I feel it's needed to write a quick note here. If you are seeing ads on this page, you navigated here using someone elses site. I have never had ads on this page. Go to this page at http://iphonejtag.blogspot.com/ or http://georgehotz.com/ NOT geohotblog.com
Also update on the exploits. A16 is a buried via, but it is right at the edge of the chip. Just scrape the epoxy away and hook a wire under there. I'd do it but a lot of my hardware stuff is at RIT. And I didn't say the software exploit would be easy, but this paper alludes to 2/3 of the message being spoofable. 2/3 is 3 bytes away from how much we need, and 3 bytes can be brute forced easily enough. Of course 1/3 is trivial to exploit with a cube root, I understand that math well enough.
Sunday, December 2, 2007
Subscribe to:
Post Comments (Atom)
84 comments:
So.. if it's 3 bytes away.. it's a matter of days.. or maybe a week or so..
isn't it..?
Upon first glance, it looks like the method of the paper is to produce 4 messages with a certain multiplicative relationship between them, which given a signature of three of these messages, can be used to forge the fourth signature. We can't get Apple to sign 3 randomly chosen signatures of our choice; I mean, if we could get them to sign a single one, we'd be done already.
Now I don't understand if this is related to the modulus you're working with, but according to the Elite team there are 4 RSA moduli buried within bootloader v4.6:
http://code.google.com/p/iphone-elite/wiki/SecpackAuthentication
Are these different moduli, used for different purposes, or maybe Apple redundantly signs the same message with different moduli? In that case, there could be a way to exploit that...
I read somethnig that tells me you will need much more time than week to finish hack(unlock)...
Hey, sorry out of the topic, but out of curiosity will your hardware method unlock OTB 1.1.2???
We need a picture of A-16 location and Disc. scraped someone please post a pic...
Any idea's on a timeframe as to how long it will be before this software unlock for 1.1.2 otb will be finished??
I'm not sure what any of the above means. But if sacrificing a goat or a frog would get you closer to the 3 bytes that you need, let me know.
Support the 1.1.2 w/4.6 unlock effort @ 11246unlock.com.
All donations will go to the first developer/team to unlock a 1.1.2 iPhone OTB with BL 4.6 via software!
mmmh i'm not mathematic but, I think someone can try the RSA attacks...
Brutforcing all it will requires a long time but maybe, according to georg, if somebody can brake 2/3....everything will be easyest...
This attack can be used?
http://en.wikipedia.org/wiki/RSA#Timing_attacks
mmmh... I just checked in milw0rm andI found this new exploit:
http://www.milw0rm.com/exploits/4673
It's about quicktime and affect also osx system...somebody think this can be useful or not...maybe can be a new way..or just a illusion...
Some researchers found that the Playstation is great for cracking. I'm not totally sure if these new learnings can be applied to brute force the iphone...but it's definitely worth noting...
Seriously Whats with everyone sayin " oh whens the unlock " every 5 minutes". They're doing this at their own pace, time AND Free will. So they can stop at any time, doing this puts them underpressure, just be grateful there are people like them in the world to help people like us!
Hope you all luck
I don't think anyone means any disrespect towards the iPhone hackers by asking for an ETA of the unlock. It's difficult not understanding all the terminology that the experts do. It leaves a lot of people in the dark, and those more impatient or curious than others are merely wondering how far along is the process. Most people are merely asking for a translation, as those who understand the complex terms can easily create a mental timeline given the info from Geohotz's blog. To Mr. Hotz, I salute you, and trust that we will be informed the moment the unlock is achieved. You're a very talented person. Keep up the fantastic work.
Regards,
- Ben
Since the o2 card can be used, as well as at&t, how about trying to find a common function of these to sim's and mod it like that? something different? my 2c worth
Geohot, any progress? :) Hope so!!! Can we help brute force from our machines?
I think y don't u try to write a program that can change the information of the simcard that the
phone recognize the sim card at&t the methode is the same as turbosim .If it work u don't have to worry of any new firmware.
