Wednesday, April 29, 2009
Wednesday, April 15, 2009
How-to decrypt iPhone OS 3.0 beta filesystem
The procedure is a step by step example for Mac to decrypt iPhone OS 3.0 beta2 (3G) iPhone1,2_3.0_7A259g_Restore.ipsw
(1) get the tools here
vfdecrypt http://rgov.org/files/vfdecrypt-mac.zip
or here http://code.google.com/p/iphone-elite/downloads/list
P.S. If you compile the vfdecrypt in Mac (sourre code here), you need to amend two things
(a) As Mac OS X does not have byteswap.h
(b) change this line 357 to
xpwntool http://www.zdziarski.com/iphone-forensics/v2.x-Base/Xpwn/
or
img3decrypt http://code.google.com/p/img3decrypt/downloads/list
(2) compile genpass.c
get the source file here http://www.theiphonewiki.com/wiki/index.php?title=GenPass
or updated source here http://github.com/posixninja/genpass
First, download OpenSSL from here:
http://www.openssl.org/source/openssl-0.9.8h.tar.gz
Untar it, and cd to the directory it is in, in Terminal. Then, type:
After that, rename the directory to "openssl" instead of "openssl(version)"
As long as the "openssl" folder is in the directory you are building this in,
you should be able to now compile it with:
(3) unzip the ram disk from firmware file
(4) decrypt ramdisk
(5) unzip root filesystem from ipsw file
(6) use genpass to get vfdecrypt key
platform = , s5l8720x (for ipod2g), s5l8920x (for iphone3gs), s5l8922x (for
ipod3g), or s5l8930 (for ipad1g)
Platform is the applications processor (i.e. S5L8900X, S5L8720X, S5L8920X, S5L8922X, S5l8930) but in small caps
s5l8900x = iPhone, iPhone 3G and iPod Touch 1G
s5l8720x = iPod Touch 2G
s5l8920x = iPhone 3GS
s5l8922x = iPod Touch 3G
s5l8930 = A4 Processor used by iPad, iPhone 4, and iPod Touch 4G
(7) decrypt root filesystem
You can get the 3.0 OS beta keys here
http://www.theiphonewiki.com/wiki/index.php?title=VFDecrypt_Keys:_3.x
(1) get the tools here
vfdecrypt http://rgov.org/files/vfdecrypt-mac.zip
or here http://code.google.com/p/iphone-elite/downloads/list
P.S. If you compile the vfdecrypt in Mac (sourre code here), you need to amend two things
(a) As Mac OS X does not have byteswap.h
#if HAVE_BYTESWAP_H
#include <byteswap.h>
#else
#define bswap_16(value) \
((((value) & 0xff) << 8) | ((value) >> 8))
#define bswap_32(value) \
(((uint32_t)bswap_16((uint16_t)((value) & 0xffff)) << 16) | \
(uint32_t)bswap_16((uint16_t)((value) >> 16)))
#define bswap_64(value) \
(((uint64_t)bswap_32((uint32_t)((value) & 0xffffffff)) \
<< 32) | \
(uint64_t)bswap_32((uint32_t)((value) >> 32)))
#endif
(b) change this line 357 to
while((c = getopt(argc, argv, "hvi::o::p:k::")) != -1){xpwntool http://www.zdziarski.com/iphone-forensics/v2.x-Base/Xpwn/
or
img3decrypt http://code.google.com/p/img3decrypt/downloads/list
(2) compile genpass.c
get the source file here http://www.theiphonewiki.com/wiki/index.php?title=GenPass
or updated source here http://github.com/posixninja/genpass
First, download OpenSSL from here:
http://www.openssl.org/source/openssl-0.9.8h.tar.gz
curl -O http://www.openssl.org/source/openssl-0.9.8h.tar.gzUntar it, and cd to the directory it is in, in Terminal. Then, type:
tar -xzvf openssl-0.9.8h.tar.gz
cd openssl-0.9.8h
./config && makeAfter that, rename the directory to "openssl" instead of "openssl(version)"
cd ..
mv openssl-0.9.8h openssl
As long as the "openssl" folder is in the directory you are building this in,
you should be able to now compile it with:
gcc genpass.c openssl/libcrypto.a -o genpass -I openssl/include/(3) unzip the ram disk from firmware file
unzip iPhone1,2_3.0_7A259g_Restore.ipsw 018-4877-7.dmg(4) decrypt ramdisk
./xpwntool 018-4877-7.dmg ramdisk.dmg -k 875CACE71C62CDA899D1C22C60466170 -iv DC4D3E13D9CB5F7CDC504DB6B5AB137D(5) unzip root filesystem from ipsw file
unzip iPhone1,2_3.0_7A259g_Restore.ipsw 018-4872-6.dmg(6) use genpass to get vfdecrypt key
./genpass s5l8900x ramdisk.dmg 018-4872-6.dmgplatform = , s5l8720x (for ipod2g), s5l8920x (for iphone3gs), s5l8922x (for
ipod3g), or s5l8930 (for ipad1g)
Platform is the applications processor (i.e. S5L8900X, S5L8720X, S5L8920X, S5L8922X, S5l8930) but in small caps
s5l8900x = iPhone, iPhone 3G and iPod Touch 1G
s5l8720x = iPod Touch 2G
s5l8920x = iPhone 3GS
s5l8922x = iPod Touch 3G
s5l8930 = A4 Processor used by iPad, iPhone 4, and iPod Touch 4G
(7) decrypt root filesystem
./vfdecrypt -i 018-4872-6.dmg -o beta2_3g_rootfs.dmg -k 59A86B5A4FCC76FCADE07FDDF72C72D36A6E105BC0C727F508F2B1313EB1B74D97CA8A81You can get the 3.0 OS beta keys here
http://www.theiphonewiki.com/wiki/index.php?title=VFDecrypt_Keys:_3.x
Sunday, April 12, 2009
pthread_cancel in POSIX thread
Here is an example to use pthread_cancel in POSIX thread programming.
- cancelthread.c Select all
#include <stdio.h>
#include <pthread.h>
void cleanup_routine(void *arg)
{
int *c = (int*)arg;
printf("ThreadCleanup: cleanup called at counter %d\n", *c);
}
void *threadFunc(void *arg)
{
char *str;
int i = 0;
int oldstate;
int retval;
pthread_cleanup_push(cleanup_routine, &i);
pthread_setcancelstate (PTHREAD_CANCEL_ENABLE, &oldstate);
str=(char*)arg;
i = 0;
while(i < 110 )
{
usleep(1);
printf("threadFunc says: %s %d\n",str,i);
if ((i % 10)==0) {
pthread_testcancel();
printf("pthread_testcancel\n");
}
++i;
}
pthread_cleanup_pop(0);
return NULL;
}
int main(void)
{
pthread_t pth; // this is our thread identifier
pthread_attr_t attr;
void *result;
int status;
int join_status;
int i = 0;
/* Initialize and set thread detached attribute */
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE);
pthread_create(&pth,&attr,threadFunc,"foo");
while(i < 100)
{
usleep(1);
printf("main is running... %d\n",i);
if (i==20) {
printf("thread is terminating...\n");
status = pthread_cancel(pth);
break;
}
++i;
}
printf("main waiting for thread to terminate...\n");
status = pthread_join(pth,&result);
if (status != 0)
printf("Error: Join thread");
if (result == PTHREAD_CANCELED)
printf ("Thread canceled at iteration\n");
else
printf ("Thread was not canceled\n");
printf("main with thread terminated\n");
return 0;
}
Subscribe to:
Posts (Atom)
