Saturday, April 19, 2008

My First iPhone firmware 2.0 application Embark

I have written a small application for firmware 2.0 beta 3 iPhone using the open tool chain header

This small application allows you to have place shortcut icon in homescreen for
telephone dial, sms, email or webpage




Requirements :
PWNED iPhone with firmware 2.0 beta 3 (build 5A240d)
SSH installed in your iPhone, so that you can install it via wifi

Details see this post
http://www.iphone.org.hk/cgi-bin/ch/topic_show.cgi?id=6264&h=1#27987

Application Binary can be downloaded from here
Posted by at 2 comments:
Labels: , ,

Friday, April 18, 2008

Using the Apple SDK with low-level toolchain APIs

Update and details here

Assume you have installed iPhone SDK beta 3 and want to use the toolchain APIs to port the existing iPhone Application to Firmware 2.0 beta 3 using Apple's SDK

(1) Install iPhone SDK beta 3 from Apple

(2) Install the toolchain headers as per instructions from here
But I have modified it for the Beta 3 SDK path as below


    $ sudo mkdir -p /Developer/SDKs/iPhoneOS.sdk/Versions/iPhoneOS2.0.sdk/
    $ svn co http://iphone-dev.googlecode.com/svn/branches/include-1.2-sdk
    $ cd include-1.2-sdk
    $ ./configure --prefix=/Developer/SDKs/iPhoneOS.sdk/Versions/iPhoneOS2.0.sdk/
    $ sudo sh install-headers.sh


(3) Get the following Template here, unzip it and put the "Tool Chain Build" folder under the following folder (you need to create this folder first),
/Developer/Platforms/iPhoneOS.platform/Developer/Library/Xcode/Project Templates/iPhone Tool Chain

then you can see this Template when you create new project

(4) This template supports Build to device and release only, so you have to connect your iPhone to USB cable when build and go

(5) When using SDK framework to build old iPhone App, you would discover that some symbols will be missing when linking

(6) The Template also include MakeFile to build application that can be ssh to iPhone folder /Application
Posted by at No comments:
Labels: , ,

Friday, April 11, 2008

Convert apple encrypted img2 file to png

(1) get the source code from
http://pastebin.ca/977711
and name to it img2png.c

(2) get the libpng file from http://www.libpng.org/pub/png/libpng.html

(3) compile with 
gcc img2png.c -lcrypto -lpng -o img2png


(4) Run
./img2png applelogo.img2 applelogo.png
Posted by at No comments:
Labels: , ,

Thursday, April 10, 2008

Find iPhone secret ramdisk decrypt key

This is one of the methods using Mac OS to find the ramdisk secret key of iPhone IPSW file

The method is stated in
http://iphonejtag.blogspot.com/2008/01/iphone-secret-key.html

After finding the decrypt key, you can use vfdecrypt (from my previous posts) to decrypt the iphone filesystem


For example, iPhone 2.0 beta firmware file (build 5A225c) is iPhone1,1_2.0_5A225c_Restore.ipsw


#!/bin/bash

# first extract the ramdisk image file from the ipsw file
unzip -o iPhone1,1_2.0_5A225c_Restore.ipsw 018-3476-4.dmg -d .

# print out the size of the file (dump the 13th to 16th byte of the file) using
echo `hexdump -s12 -n4 -e '"%d\n"' 018-3476-4.dmg` / 512 | bc

# the output will be 37464 for this case

# strip off the first 0x800 bytes and the trailing certificate
dd if=018-3476-4.dmg of=018-3476-4.stripped.dmg bs=512 skip=4 count=37464 conv=sync

# use the method of GEORGE HOTZ
openssl enc -d -in 018-3476-4.stripped.dmg -out ramdisk-018-3476-4.dmg  -aes-128-cbc -K 188458A6D15034DFE386F23B61D43774 -iv 0

# print out the ramdisk key from the image
strings ramdisk-018-3476-4.dmg | egrep "^[0-9a-fA-F]{72}$"


The output of the script is below and the ramdisk key is at the last line of the output

Archive:  iPhone1,1_2.0_5A225c_Restore.ipsw
inflating: ./018-3473-4.dmg      
37464+0 records in
37464+0 records out
19181568 bytes transferred in 0.770523 secs (24894216 bytes/sec)
ea14f3ec624c7fdbd52e108aa92d13b16f6b0b940c841f7bbc7792099dae45da928d13e7


The ramdisk key is in the /usr/sbin/asr after mounted the ramdisk image.
strings /Volumes/ramdisk/usr/sbin/asr



The second method is to get the 8900decryptor.c from http://code.google.com/p/iphone-elite/wiki/8900decryptercode

and compile it using 
gcc 8900decryptor.c -lcrypto -o 8900decryptor


using this command, you can get the decrypted image and the key as well
./8900decryptor 018-3476-4.dmg 018-3476-4.8900decrypted.dmg
strings 018-3476-4.8900decrypted.dmg | egrep "^[0-9a-fA-F]{72}$"

Moreover, you can mount the ramdisk 018-3476-4.8900decrypted.dmg directly
The ramdisk key is in the /usr/sbin/asr of this mounted ramdisk image.

If you find this info useful, please consider to $1 by clicking the Donate button.
Posted by at 1 comment:
Labels: , , , ,

Wednesday, April 9, 2008

iPhone use 3G chips in version 2.0 firmware

http://digg.com/apple/Infineon_Technologies_PMB8878_is_the_next_iPhone_Chip
Posted by at No comments:
Labels:

Tuesday, April 8, 2008

Pwnage Tool : Step by Step Guide iPhone upgrade from 1.1.3 to 1.1.4

http://www.iphone.org.hk/cgi-bin/ch/topic_show.cgi?id=6098
Posted by at No comments:
Labels: , ,

Sunday, April 6, 2008

PWNAGE FAQ and How to User Guideline

http://hackint0sh.org/forum/showthread.php?t=36686

http://www.modmyifone.com/wiki/index.php/PwnageTool_OSX_Usage_Guide_PWN_It


http://iclarified.com/entry/index.php?enid=893
Posted by at No comments:
Labels: ,

Wednesday, April 2, 2008

Use Apple SDK to build 1.1.4 apps

Good stuffs and updated for iPhone SDK Beta 2

Link moved to
http://www.hackint0sh.org/forum/showthread.php?t=37998
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)