P.s. Sorry if i'm wrong
sony159@gmail.com
I think y don't u try to write a program that can change the information of the simcard that the
phone recognize the sim card at&t the methode is the same as turbosim .If it work u don't have to worry of any new firmware.
P.s. Sorry if i'm wrong
sony159@gmail.com
A lot of french websites show that there is 1.1.3 firmware coming this Saturday... so should we expect to see an unlock for 1.1.2 OOTB this weekend?
Any idea's on a timeframe as to how long it will be before this software unlock for 1.1.2 otb will be finished??
Any idea's on a timeframe as to how long it will be before this software unlock for 1.1.2 otb will be finished??
Hey Jake, no timeframes. It'll be ready when its ready. If you MUST have a OTB 112 working urgently - get a turboSIM.
i see ppl advertising around town that they can unlock iphones, any FW, any bootloader, etc etc. What's the deal? is this legit and we're all waiting for the free open-source solution, or is it a scam?
they are scamming! only bootloader 3.9 can be software unlock currently
good wishes from spain!
thanks a lot for your effors guys!
without people like you, this world it's boring ;)
gogogo!
good wishes from serbia, too!!!
Srecno [On serbian: Good luck]
I'll get my iPhone next week, probably 1.1.2 OOB..
Just wondering what are your thoughts on the news that 1.1.13 is going to be released on this Saturday?
I was checking the url below which is used by itunes to check for iphone update [more like xml].
http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.appserver.client.MZITunesClientCheck/version
According to this ipod touch is at version 1.1.13.Hoping that apple updates both iphone & iphone touch in a matter of days, hence I think we should see 1.1.13 soon. Even if we not, do you think it might be worth sniffing on the above url for a french unlocked [officially] iphone?
http://ax.phobos.apple.com.edgesuite.net/WebObjects
/MZStore.woa/wa/
com.apple.jingle.appserver.client.MZITunesClientCheck/
version
sorry the link seems to have been chipped away in the last msg.
Great work! I just got mine from the states with the new Bootloader.
Thanks for your work so far from Switzerland!!
Great work George , thanks again.
Anyone known this product ?
http://www.stealthsim.com/
Can work with 1.1.2 but I don't known what version of bootloader need. I've send a email to producer and i wait a response.
Bye,
another Switzerland citizen.
Stealth sim is something like TurboSim...
It should probably work with any bootloader...
About wich work are you talking???
Hi Tom,
I don't understand why you ask this.
What are doing George ?
Maybe my english is so ugly ....
George,
This is an implementation attack, but maybe Apple's code is vulnerable to it? Assuming the signature uses the same format here...
http://marc.info/?l=cryptography&m=115694833312008&w=2
Fabio, you said: "Great work George , thanks again."
I know what is George doing, but he is still working on it..
Am I right???
Geogre thx for helping us, noob people...
I wish I could be of help but even though I'm a computer scientist this is out of my leage. All I can say is excelent work, thanks for sharing it with everyone and greetings from México.
what we can use a16 with ?
any chance don hotz
shalom ;)
we can have pics of a16 location
and timeing to short it ;)
so we can mess around spread the fame
@ dev team
i have used ure solution in the past and i have made lot of money , i have choosen "Gray" from your team for my donation of 1000 US$ , please let me know how i can send it
Any progress???
Can we run brutal force on our machines, to help???
http://localhost:8080/yp1
rSchlachter Simon
Simon,
http://localhost:8080/yp1
What is this?
Keep up the good work geohot!
Greetings from Guatemala...
8 iPod Touches are waiting to become iPhones someday.. lol
Please visit http://www.11246unlock.com to support the unlock effort!
Money talks people, donate now!
You have MSN???
If you have, add me:
leo_a_bortolotti@hotmail.com
And thanks for unlock iPhone!
You have MSN???
If you have, add me:
leo_a_bortolotti@hotmail.com
And thanks for unlock iPhone!
Who are you asking leonardo?
If me, my msn is pptp@hotmail.com or you can contact me through the http://www.11246unlock.com/forums
is it true that the iPhone 1.1.2 bootloader is now hackable for other phone services?
4.6
Oyun
Oyunu
Firma
Firmalar
Hello all, i manage to dissamble the itunes and iTunesmobiledevice.dll and a particular functions came up functions like activatebaseband, deactivatebaseband, flashbaseband in the dll file and in itunes.exe found functions like unlockstatus and simstatus i also when to the function that are calling them and put some watch and breakpoints on it but for somehow reason i can run itunes in debbugin mode with "ida" i need to do this in order to se what values they are getting and hardcore them in the main file so if any of you guys can help me with this i will appreciate it a lot.
Grettings from Mexico, you must excuse my bad english.
mavp, you'd better asking in hackintosh community, it's surelly a better way to ask things like this one :)
ok Giorgio tnks.
mavp si necesitas ayuda desde venezuela me pongo a la orden.. escribeme a pedrombracho@gmail.com y cuadramos mejor.. saludos
The official unlock for any GSM phone is done via AT+CLCK command and NCK code. This code is unique per phone and in the case of the iPhone is RSA encrypted by Apple's private key.
Pedro, gracias me contactare contigo hoy en la noche Saludos.
As far as I know, Itunes writes the NCK code in the iphone for unlocking it in Europe, once you have created an itunes account itunes requests via tcp/ip a respose for unlocking the iphone, this request is encrypted and also the response sent by apple which I am not sure what the messages contain but I think it must be something like imei (cause when you buy an iphone in europe they send then the imei to apple) and another data like the ICCID, so I am thinking that this must be enough to create the NCK code.
I am trying to work on this but I don't have too much free time. I have had put a packet sniffer to watch the itunes-apple conversation. Most of it is encrypted with an RSA SHA1. I also put a file monitor to watch the librarie's communication so if somebody is interested in helping me I would send the log files of my research.
Please feel free to let me know if im going into the wrong side so i dont loose any time.
Kind regards team.
is the iPhone 4.06 bootloader able to hack yet?
hi there mvap, i am in mexico too, and i am on workin on this 4.6 shit too, let's crack it man via iTunes, somehow the Dev Team is not approaching the problem that way, so..... let's get on top of the m...fu..
I am in Chilangolandia,
greetings and keep it up bro, vamos a crakear esta madre bato, pero ya
MAVP:
send 'em my way:
warren.rick@gmail.com
Hey mr.r@4d
What's up.
Can you give me your email account?
Pedro, Rick i sent you an email just a few moments ago so please let me know if you got it, Jake there is no unlock method for the iphone 1.1.2 otb BL 4.6 but maybe soon.
Regards.
Chido....
MAVP if I can help let me know...
email:sawyerpsp@gmail.com
MSN:skywallker@sezampro.yu
On debugging iTunes, I found this on Dev Wiki:
http://iphone.fiveforty.net/wiki/index.php/Debugging_iTunes
It says:
First look for this sequence "84 C0 74 08 6A 00" and put a breakpoint here. When this breakpoint triggers, decrements EAX and continue (anti-debugging protection)
there you go
my karnal, maybe we should also setup an account for the project itself, anyway keep in touch,
si se pudo jajjajajajaja
mr.r4dik4l@gmail.com,
Thanks dna2 i will be out of town this weekend but will try on monday.
MAVP If I can help send an email my way.
I have been really curious about packets, maybe If you get a few logs of some legitmate activations you can view the trends and eventualy find a way to create a fake activation,
My email is:
Partypooperjon@hotmail.com
NEW SITE FOR ONLINE TV AND MOST POPULAR TV SERIES:
http://stafex.net
Hi guys,I'm an iPhone 1.1.2 OTB lucky user, thus I'm pretty interested... I am a beginner programmer (python and php basically), but if I may be useful, just send me an e-mail (gtrombi2000 at yahoo dot co dot uk) or a comment...Consider that I have no idea about how to work on cracking & co, but I can do some unskilled labour work, if needed, or whatever, if taught! just let me know and good luck.
