iPod nano 6g closer to being cracked

[Steven Troughton-Smith] figured out how to push signed firmware through to the iPod Nano 6g. This is accomplished by modifying iRecovery to recognize the device on the USB after forcing a recovery mode reboot. So no, this doesn’t mean that it has been cracked since it checks the firmware you push and reboots if it’s not approved. But if you can figure out how to craft a custom image that passes the check you can call yourself a jailbreak author.

[Thanks RavK via NanoHack]

Comments

  1. GotNoTime says:

    The author just added the USB VID/PID for a 6G Nano in recovery mode to the iRecovery utility. Its not exactly a major breakthrough…

  2. minipimmer says:

    Maybe I am not the average consumer, but I can assure you that I won’t buy this thing unless it gets cracked and someone finds a way to put new software on it. So at least for me it would be a benefit for Apple if this thing got cracked.

  3. Shield says:

    @GotNoTime

    Which is why you were already able to do this, right? RIGHT?

  4. xorpunk says:

    They use a boot rom to set the ARM partition bit and load the isolated loader just like all other Apple products. The iphone devs do things through shellcode exploits, even the SHA1 based exploit they haven’t released yet..

    -ARM stuff has the loaders on the other side of a domain bit mapped by a rom you can rewrite if you can write&reflow if you can do BGA stencils

    -X360 has a boot rom that loads an embedded NT kernel that has code for per session encyption, execute disable, and signing

    -PS3 has a boot rom that loads from a NAND descriptor into isolated SPUs loaders that use DMA PKI with the ROM for crypto and signing(but they left disc auth, lv1/HV and a lot of other stuff in RAM(you still can’t encrypt and sign, even geohot couldn’t..he hashed an update package with pre-encrypted binaries)

    They all take memory corruption o_o

    ..Wait till these vendors learn to actually properly use hardware isolation and execute disable, that will actually be worth spamming twitter about if someone defeats it, this stuff people do every day on other platform..

  5. Adam Outler says:

    So all that is left is to obtain Apple’s private encryption key and digitally sign the package? That’s all?

    Sounds like an impossible task. You would be much better off finding some sort of permissions escalation exploit which would be able to bypass signature checks all together.

    This is a well known feature in ALL IOS based products.

  6. GotNoTime says:

    @Shield Typing in two numbers which are easily found into an existing utility without any other changes is hard to do and newsworthy? I’ll inform the newspapers. You can handle the TV shows.

  7. xorpunk says:

    @GotNoTime: Don’t expect people who didn’t know RCE existed before Geohot and iphone to understand technical aspects of security architecture..

    What’s funny is out of all the ARM devices in the world Apple products aren’t even close to being the most secure. Especially compared to ARM industrial robotic FPGA IP markets that use the same arch, just better developers..

  8. jeditalian says:

    i could crack that thing in 2 seconds flat.. with a hammer :D

  9. snake says:

    As previously stated, this isn’t newsworthy. The firmware is still encrypted/locked so that still has to be defeated before anything can happen! This is NOT a trivial task.

  10. jeditalian says:

    u can kinda read the words if you put it in 720p. maybe on a bigger monitor. on a more related topic: someone needs to perfect the arc reactor so that we can have wireless earbuds, and never have to change the batteries in that fancy wristwatch u got thurr

  11. Bill D. Williams says:

    I’d never want to “crack” it. What a waist of time. It’s a freaking iPod. It does what it does – play music.

    Ya know – you don’t have to “hack” everything.

  12. Smokie says:

    @Bill D. Williams- Killjoy. It does what it does – play music. Then why did they lock it down?
    Why hack everything? Well, just the fact that you could hack into something is reason enough to be happy about your skills, irrespective of whether the hacked device has any use or not.

  13. lolwut says:

    @Bill D. Williams

    I believe there were a few articles following a guy reverse engineering a led night-light.

  14. maus says:

    “I’d never want to “crack” it. What a waist of time. It’s a freaking iPod. It does what it does – play music.

    Ya know – you don’t have to “hack” everything.”

    Argument from someone with an extreme lack of imagination.

    You could, for example, hack it to not require iTunes, so you could use it like a storage drive, moving the mp3s and other files in and out from the desktop.

