?

Log in

No account? Create an account
October 10th, 2007 - Adventures in Engineering — LiveJournal
The wanderings of a modern ronin.

Ben Cantrick
  Date: 2007-10-10 12:08
  Subject:   iPhone/Touch jailbreak with full filesystem write access - confirmed.
Public
  Mood:Oh yes bitches it is!
  Music:http://en.wikipedia.org/wiki/Illusion_of_control
  Tags:  digg

Hacker Niacin (aka toc2rta) and Dre claim they've managed to combine the symlink hack with a TIFF vulnerability found in the v1.1.1 firmware's mobile Safari, which grants access to the file system. This is the hack we're testing here.

(Note: Due to the nature of this hack, it's to be considered ephemeral. Apple needs only to patch the TIFF vulnerability and file system access on v1.1.1 is out, with the touch and iPhone back to their previously not-too-hackable state.)

And the result thus far? We've tested the solution, and we can confirm file system read+write access via the TIFF exploit on an iPod touch, meaning loading a simple image file on your v1.1.1 device gives full root file system access!


http://www.engadget.com/2007/10/10/iphone-and-ipod-touch-v1-1-1-full-jailbreak-tested-confirmed/

Even if I don't agree with their reasons, I can understand why Apple is patching the iPhone. They're probably contractually obligated to patch holes in the iPhone by AT&T - who are scared to *death* that someone will port Skype to the iPhone and then nobody will need AT&T. What I still can't figure out, though, is why Apple won't open up the iPod Touch, which has no phone functionality and Apple is under no obligation to keep proprietary.

Hardly matters anyway. Apple is going to (fail to?) learn the lesson that Sony also (failed to) learn: lock it down all you want, encrypt it all you want, use whatever hardware reinforcement you want... you are not smart enough to fix all the holes. The hackers are smarter than you, they have more free time than you, and they WILL break it open - it's only a matter of when. <Star Wars>You can either profit by this... or be destroyed.</Star Wars>. (And in AT&T's case, I'm sure they prefer destruction to opening their devices - which is fine by me.)
3 Comments | Post A Comment | | Link



Ben Cantrick
  Date: 2007-10-10 13:55
  Subject:   School of bad ideas: AJAX rexec.
Public
  Mood:evil
  Music:A - Bad Idea
  Tags:  bad thing(tm), no

ScreenshotCollapse )

Yes, it's exactly what it looks like. You type in a UNIX shell command, and our old f(r)iend AJAX sends it back to a webs(w)erver where a CGI script executes the command, and sends the results back. AJAX then dynamically rewrites the page text to show the results.

Source code to the worst kludge since WindowsME.Collapse )

As you can see, not only is this a really bad idea, it's also horribly implemented! So I expect that this will become the basis for the next big thing in Web tech. ;]

I made this so I could telnet from my iTouch. But although it works great in Firefox, it doesn't work at all on the Touch! It just won't submit the form or call ajax(). Oh the irony...
3 Comments | Post A Comment | | Link






browse
May 2015