Easy there champ, we're all friends here having a calm discussion, let's all get along
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Preliminary iPhone 1.1.1 'Jailbreak', Ringtones Soon?
- Thread starter MacRumors
- Start date
- Sort by reaction score
Easy there champ, we're all friends here having a calm discussion, let's all get along
Hmmm, interesting point, never thought about that. Is that how the development team is "getting into" the device? Through a security leak? I thought it was simply breaking the encryption (which, I guess is essentially finding a flaw). How exactly are they getting into the iPhone?
They are neutral, however they are required to fix all security flaws, the method to get the programs there take advantage of a security flaw in Safari. These holes will be closed as soon as possible after they are discovered. You are likely to see a very impresive patch when leopard is released in 3 weeks, it is going to have a lot of nice features that people are going to want. Some will be able to upgrade some may brick the phone. Everytime you install something on the phone you risk getting a brick at the next upgrade, you are gambling, but it is your phone to gamble with. I EXPECT A LOT MORE BRICKS SOON, EVEN SOME THAT ARE NOT UNLOCKED.
Hmmm, interesting point, never thought about that. Is that how the development team is "getting into" the device? Through a security leak? I thought it was simply breaking the encryption (which, I guess is essentially finding a flaw). How exactly are they getting into the iPhone?
Yes they are feeding a malformed image file, Safari or one of its components croaks and starts executing the code that was in the "image" file. This is very old school, it is called a buffer overflow. They could feed it any code they want including something you may not want.
The problem (buffer overflow) occurs when you write into a memory location more data that it was allocated for. This corrupts other variables in memory and sooner or later the program croacks. If done right you can then get it to execute part of the information it copied into memory (a payload). What is inside of there is anyones guess. Besides, you never know if your next update will result in a brick, even if you never unlocked the phone.
It is a gamble, some people will end up loosing.
Ooooo, I didn't know that. In my mind, that definitely changes the tune. I won't be hacking my phone for third party applications, even though the chance is slim that someone would hack or do something wrong (and besides, I have nothing to hide, they can steal all they want lol). Thanks!
They set up a malicius site (probably local) that host the malformed tiff file, then direct the iPhone to browse to that page, bingo big buffer overflow. Then once they have found the buffer overflow they have to craft code that will execute (very hard to do, my hat to them). The code has to be in the correct part and end up with the address of the code in the stack where the return address from a call would be. It is easier on a computer because you can run the code in the debugger so you learn easier where the correct spot is. With the iPhone it is harder but they maybe able to run a debugger in a previous version of the iPhone and figure it out.
See http://www.iphonehacks.com/2007/10/iphone-hacks.html#more
Portion below:
"Discovery of a TIFF buffer overflow exploit:
iPhone hackers have taken a cue from the PSP (Sony PlayStation Portable) cracking efforts to discover a TIFF buffer overflow exploit that can cause MobileSafari on the iPhone software/firmware 1.1.1 to crash which essentially means that arbitrary code can be written to the device.
However, with the buffer overflow methodology one needs to figure out a way to invoke a jailbreak for it to be useful which some iPhone hackers are currently not too optimistic. The other issue is that the methodology as the name suggests "TIFF buffer overflow exploit" is a security flaw.
"
Easy there champ, we're all friends here having a calm discussion, let's all get along
No we are not-- thank Heavens-- I would not want to be in the same room with these intellectually bereft buffoons... I detest people's inability to recognize champions to the extent that they would do anything to derail them.
Many of the posters here would love to stick a crowbar through Lance Armstrong's bike, and that makes my skin crawl. They certainly want Apple to crash and ATT too, though they would have a million empty reasons why that would not be so... that however comes from the minds of the diapered!
My beef is with all who would destroy the very fragile hold that Apple and ATT have in this world of telephony. The buggers who would derail that are insolent little twirps... forget defending them. They suck!
I'm an iphone user and I love it. I also use a blackberry and for what it is it works well. My carrier took forever to allow any windows smartphones on their system due to "virus concerns" for however valid that is. I wanted the smartphone to use a couple of pieces of software for my business and my carrier even gave me a blackberry server to tide me over until they approved the smartphone. Now that was pretty nice given the price of BES. I see they finally released a Q and now I hope they don't ask for the BES back because I can't bring myself to buy a Q after using my iphone. Safari on the iphone replaces one of the 2 apps I wanted the Q for and I can do without the other. With the leopard integration I should essentially get the function of the blackberry with a much better experience on the iphone. Crap-ware? hardly. Nothing compares to it on the market and the potential is huge. I wish the hacking community the best but functionality is going to be continually broken unless an SDK is released and my iphone is destined for replacing my blackberry so I only need to carry one device. My belief is that the iphone will truly begin to shine even brighter with Leopard client/server.
EDIT: FYI seeqpod.com on the iphone is sweet
You know, it is a bummer that *so far* there is no SDK and that Apple is locking out 3d party apps with their updates. But I don't think they deserve to get bashed for it; this is all about pleasing AT&T, I'm sure. Just the same way that Apple got bashed for having DRM on their iTunes songs, until Steve Jobs posted his open letter pleading with the record companies to drop DRM.
I remember a rumor about an Apple engineer dropping innuendo at a party that an SDK would be forthcoming, and I'm still waiting to see. This phone has only been out for three months, and they just barely got it done in time for the ship date, and had to pull Leopard engineers off their project to make it happen. Have patience, everyone.
I remember a rumor about an Apple engineer dropping innuendo at a party that an SDK would be forthcoming, and I'm still waiting to see. This phone has only been out for three months, and they just barely got it done in time for the ship date, and had to pull Leopard engineers off their project to make it happen. Have patience, everyone.
Ummm... because it would be removed from my installer list by the dev community so I wouldn't be able to download it.
Wrong, you're misinformed. Upgrading has never bricked a phone that has had 3rd party apps, INCLUDING 1.1.1 which only removed the apps. The exception is iFuntastic, which is a piece of garbage, which does brick phones, it is an external app though, not a native app.
The only people at risk of bricking an iPhone are sim-unlockers and iFuntastic users.
You're misleading people, and I don't like it. The only things that have bricked phones are sim unlocks and iFuntastic. I challenge you to provide proof of AppTapp/Installer.app or any program on installer.app that has bricked a phone.
If you want to argue that the update, itself, bricked un-modded phones thats a different story, and mightve happened, but thats an Apple error not a 3rd party error.
I've been in these forums and Apple's on a daily basis and the only people getting bricked are sim-unlockers and iFuntastic users.
What you're saying is simple untrue and just scaring normal people that are upset Apple didn't include such simple things as: a voice recorder, an AIM client, and of course the must haves NES and Tap Tap Revolution.
Sincerely,
Successful 1.1.1 to 1.0.2 dowgrader. Anti-sim-unlocker.
PS: If anyone needs help or guidance downgrading or putting apps on their phone I will help you just pm me, and I will buy you a new phone if it gets un-restoreable. This offer does NOT include iFuntastic or sim-unlocks, that, I am whole heartedly against, because they're the main reason we can't have 3rd party apps now.
Um, so all of those great little apps are perfectly safe, except for... those that aren't?
Good night, and thanks for playing "I'll make your case FOR you!"
Sim-Unlocking and iFuntastic are not little apps, They are WinXP and MacOS apps. You can't use either of them in the phone itself. I see your sarchasim but I don't see your point....
My point? Installer.app and every app in installer.app's list are safe, and can also be safely upgraded to a new firmware, they just might get erased, which doesnt brick the phone, just removes the apps.
You should try installer.app sometime, you might feel better, and not cheated out of a great phone. Like I said, i'll buy you a new phone if installer.app bricks yours. I've already put it on 3 of my friend's, told them not to upgrade to 1.1.1 for a little while till it's updated, they've had no issues and have been a lot happier. Did someone say YAHTZEE! - inside (five dice) joke
It is only though these efforts that Apple will learn how to make osx safer. There are many things that linux and the bsd's are doing that osx would do well to emulate with regards to security.
These hackers are finding bugs in osx that show that the os is (easily) hackable. That should make Jobs and his team look critically at the mac osx codebase and start making osx more safe.
And yes, I know there are no virusses and malware out there yet, but as soon as enough macs are sold the bad guys will certainly keep trying.
I'd rather see Apple learn from benevolent hackers wanting to run things on their own phones than from cybercrooks wanting to sell me pills and such.
ARE WE STILL TALKING ABOUT IPHONE HACKS?????????????????????
arrrrrrrrrggggggggggggggggggghhhhhhhhhhhhhhhhhhhhhhhhhhhhh!
!
You clicked on the thread what did you expect?
Everyone is entitled to their own opinion, dear sir.
However you sound like you are making a warranty that if the phone is not unlocked, it will never get bricked. But hey, they can all come knock on your door if it does happend.
Just because it has not happend yet, it does not mean it will not happen, based on your own post you are stating that im flat out wrong based on observing the post here and the Apple site. I would have expected that you would call me wrong from real knowledge and not observation of less than 100 days of posts. You are plotting the future based on past data. But you are entitled to it. BTW how about posting your phone number, home address and credit card information so people can contect you for their new phone?
The cynic in me can't help wondering if that wasn't part of Apple's motivation - all the hackers are too busy actually doing something useful with security flaws to actually write viruses. Apple gets a whole host of security researchers working for them for free.
To put it another way, if Apple let you put 3rd party apps on the iPhone, all those hackers would have nothing better to do than write viruses...
A word of warning
Most of you may not believe what I am about to post here, that is fine, believe what you want, I make zero money from this.
What has made these hacks possible has been security weaknesses in the code base, hackers are taking advantage of a security flaw to provide you a way to hack your phone. They are also advocating that you downgrade the phone to pre 1.1.1 version.
This leaves your iPhone vulnerable to attacks by malicious hackers and malicious web sites. This is how windows started in their for ever cycle of hacks and fixes.
The iPhone has bluetooth, wifi connectivity and can go to just about any site. If it has vulnerable code as has been shown, the same unpatched vulnerabilities can be used to load malicious software into your phone. The iPhone is a big target for malicious hackers and you are placing yourself at risk by not patching the vulnerabilites.
While it is true that as of yet, there have been not a single case of bricking due to the non-unlocking hacks, it does not mean that it will not happend. You spend 399 to 599 for the phone, do you care if it gets bricked? Maybe you have the money to get another one, but others may not be able to.
Telling people to walk around with an iphone that has published vulnerabilities due to lack of patching, is not responsible.
If you can, get your iPhone patched and keep patching it as they come out. Not patching is risking your iPhone, the data in it, and putting others as risk as your iPhone could be used as part of a BotNet network to cause problems to others in the Internet. It is not just your problem, others can be affected also,
Attack away, flame all you want. I will not be responding, as I have done what I could to make you listen. Now it is up to you.
PS I do not work for Apple, and I do not have any of their stock. However I been doing security for a long time now and I am providing you with conservative and responsible advice.
Most of you may not believe what I am about to post here, that is fine, believe what you want, I make zero money from this.
What has made these hacks possible has been security weaknesses in the code base, hackers are taking advantage of a security flaw to provide you a way to hack your phone. They are also advocating that you downgrade the phone to pre 1.1.1 version.
This leaves your iPhone vulnerable to attacks by malicious hackers and malicious web sites. This is how windows started in their for ever cycle of hacks and fixes.
The iPhone has bluetooth, wifi connectivity and can go to just about any site. If it has vulnerable code as has been shown, the same unpatched vulnerabilities can be used to load malicious software into your phone. The iPhone is a big target for malicious hackers and you are placing yourself at risk by not patching the vulnerabilites.
While it is true that as of yet, there have been not a single case of bricking due to the non-unlocking hacks, it does not mean that it will not happend. You spend 399 to 599 for the phone, do you care if it gets bricked? Maybe you have the money to get another one, but others may not be able to.
Telling people to walk around with an iphone that has published vulnerabilities due to lack of patching, is not responsible.
If you can, get your iPhone patched and keep patching it as they come out. Not patching is risking your iPhone, the data in it, and putting others as risk as your iPhone could be used as part of a BotNet network to cause problems to others in the Internet. It is not just your problem, others can be affected also,
Attack away, flame all you want. I will not be responding, as I have done what I could to make you listen. Now it is up to you.
PS I do not work for Apple, and I do not have any of their stock. However I been doing security for a long time now and I am providing you with conservative and responsible advice.
MacBoySeattle said:
It's sad to see this logic, what do you consider a normal cell user? There are many phones on the market that are priced far above the iPhone and are still purchased as they are desirable (eg. "fashion"/luxury oriented Nokia 8800 first retailed for over 1000 and is still sold today for over 700).
Regarding features and specifications of the iPhone. Absolutely, seen on paper, the iPhone does not appear advanced at all... no 3G, no GPS, not even MMS! However, Apple has been known to do this - they are not in the business of creating an all-singing, all-dancing device - they are concerned about providing core functionality that works. Take the iPod... out of the box there is no FM radio, no recording and no support for other audio formats such as OGG and WMA. Has that affected them? No... the end-user experience here is what Apple is concerned about, they have created an end-to-end experience in conjunction with iTunes that means that Apple has an approximately 70% of the MP3 market - this is unprecedented in almost any sector. To be honest, I prefer it that way - if you have an iPhone, you will notice it's not perfect, but it is a joy to use in its simplicity.
By the way, something that is free demonstrates no value to the consumer. If so many phones are being offered free today, you would think the iPhone would have no buyers. Instead, it sells over a million in how long, 74 days? Show me any company that has sold that many mobile phones of it's first model it has ever produced, let alone in that timeframe. And if no carriers were the least bit interested, then why are they partnering up with Apple? You would think that the fact that a company with no track-record in the mobile phone business that has the audacity to demand a revenue sharing model would get shut out of all the mobile operators. Interestingly, AT&T, O2 and T-Mobile have all signed up for now...
Some of these posts require some reality checks.
Most people don't understand the situation at all.
ATT and Apple need the phone locked to only ATT sims, or they both lose out on monthly income.
The record companies insist that Apple only allow ringtones that are paid for, and that they enforce it.
In my opinion, the lockdown on apps comes because of SIM and ringtone hacking. If apps had focused on functionality instead of freeloading, we probably wouldn't be seeing this lockdown. Putting on my flame retardant suit now...
I totally agree this part. Unfortunately, full unlocking without using security flaw may not possible because you need a root privilege to get it done. So until Apple accept the demand of freedom this cat and mouse game will be continued, and many of us will enjoy to use the hacks...
Well, bright side, iPhone hackers make iPhone more secure as someone mentioned before.
FALSE.
MacBoySeattle attached a figure of 2.5 million Blackberries delivered in Q1 2007.
If you read RIM's financial statement, they reported 3 million handsets delivered in Q2 2007 (That is June, July, August.)
http://money.aol.com/news/articles/_a/research-in-motion-reports-second/n20071004161909990004
A naive extrapolation would be that they sold 1 million handsets per month.
Contrast that with the iPhone, which was only available for 2 full months during that period - July and August.
By the beginning of September, they had not yet delivered their 1 millionth iPhone.
That means that RIM handsets outsold the iPhone by a ratio of more than 2:1 during the months of July and August.
Remember, the "1.45 million subscriber" figure doesn't account that many RIM handhelds are sold without RIM service agreements - apparently many consumers are buying them for their other smartphone features, not for RIM's push email network.
Proof please?
Once again I'll ask- why aren't the record companies going after the likes of Nokia, SE, Motorola et al who sell tens of millions more phones per quarter than Apple? They even ship ring tone editors! Even phones coming out don't prevent the user from uploading ring tones ( that they may have purchased legally ).
So, where's your evidence?
---
"
Originally Posted by elgruga
Not sure what this forum was about today, but MacBoySeattle decided to liven it up with his comments.
Trouble is, MacBoySeattle, you didnt attach any FACTS or FIGURES, did you?
We know that Apple outsold ALL other 'smartphones' in the time that its been available, and we have some numbers from AmbitiousLemon who has some track record here.
"
Why would people be comparing sales of iPhones and smartphone since it [iPhone] isn't a smartphone ( according to some people )?
apple are in business with the record companies via the itunes store. apple wants to be apple to have music in the store. the music companies will only provide it with a license that excludes ringtones. so apple can't allow iphone to make ringtones out of music not having a ringtone license. otherwise they will be annoying the record companies. who might then not want to work with itunes music store.