G
I want to try the hardware unlock. Got a 1.1.2 otb phone ready. I've done the old hardware unlock so somewhat familiar with it. Where is A16. What do you do with it? and when?
I am a AT&T subscriber with a 3G SIM. I have this SIM which I use im my current E61 and the SIM which cam with the new 1.12/4.6 OOB iPhone. Is is possible to unlock/activate an OOB iPhome using my active SIM or do I still need a hardware solution like TurboSim or MagicSim (Unverified if MagicSim work AFAIK)? I am a little confuse with the process of activating the iPhone. Doesn't it need to attach to the PLMN to activate or are you somehow faking the iPhone into thinking it has already been activated? Any comments would be welcomed.
If you have a valid AT&T 3G sim, you should be able to simply plug it into your iPhone, then connect it to iTunes and you should be done. No hacking req'd. I found this out by accident when I mistakenly put a valid activated AT&T sim in a brand new OTB iPhone.
Hi i am from mexico, i was searching in google how to unlock 1.1.2 OTB, and i found a program that it asks for your imei and then the program generates an unlock code to your iphone imei, do you think that this program help in something?My msn is masterhacker2104@gmail if someone wants to add me. I wish ou a happy new year!!!
Thats a scam. I haven't heard of any way to unlock the iphone with imei #
mirc
mirç
mırc
mırç
mircturk
turkmirc
mirc indir
mirc yukle
mirch
mırch
mirc turk
turk mirc
mırcturk
turkmırc
mırc turk
turk mırc
turkiyemirc
türkiyemirc
turkiye mirc
türkiye mirc
mircturkiye
mirctürkiye
mirc turkiye
mircturk
turkmırc
muhabbet
forum
forum
turkforum
turkiyeforum
mirc
turkmirc
toplist
site ekle
pagerank
turkmirc
turkforum
sohbet
chat
sohbet odaları
bedava sohbet
bedava chat
türk
karar
Best regards.
sex shop -
feromon -
sex shop -
sex shop -
seks shop -
seks shop -
seks shop -
erotik shop -
erotik shop -
penis büyütücü -
penis büyütücü -
penis büyütücü -
erotik shop -
seks shop -
sex shop -
erotik shop -
erotik market -
vidrom.com -
video share -
file upload -
free file -
image upload -
erotik market -
erotic market -
erotik market -
erotik market -
erotic shop -
erotic shop -
erotic shop -
alışveriş -
12 taksit
Kozmetik
Shopseks.com
Hepzinde.com
penis büyütücü -
penis büyütücü -
virility pills -
elektronik sigara -
virility pills -
penis büyütücü -
penis büyütücüler -
bayan iç giyim -
virility pills -
elektronik sigara
feromon
evden eve nakliyat
evden eve nakliyat
evden eve nakliyat
Sohbet
sohbet
mirc
penis büyütücü
sohbet
muhabbet
matbaa
seks
sex
hikaye
hikayeler
sex
porno
Sohbet kanalları
Sohbet odaları
Chat
evden eve nakliye
chat
magazin
chat
Sohbet
tuzcuoğlu
very good article thanks great blog site:)
süper board
kurtlar vadisi pusu
board
dizi izle
indir
video izle
haber
güzel resimler
süper oyunlar
oyun hileleri
ışık bilgisayar
komedi dükkanı izle
motorsiklet
video izle
dizi izle
kırıkhan
pars narko terör
canlı dizi izle
Thanks man good job.
