ok here you go thew00
Sunday, March 29, 2009
Friday, March 27, 2009
The Devil Went Down to Jailbreak
so you thought we couldnt do it eh? well hah! we have succesfully compiled iPredator 2G. we have succesfully implemented the LLB patch that uses this exploit:
irecovery -s
arm7_stop
mw 0x9000000 0xe59f3014
mw 0x9000004 0xe3a02a02
mw 0x9000008 0xe1c320b0
mw 0x900000c 0xe3e02000
mw 0x9000010 0xe2833c9d
mw 0x9000014 0xe58326c0
mw 0x9000018 0xeafffffe
mw 0x900001c 0x2200f300
arm7_go
arm7_stop
/sendfile iBSS2
go
/exit
made by chronic this executes unsigned code on arm7 which is in the same bus as arm11
(which does most of the device prcessing ) to those who have been clued in this is old news
basically we took XPwn and built our GUI around the shell command line. its windows only at the moment but we will (hopefully) port to mac osx leopord the download will be soon so enjoy it when it comes!
-Stand alone dev
irecovery -s
arm7_stop
mw 0x9000000 0xe59f3014
mw 0x9000004 0xe3a02a02
mw 0x9000008 0xe1c320b0
mw 0x900000c 0xe3e02000
mw 0x9000010 0xe2833c9d
mw 0x9000014 0xe58326c0
mw 0x9000018 0xeafffffe
mw 0x900001c 0x2200f300
arm7_go
arm7_stop
/sendfile iBSS2
go
/exit
made by chronic this executes unsigned code on arm7 which is in the same bus as arm11
(which does most of the device prcessing ) to those who have been clued in this is old news
basically we took XPwn and built our GUI around the shell command line. its windows only at the moment but we will (hopefully) port to mac osx leopord the download will be soon so enjoy it when it comes!
-Stand alone dev
Monday, March 16, 2009
0x24000 a simple break down of the new segment overflow exploit.
Ok I'm not totally clear on everything. Lightly correct errors
-- basically the segment is overwritten. This means that anything over 0x24000 bytes will not be read (or signature checked) by the bootrom during the RSA BootRom Check. This allows unsigned code to be executed in the overwritten segment Allowing a custom LLB to be booted and other such things (cydia installer etc. ) to be executed. And because you have the bootrom out of the way you can patch the LLB-> iBoot -> Kernel -> codes in kernel allowing am untethered jailbreak.
-- basically the segment is overwritten. This means that anything over 0x24000 bytes will not be read (or signature checked) by the bootrom during the RSA BootRom Check. This allows unsigned code to be executed in the overwritten segment Allowing a custom LLB to be booted and other such things (cydia installer etc. ) to be executed. And because you have the bootrom out of the way you can patch the LLB-> iBoot -> Kernel -> codes in kernel allowing am untethered jailbreak.
Oh Nastalgia and his new friend
We have returned ipredator as an xpwn+24kpwn GUI simaler to quick freedom. It's just a GUI at the moment but we have everything we need. More soon.
a new Standing member
A new member has been inducted into standalone dev. i myself am impressed with his capabillitys. He will be head 2G developer. (even though Chronic did a full 2G jailbreak we want to make it easier for windows users to apply the 24kpwn LLB [low level bootloader.]segemnt overflow Patch.) so hes going to help us write some dev .IPSWS and see we can boot a fully happy (patched and jailbroken.) firmware file on iPod Touch 2G. and distribute them on megaupload every update ( please be ware we will be writing them from scratch and CHRONIC will recieve 70% credit for his 24kpwn patch.)
Wednesday, March 11, 2009
Hats off. :)
It appears chronic ,westbaer,pod2g,CPICH planetbeing, ius, and various others have done it! They did a complete untethered 2G jb. Using an LLB segment overflowbased exploit. Very very good a tip of my hat. And as stephen colbert would say"and a wag of my finger to NitroKey for ripping off chronics exploit(not to mention ripping everyone off!) :) good job chronic
Subscribe to:
Posts (Atom)