  15. maus says:

    “Ya know – you don’t have to “hack” everything.”

    Also, what the hell. What site are you on again? Find yourself at donothingallday.com often?

  16. xorwar says:

    @snake:It does crypto from the other side of the partition bit just like the others..It takes shellcode exploits, which I doubt the person in this article will come to realize and learn before giving up…it’s got two ARM chips and a media SOC, there is really nothing to jailbreak except to do CFW..

  17. snake says:

    “You could, for example, hack it to not require iTunes, so you could use it like a storage drive, moving the mp3s and other files in and out from the desktop.”

    Or you could just buy an MP3 player that already supports this and stop supporting a company that are so anti-hacker.

  18. Shield says:

    @GotNoTime

    Again, you have done it already right? If not shut up.

  19. Charlie says:

    You know, is there any reason for this beyond being a proof of concept? I mean what are you going to do, put Angry Birds on that tiny little screen?

  20. JB says:

    @snake: Good one. You won’t catch me dead buying iCrap™ from the iDiots™ at Apple :P (had to say it)

    Good first step at hacking this thing, I hope they break it all the way.

  21. GotNoTime says:

    @Shield

    Shut up? U mad bro?

    And yes, I have previously done a lot of work for the iPhone and iPod touch. I am perfectly capable of typing in two numbers into an open source tool if I felt the need to but I guess you’re not capable. There are various guides online about how to do copy & paste if you wish to find out more.

    1. Add PID/VID to existing tool

    2. ???

    3. Profit and/or Custom Firmware!

    I’ll let you work out #2 at which point it will actually be newsworthy unlike this.

  22. filespace says:

    @gotnotime where is that damn troll sniffing rat when you need it?

  23. Mike Szczys says:

    @Filespace: It’s spewing smoke from all of the blinking and beeping it’s been doing.

    Let’s keep it civil please Ladies and Gentlemen.

  24. Greg says:

    “You could, for example, hack it to not require iTunes, so you could use it like a storage drive, moving the mp3s and other files in and out from the desktop.”

    Does SharePod not work on these anymore? I got a free ipod a few years ago. I hate itunes so I went searching for something else. Found SharePod and never looked back. Then came internet radio on my smartphone and make portable mp3 players obsolete…

  25. Bill D. Williams says:

    Hey – all I’m saying is that none of you rocket scientists are going to “hack it” and make it better than what it already is.

    At this point an iPod nano is like a shovel. It does one thing, and it does it well. Sure, you could use a shovel as a canoe paddle, but it wouldn’t be very good at it, now would it?

    All that’s going to happen is that someone will find a way to play doom on it, and then we’ll all sit here and talk about the next iPod nano and when will it be cracked. It’s kinda pointless.

    Go build something and stop commenting on HAD. ;)

  26. Will says:

    @ charlie yeppers
    @ jb lol
    @ filespace we will never know
    @ bill I find it quite fun to hack something to play doom just for the sake of accomplishing something. Ya I’ve never played doom but it doesn’t mean I don’t load t and execute it on some unintended platform.

  27. strider_mt2k says:

    Damn right hack it.

    Bend it over and have your way with it, because you bought it and you can do what you want with the stuff you bought, as long as you understand the consequences.

    If you don’t want to, then don’t…genius.

  28. Bill D. Williams says:

    lol

  29. bcoz says:

    Put Rockbox on it. Then it could read OGG and FLAC formats and actually be useful as a music player.

  30. Jon says:

    If the 6G nano is ever hacked, i implore someone to PUT A F*#$#NG ALARM CLOCK ON IT. Supposedly it was a design decision not too, because it doesn’t have an external speaker but WHY DIDN”T THEY JUST LEAVE IT IN, now docks/speakers without built in alarms won’t have alarms at all.

  31. profanity_2x says:

    any of you have any idea about how u can change the function of every ke..

    for example making the volume down button do the function of sleep/wake button

    you see my sleep/wake button is stuck!!…so i was wondering if i can make the volume down button do that job!!

  32. Objekt_ says:

    What’s with all you Negative Nancies?

    For one, I want to hack it just for the fun of hacking it!

    And two, maybe I just want to see pointless little video loops flashing on that tiny screen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 97,792 other followers