci/Tech Tags: