The iphone-dev team hasn’t been resting on their laurels since releasing the iPhone Pwnage Tool 2.0 nearly two weeks ago and decided to update everyone on their progress. Despite the iPhone 2.0 jailbreak, there still isn’t a way to unlock a 3G phone. They’ve managed to do other things like downgrade a 3G to an older baseband firmware, which demonstrates their ability to bypass security checks and run unsigned code on the baseband. A nice side effect of all the downgrade work is that they’ve perfected the percautions they take to prevent bricking. The team has been following threads about using SIM proxy devices for unlocks as well, but concluded that the devices are a kludge at best and reliability can vary wildly depending on the phone’s location. They also pointed out the fine work that RiP Dev has been doing on Installer 4 which will help you install software that isn’t from the AppStore.
firmware148 Articles
IPhone: 2.0 Firmware Jailbroken, 3G Taken Apart
Oh, iPhone Dev Team, you are a hoot. It isn’t that you managed to jailbreak the iPhone 2.0 firmware on the day of its release, although we can’t help but smirk at that. It isn’t even that you revealed your handiwork in a playful way. We simply love that you expertly work us into a frenzy for the new jailbreak installer with few casual images and some aloof words. Now give us the installer before we get too antsy, please.
Not to be outshined, though, iFixit has posted a full iPhone 3G teardown, stripping away the sleek casing to feast on the goodness inside. They found some interesting changes from the last model: the glass screen, for example, is no longer glued to the LCD, which will no doubt make repairs less expensive. The battery is also unsoldered, meaning you won’t have to send the phone in for repair if the only battery needs maintenance.
Wii Upgrade Breaks Twilight Hack
Nintendo’s latest menu upgrade for the Wii, version 3.3, has broken the long standing Twilight Hack. In the past, you could load a hacked Twilight Princess save game to execute arbitrary code. After the upgrade, the Wii now deletes the hacked save game. The Homebrew Channel seems to have remained intact. So, if you’ve already added it and you upgrade, you should be fine. There’s no telling how long before homebrew code will be completely locked out though.
[photo: cibomahto]
Wii Dual NAND Flash Hack
[ChipD] successfully installed two NAND flash chips into his Wii. He can keep the stock firmware on one and then flip a switch if he wants to boot using the other chip with a modified firmware. This hack is fairly straight forward. All it took was someone with steady hands to try it out. The new NAND chip is identical to the original and was salvaged from a flash drive. The chips were soldered as a stack except for the chip enable pin. The chip enable from each chip is attached to a small switch to toggle between which is active. You could use a TSOP socket to swap the different chips, but it wouldn’t fit inside the Wii case. This little switch could be hidden easily next to the GameCube ports.
Porting CHDK To New Cameras
While researching the CHDK How-To, we came across the team’s instructions for porting the firmware to entirely new cameras. In theory, CHDK should work on any Canon running the DIGIC II or III processor since most of them are running the same VxWorks OS. A dump of the camera’s firmware is required before porting work can begin. On some cameras, the firmware was retrieved using software, but others required a hardware route. Pictured above is a Canon A610 that’s slowly flashing out every bit of its firmware using the built in LED. The photodiode is hooked up to a soundcard where the entire bitstream is recorded. It takes 1-7 hours to read the entire firmware. Once the sound file has been captured, it’s reverted to the original bytes and can then be decompiled with something like IDApro.
How-To: Expand Your Camera With CHDK
As anyone who has lusted over the technical specifications for Canon’s new Digital Rebel XSi knows, the capabilities of the average point and shoot camera are severely limited. Using the CHDK firmware hack, the features of Canon point and shoot cameras can be significantly expanded, allowing for ultra-high speed photography, very long exposures, time lapse photography, and RAW capture. This How-To provides a guide to our experiences using the CHDK firmware, and shows just how easy it is to get more out of a point and shoot than ever thought possible.
Phlashing Denial Of Service Attack, The New Hype
Imagine how surprised we were to discover that by accidentally bricking our router we were executing a brand new attack: Phlashing Denial Of Service (PDOS). This week at EUSecWest, researcher [Rich Smith] will present the theoretical PDOS attack. Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it with a broken firmware. Anyone who has flashed a device knows the danger of interrupting the procedure.
Continue reading “Phlashing Denial Of Service Attack, The New Hype”