renovationdoctors.com
turizmseyahat.blogspot.com
www.yagmurunsesi.org
yagmurunsesiorg.blogspot.com
turkuntarihi.blogspot.com
websitesiyapamak.blogspot.com
saglik-k.blogspot.com
ders-hane.blogspot.com
webmaster-sitesi.blogspot.com
good. good. Online Film izle, film seyret, sinema izle, sinema seyret çizgi film izle, seyret, online izle dini film izle,seyret,dini filmler, online izle korku filmler, sinema izle, gerilim, seyret, online izle, seyret çizgi sinema izle, seyret, online film seyret, izle
成人電影,情色,本土自拍, 免費A片, AV女優, 美女視訊, 情色交友, 免費AV, 色情網站, 辣妹視訊, 美女交友, 色情影片 成人影片, 成人網站, A片,H漫, 18成人, 成人圖片, 成人漫畫, 情色網, 日本A片, 愛情公寓, 情色, 舊情人, 情色貼圖, 情色文學, 情色交友, 色情聊天室, 色情小說, 一葉情貼圖片區, 情色小說, 色情, 色情遊戲, 情色視訊, 情色電影, aio交友愛情館, 色情a片, 一夜情, 辣妹視訊, 視訊聊天室, 免費視訊聊天, 免費視訊, 視訊, 視訊美女, 美女視訊, 視訊交友, 視訊聊天, 免費視訊聊天室, 情人視訊網影音視訊聊天室, 視訊交友90739, 成人影片, 成人交友, 本土自拍, 免費A片下載, 性愛,
成人交友,
美女交友, 嘟嘟成人網, 成人貼圖, 成人電影, A片, 豆豆聊天室, 聊天室, UT聊天室, 尋夢園聊天室, 男同志聊天室, UT男同志聊天室, 聊天室尋夢園, 080聊天室, 080苗栗人聊天室, 6K聊天室, 女同志聊天室, 小高聊天室, 情色論壇, 色情網站, 成人網站, 成人論壇, 免費A片, 上班族聊天室, 成人聊天室, 成人小說, 微風成人區, 色美媚部落格, 成人文章, 成人圖片區, 免費成人影片, 成人論壇, 情色聊天室, 寄情築園小遊戲, AV女優,成人電影,情色,本土自拍, A片下載, 日本A片, 麗的色遊戲, 色色網, ,嘟嘟情人色網, 色情網站, 成人網站, 正妹牆, 正妹百人斬, aio,伊莉, 伊莉討論區, 成人遊戲, 成人影城,
ut聊天室, 嘟嘟成人網, 成人電影, 成人, 成人貼圖, 成人小說, 成人文章, 成人圖片區, 免費成人影片, 成人遊戲, 微風成人, 愛情公寓, 情色, 情色貼圖, 情色文學, 做愛, 色情聊天室, 色情小說, 一葉情貼圖片區, 情色小說, 色情, 寄情築園小遊戲, 色情遊戲情色視訊, 情色電影, aio交友愛情館, 言情小說, 愛情小說, 色情A片, 情色論壇, 色情影片, 視訊聊天室, 免費視訊聊天, 免費視訊, 視訊美女, 視訊交友, 視訊聊天, 免費視訊聊天室, a片下載, aV, av片, A漫, av dvd, av成人網, 聊天室, 成人論壇, 本土自拍, 自拍, A片,成人電影,情色,本土自拍,
Thank you for the wonderful effort
إني تذكـرت والذكرى مؤرقـة * مجـداً تلـيدا بأيـدينا أضعـناه
أنَّى اتجهتَ للإسـلام في بـلـدٍ * تجْده كالطيرِ مقصـوصًا جناحـاه
كـم صرفتنا يـدٌ كنـا نـصرفها * وبات يـملكنا شعب مـلكناه
بالله سل خلف بحر الروم عن عرب * بالأمس كانوا هنا واليوم قد تاهوا
وانزل دمشق وسائل صخر مسجدها * عمن بناه لعل الـصخر ينعـاه
هذى معـالم خرس كـل واحـدة * منهن قامت خطيبـا فاغرا فـاه
الله يعلم ما قلبت سـيرتهم يومـا * وأخطـأ دمـع الـعين مـجراه
يا من يرى عمـراتكسوه بردته * الزيت أدمٌ لـه والكـوخ مـأواه
يهتز كسـرى على كرسيه فرقـا * من خوفه ، وملوك الروم تخشـاه
يا رب فابعث لنا من مثلهم نفـرا * يشـيدون لـنا مـجدا أضعنـاه
Thank you for the wonderful effort
إني تذكـرت والذكرى مؤرقـة * مجـداً تلـيدا بأيـدينا أضعـناه
أنَّى اتجهتَ للإسـلام في بـلـدٍ * تجْده كالطيرِ مقصـوصًا جناحـاه
كـم صرفتنا يـدٌ كنـا نـصرفها * وبات يـملكنا شعب مـلكناه
بالله سل خلف بحر الروم عن عرب * بالأمس كانوا هنا واليوم قد تاهوا
وانزل دمشق وسائل صخر مسجدها * عمن بناه لعل الـصخر ينعـاه
هذى معـالم خرس كـل واحـدة * منهن قامت خطيبـا فاغرا فـاه
الله يعلم ما قلبت سـيرتهم يومـا * وأخطـأ دمـع الـعين مـجراه
يا من يرى عمـراتكسوه بردته * الزيت أدمٌ لـه والكـوخ مـأواه
يهتز كسـرى على كرسيه فرقـا * من خوفه ، وملوك الروم تخشـاه
يا رب فابعث لنا من مثلهم نفـرا * يشـيدون لـنا مـجدا أضعنـاه
Thank you for the wonderful effort
إني تذكـرت
والذكرى مؤرقـة
مجـداً تلـيدا
بأيـدينا أضعـناه
أنَّى اتجهتَ للإسـلام في بـلـدٍ * تجْده كالطيرِ مقصـوصًا جناحـاه
كـم صرفتنا يـدٌ كنـا نـصرفها * وبات يـملكنا شعب مـلكناه
بالله سل خلف بحر الروم عن عرب * بالأمس كانوا هنا واليوم قد تاهوا
وانزل دمشق وسائل صخر مسجدها * عمن بناه لعل الـصخر ينعـاه
هذى معـالم خرس كـل واحـدة * منهن قامت خطيبـا فاغرا فـاه
الله يعلم ما قلبت سـيرتهم يومـا * وأخطـأ دمـع الـعين مـجراه
يا من يرى عمـراتكسوه بردته * الزيت أدمٌ لـه والكـوخ مـأواه
يهتز كسـرى على كرسيه فرقـا * من خوفه ، وملوك الروم تخشـاه
يا رب فابعث لنا من مثلهم نفـرا * يشـيدون لـنا مـجدا أضعنـاه
Thank you for the wonderful effort
إني تذكـرت والذكرى مؤرقـة * مجـداً تلـيدا بأيـدينا أضعـناه
أنَّى اتجهتَ للإسـلام في بـلـدٍ * تجْده كالطيرِ مقصـوصًا جناحـاه
كـم صرفتنا يـدٌ كنـا نـصرفها * وبات يـملكنا شعب مـلكناه
بالله سل خلف بحر الروم عن عرب * بالأمس كانوا هنا واليوم قد تاهوا
وانزل دمشق وسائل صخر مسجدها * عمن بناه لعل الـصخر ينعـاه
هذى معـالم خرس كـل واحـدة * منهن قامت خطيبـا فاغرا فـاه
الله يعلم ما قلبت سـيرتهم يومـا * وأخطـأ دمـع الـعين مـجراه
يا من يرى عمـراتكسوه بردته * الزيت أدمٌ لـه والكـوخ مـأواه
يهتز كسـرى على كرسيه فرقـا * من خوفه ، وملوك الروم تخشـاه
يا رب فابعث لنا من مثلهم نفـرا * يشـيدون لـنا مـجدا أضعنـاه
Post a Comment