Free software downloads

When the bootloader is not the bootloader...

I'm exit to address the deuce comments I acceptable in this post. This basically has zero to do with UNIX, and more than to do with iPhone hacking. There's a lot of mental confusion around with the jailbreak/unlock. The deuce comments basically hit upon the piping points. The piping mental confusion centers around the construct that when you grease one's palms an iPhone, you're not just deed a computing machine, you're deed TWO computers.

What I'm concerned in is the S5L8900, the thing that runs the iPhone software system. Here is other tactical manoeuvre known as the commboard, which has its personal business, nonvolatilisable storage device, boot sequence and everything. It's barely an simplification to state that the system board (the S5L8900) and the commboard can lone communicate with each otherwise concluded a order UART. That is, the lone way the system board can control the commboard is with human-readable AT commands! Not precise low level at no; they're not precise interconnected. Organism able-bodied to hack meat modality encrypt like iBoot does not give us some more than access than we had done minicom on a jailbroken iPhone.

kavkan asked me if iPhone UNIX would head off the unlocks. He point started talk about golf shot on third-party applications, etc. Golf shot third set applications on your iPhone is usually referred to as jailbreaking: stuff we do on the S5L8900. When we say unlock, we're usually mean a SIM-unlock. That necessarily instrumentation breaking a whole otherwise, entirely outlined, set of security that's on the commboard. A escape makes it easier to do that (because you can nowadays talk to the commboard with that order UART I discussed earliest), but it's entirely separate.

brandy asked me about "bootloader corruption" as it pertains to basebands. As I same earliest, the bootloader I am talk about is on the S5L8900. The baseband/commboard has its personal bootloader and its personal non-volatile storage device (also NOR flash, probably the European bit of flash its bootloader and firmware sits on too). The recuperation mechanics on the baseband is right little rugged than the one on the S5L8900. The lone sure way seems to be victimisation that implements of war testpoint to force it to accept a new bootloader, and even that can be subjugated by carefully crafting the NOR table. In otherwise language, it sucks.

In suburb, a lot of the question is right to bad software system overwriting the seczone with bad collection, stuff that's specific to your telecommunicate. Therefore, aggregation is irretrievably lost and here Gregorian calendar month not be a way to recover.

The repudiation is, of course, I'm not a baseband practiced. This stuff is lone what I've surmised by supporting out with no of them. It's openhearted of strange. On the dev group, w___ and Zf (they're baseband guys) and I were talk about how little we each know about the others' work. We do beautiful little the European work, but on dissimilar platforms. Aft I explained what we do on the S5L8900, I think w___ same that he did the European thing "lone on the baseband, you have a man posing on top that does stuff to you for unknown reasons". And for the S5L8900 group, we have a little black box adjacent to us that either magically deeds and lets us call group... or not.
Tagi: volatile storage, golf shot, device boot, storage device, boot sequence, computing machine, minicom, uart, manoeuvre, jailbreak, modality, iphe, two computers, software system, encrypt, piping, iboot, firmware, brandy, grease

The Integrated DisAssembler(EDA)

I was hoping person would notice this clearly isn't IDA...

It's EDA, my disassembly/simulation rooms. But it isn't like some otherwise simulator around twenty-four hour period 4-hour interval. Envisage turning control in a simulator, where storage device locations square measure files, manual square measure changelists, and running is committing. You'll be able-bodied to see which didactics restricted some part of storage device, and all alteration it ready-made. Staining MMIO should be caretaker easy.

The picture is the EDA frontend, rendered in Campaign. The EDA backend also has a patch causal agent that finds locations to patch founded on their position in the encrypt, instead of hard-coding one physical object. It also allows in writing function comparisons between dissimilar versions of the code.

Sadly, it's still a work in onward motion. Maybe when its finished, I'll look for the 3G withdraw.
Tagi: compars, square measure, versis, alterati, causal agent, storage device, period 4, disassembler, eda, encrypt, interval, 3g, backend, mmio

QuickGold for iPhone - Jailbroken iPhone app testimonial

This one's not one of reenforce, but an app ready-made by Zachary "zataang" Taanges really hit the spot. Victimisation the Dock 3.0 source encrypt as a reference, Zach created a aesthetical text-based app launcher known as QuickGold that runs right on top of SpringBoard.

It's easy nowadays in Cydia (hosted by Shaun "Ste" Erickson).

This thing is great, just hit the Home button spell already at the home screen and start typewriting what you want, point tap the resultant role that matches. So fast (even faster than Dock)!

Read the rest of this post

Tagi: iphone, taang, typewriting, springboard, encrypt, launcher, reenforce, butt

Boot agenda project is a go!

Aft a Brobdingnagian come of exertion and in-situ enquiry with iBoot (basically a positional notation large positional notation search done the encrypt, disqualifying no functions to see if I could figure out wherefore my LCD operator wasn't excavation properly), I managed to get it fully excavation. The question was three-fold: first, I forgot to write the first and last bytes of my letter of the alphabet tables: oops, but easily fixed. The second question was that apparently iBoot changes the SDIV of the measure in the middle of the data formatting process. I'm not even sure yet how galore inclination the change in measure relative frequency affects. It certainly unnatural the LCD, because before here was no sorts of flickering scanline unfamiliarity as one would reckon from a misconfigured clock.

Anyway, I converse the procedure that denaturised the SDIV and unenforced it. Seems to work fine nowadays. It's been ages since I looked into the measure speed stuff (beautiful little right when I first started this) so I can't say for certain, but I'm beautiful sure doing this increases the measure speed (which would make sense).

The LCD operator worked aft those fixes and I went onto write a simple framebuffer in a couple of time period, so we can finally get text-mode indefinite quantity on the iPhone screen. It was beautiful influential to me to get the screen excavation because even if we can boot a meat, I wanted the layman to feel like a full-fledged OS was running on the tactical manoeuvre, and that instrumentation display and I/O of no sort.

For a final cry, I also wrote no encrypt that lets us notice when the physical buttons (Home, Hold, etc.) were organism pressed down. From these pieces, it will be possibility to construct a in writing boot agenda restricted by those buttons. You could have one derivative to boot into the iPhone OS, and one derivative to go into openiboot command-line modality with that text-mode display.

The icon I posted is the electric current development exposure running on a first generation iPhone, with oibc (openiboot case) adjacent and running on my screen background computing machine. If you have a 2G iPhone or a first-gen iPod touch, you can try it out yourself by checking out the encrypt from Github and collection it (It's lone premeditated to be shapely on a UNIX machine. You'll be wanting no UNIX headers other). I wrote no alkaline notes on how to get it running inside the source tree, but this is not something you're anticipated to work with unless you're a fairly experience software engineer yourself.
Tagi: letter of the alphabet, measure speed, coue, indefinite quantity, relative frequency, current development, brobdingnagian, would make sense, framebuffer, text mode, manoeuvre, iphe, modality, layman, encrypt, iboot, butts, time period, sorts, clock

NAND FTL

So the big tidings twenty-four hours (otherwise than Obama successful the incumbency!) is that we have decent of a associate NAND operator nowadays that we're able-bodied to read from NAND! It was verse form lose. Here turns out to be not as little implements of war fetich as, say, Merlot, so that's beautiful good tidings. It seems to work (albeit slowly) and I even wrote the ECC routines twenty-four hour period 4-hour interval (and those be to work as well).

Unfortunately, in the course of this, we discovered various unpromising belongings. First, I can't be to find thing that strength write to NAND. It's probably not little more than complicated and probably reuses a lot of the stuff we've been doing, but it instrumentation that we strength have to look in the meat for that encrypt, which take of bites (a lot of the meat is in C++ and not as affable to reverse).

The second thing is the actualisation that no of Samsung's proprietorship FTL encrypt is in this thing. Without organism able-bodied to see it, we can't actually map sectors to collection and we can't make sense of the NAND collection or write new collection to it in a functional way. Unfortunately, this encrypt is likely to be ridiculously structure, since it's basically their SDK they move to everyone. Without it, we can still carry on, but the iPhone can't read Linux's collection and UNIX can't read iPhone's collection. In the rack up case, we can't even have both OSes on the NAND at once.

Still, organism able-bodied to dump NAND done USB is a substantive acquirement, and we're well on our way.
Tagi: good tidings, iphe, twenty four hours, verse form, incumbency, period 4, proprietorship, encrypt, oses, sdk, interval, sectors, samsung, unix, linux, map