October 10th, 2007


iPhone/Touch jailbreak with full filesystem write access - confirmed.

Hacker Niacin (aka toc2rta) and Dre claim they've managed to combine the symlink hack with a TIFF vulnerability found in the v1.1.1 firmware's mobile Safari, which grants access to the file system. This is the hack we're testing here.

(Note: Due to the nature of this hack, it's to be considered ephemeral. Apple needs only to patch the TIFF vulnerability and file system access on v1.1.1 is out, with the touch and iPhone back to their previously not-too-hackable state.)

And the result thus far? We've tested the solution, and we can confirm file system read+write access via the TIFF exploit on an iPod touch, meaning loading a simple image file on your v1.1.1 device gives full root file system access!


Even if I don't agree with their reasons, I can understand why Apple is patching the iPhone. They're probably contractually obligated to patch holes in the iPhone by AT&T - who are scared to *death* that someone will port Skype to the iPhone and then nobody will need AT&T. What I still can't figure out, though, is why Apple won't open up the iPod Touch, which has no phone functionality and Apple is under no obligation to keep proprietary.

Hardly matters anyway. Apple is going to (fail to?) learn the lesson that Sony also (failed to) learn: lock it down all you want, encrypt it all you want, use whatever hardware reinforcement you want... you are not smart enough to fix all the holes. The hackers are smarter than you, they have more free time than you, and they WILL break it open - it's only a matter of when. <Star Wars>You can either profit by this... or be destroyed.</Star Wars>. (And in AT&T's case, I'm sure they prefer destruction to opening their devices - which is fine by me.)
  • Current Music
  • Tags

School of bad ideas: AJAX rexec.

Collapse )

Yes, it's exactly what it looks like. You type in a UNIX shell command, and our old f(r)iend AJAX sends it back to a webs(w)erver where a CGI script executes the command, and sends the results back. AJAX then dynamically rewrites the page text to show the results.

Collapse )

As you can see, not only is this a really bad idea, it's also horribly implemented! So I expect that this will become the basis for the next big thing in Web tech. ;]

I made this so I could telnet from my iTouch. But although it works great in Firefox, it doesn't work at all on the Touch! It just won't submit the form or call ajax(). Oh the irony...