Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone OS Restore Image (93MB)

dr_lha said:
Why? Perhaps the syncing is done through a proprietary protocol. There's no reason why it needs to be mounted as a device. The iPhone could sync through sftp for all we know, there's no techical reason why it needs to be mounted as a drive and then "hidden". If you can access it through Terminal then thats no security at all after all.

Well my iPhone ships before July 17th, so I'll look into it when I get it, but I don't think its going to be all that easy I'm afraid.
Click to expand...

Interesting, in Windows you can do a netstat -an to get what connections are active and what ports they are active over. I would imagine you could enable ip filtering for all ports (TCP/IP settings) and then try syncing. If it is using a port to communicate over it would fail miserably. I dunno how to do that in OS X, so I am of little help.


Lastly, is it possible to sniff the data being sent down a USB line? Maybe figure out how iTunes is talking to the iPhone by way of just listening in (as it were).
 
dr_lha said:
Why? Perhaps the syncing is done through a proprietary protocol. There's no reason why it needs to be mounted as a device. The iPhone could sync through sftp for all we know, there's no techical reason why it needs to be mounted as a drive and then "hidden". If you can access it through Terminal then thats no security at all after all.
Click to expand...
Your probably right. As Apple has said in the past they don't want people to do third-party stuff because it might stop other features from working. So they have tried pretty damn hard to stop it. But in the end the hackers *almost* always get in. If they are using a network protocol to sync data that could be seen in Activity Moniter (Utilities folder). You could probably pull up a log of disk activity aswell.

diamond.g said:
Lastly, is it possible to sniff the data being sent down a USB line? Maybe figure out how iTunes is talking to the iPhone by way of just listening in (as it were).
Click to expand...
Yes it is. There are tools for Mac OS X and Windows to capture the data being sent through USB interfaces. Infact Apple includes their own USB sniffer (well they call it USB Prober) with their developers tools. Here are a few links.

SnoopyPro (Windows) - http://sourceforge.net/project/showfiles.php?group_id=34567

Apple's USB Debug Kit (Mac OS X) - http://developer.apple.com/hardwaredrivers/download/usbdebug.html
*be warned, Apple's USB Prober captures lots of info (and I mean lots)
 
diamond.g said:
I dunno how to do that in OS X, so I am of little help.
Click to expand...

*grin*

try netstat -an ;)

(oh, and for the IP filtering, there's ipfw).

However, I'd imagine the whole end-to-end comms is wrapped in some sort of ssl encryption with device certificates verifying the authenticity of each device in the chain. There's probably not going to be a simple loophole. It'll be a painstaking slog to try to find any flaws in Apple's implementation of the security, rather than a flaw in the security model itself.
 
nattyD said:
Your probably right. As Apple has said in the past they don't want people to do third-party stuff because it might stop other features from working. So they have tried pretty damn hard to stop it. But in the end the hackers *almost* always get in. If they are using a network protocol to sync data that could be seen in Activity Moniter (Utilities folder). You could probably pull up a log of disk activity aswell.


Yes it is. There are tools for Mac OS X and Windows to capture the data being sent through USB interfaces. Infact Apple includes their own USB sniffer (well they call it USB Prober) with their developers tools. Here are a few links.

SnoopyPro (Windows) - http://sourceforge.net/project/showfiles.php?group_id=34567

Apple's USB Debug Kit (Mac OS X) - http://developer.apple.com/hardwaredrivers/download/usbdebug.html
*be warned, Apple's USB Prober captures lots of info (and I mean lots)
Click to expand...

i was thinking the same exact thing about sniffing the data going over USB right before i came to this forum. You read my mind. If someone could run this Apple USB Prober, while you are restoring the iphone.

So basically run this USB prober, Then hit restore in iTunes and let it work with the iphone connected. Then you will have to search through all the data and find the iPhones OS. And then we will have the operating system.

Someone please try that.
 
diehardmacfan said:
i was thinking the same exact thing about sniffing the data going over USB right before i came to this forum. You read my mind. If someone could run this Apple USB Prober, while you are restoring the iphone.

So basically run this USB prober, Then hit restore in iTunes and let it work with the iphone connected. Then you will have to search through all the data and find the iPhones OS. And then we will have the operating system.

Someone please try that.
Click to expand...

Well it depends if the OS is transfered to the iPhone as the DMG or is decrypted and then sent. The first is more likely as dr_lha pointed out before. So I think for the moment were stumped. Unless the OS is stored on an alternate partition which is looking unlikely as well. And also the USB data could be encrypted its self. As displaced pointed out it could all be ssl transfers and then... well that would be extremely hard to get anything from.

It's a 2 way street. We may figger out how to get the OS. But putting it back would be even harder.

All good things take time. So just wait. And one day it will happen. Of course if you want to help feel free to.
 
Interesting stuff. The passwords for root and mobile. This is be very useful when we get into OS X and not just SpringBoard.

Unfortuantly none of these are the passwords for the DMG.

The most usefull link of iPhone hacking/cracking is http://iphone.fiveforty.net/wiki/ very interesting stuff that they have. They also have forums.
 
diamond.g said:
In Windows, the iPhone would have to show up in device manager. And if it does then there is a drive id (sorta) associated with it. All that information would be stored in the Registry. The real question is how you would present it to Windows as an actual drive letter.

In OS X it isn't showing up as a mounted drive under terminal. How are they putting data on the iPhone?
Click to expand...

As was stated

dr_lha said:
Why? Perhaps the syncing is done through a proprietary protocol. There's no reason why it needs to be mounted as a device. The iPhone could sync through sftp for all we know, there's no techical reason why it needs to be mounted as a drive and then "hidden". If you can access it through Terminal then thats no security at all after all.
Click to expand...
 
It doesn't really matter, the "Restore iPhone to Factory Settings" contains the entire OS it's running, which you can download directly by doing a restore in iTunes to your phone (this is how they watched where it connected to get the file).

Basically the phone is like this:

It has a really fast ram disk, that (already this has DMG has been cracked) that loads instantly, then on the phone the RAM disk calls up the 91 (or so mb) OS image that is a .DMG file and unlocks the encrypted dmg in realtime on the phone. It doesn't really mater if hackers crack this OS X (iphone) DMG password or not, because somewhere in the iPhone is the password stored so that it can unlock the DMG (just like a filevault). So eventually someone with more hardare knowledge (the hackint0sh gang) is almost there is going to figure out how to monitor the iPhone decrypting the DMG (filevault style) disk image so that they won't have to keep guess at the password.
 
Metatron said:
oh come now...in 5 years the budget processor of the time will be able to crack it in under a minute. But who will care by then???
Click to expand...

Processors are getting more cores, rather than faster cores at the moment. You can't access the data more than once in any given time, so it won't make it much faster to crack.
 
Well the DMG did get cracked somehow, although I haven't seen any details of how they did it. I'd be interested to find out. Either the DMG encryption has a serious flaw, or someone on the inside leaked the password. ;)
 
hdasmith said:
Processors are getting more cores, rather than faster cores at the moment. You can't access the data more than once in any given time, so it won't make it much faster to crack.
Click to expand...

Actually that isn't true. Multiple cores can independently brute force a different subset of the key space, etc. and/or work against independent copies of the encrypted data.
 
boulderomen said:
is there a way to install this without using itunes?
Click to expand...

I'd like to know this too.

My iPhone doesn't come until next week and I'm worried about the next firmware update preventing me from unlocking it. I've downloaded the current firmware in anticipation, but I'm unsure if I'll be able to upload it to my phone once this new firmware comes out.

Is there anyway to upload the existing firmware on the phone after the new firmware is released?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back