So how did I manage to FIX the problem I mentioned earlier? The reason I was so vague on the details is that I used a confidential iBoot vulnerability that we didn't want Apple to know even existed! This allowed me to bootstrap openiboot directly from a stock iBSS that was loaded through DFU mode. I still can't tell you exactly what it is, but since geohot already leaked the existence of it, I figure I can tell you it exists and is what I used. :)
Then, it was a simple matter of using openiboot's NOR engine to restore everything. I even can use the new image list parser and AES engine to have a very nice high level interface to the image list, allowing me to "pwn" just with openiboot; no ramdisk futzing around!
The AES code has been in SVN for awhile, but to anyone following jailbreaking news, it's probably obvious why I suddenly, out of the blue, decided to reverse it and write it. Haha. So the night that I committed the AES code, is the night the Dev Team first decrypted the new img3 shit. :)
Popular Posts
- 199 iphone wall paper
- Scanbuy Announces Addition to Its Board of Directors
- Millions of Names Available for .Co Open Registration
- YouTube Mobile 3G Enhancements & Java Beta Launchd.
- What a wonderful Second Life!
- Google Wave: First impressions
- Nokia N8 + Bluetooth Keyboard + Mouse
- Developers unhappy over Oracle Android suit
- Caribou Coffee to Use Cellfire for Mobile Coupon Offer
- Catching up: 8 random things about me
0 comments:
Post a Comment