We were invited by iPhone / iPod touch file system hacker Niacin (who you might also know for his PSP and MSN TV Linux cluster hacks, etc.) and Dre to test out their new v1.1.1 file system hack. We know the whole v1.1.1 hacking thing has been massively confusing even to folks like us, so here's a quick n' dirty timeline to bring you up to date.
- Apple releases iPhone, which was obviously cracked six ways from Sunday.
- Through firmwares 1.0.1 and 1.0.2 Apple does not block these hacks in any way.
- Firmware v1.1.1 is released for iPhone and iPod touch, which completely locks out file system access (and thus 3rd party software).
- Awkward silence from Apple fans and the dev community as everyone ponders how to crack the new file system protections.
- Hackers dinopio, edgan discover the symlink hack, which takes v1.0.2 iPhones up to v1.1.1 with read / write file system access. In other words, the hack only works on v1.0.2 iPhones (not the iPod touch) when being upgraded to v1.1.1, and still doesn't grant the ability to execute loaded programs.
- The next version of dinopio & co.'s symlink hack (which hasn't yet been released to the public) grants the coveted execute privilege (so you can run those 3rd party apps), and enables another hack (by pumpkin) to make the new SpringBoard (the application launcher) recognize the freshly recompiled iPhone apps.
- Hacker Niacin (aka toc2rta) and Dre claim they've managed to combine the symlink hack with a TIFF vulnerability found in the v1.1.1 firmware's mobile Safari, which grants access to the file system. This is the hack we're testing here.
Note: Due to the nature of this hack, it's to be considered ephemeral. Apple needs only to patch the TIFF vulnerability and file system access on v1.1.1 is out, with the touch and iPhone back to their previously not-too-hackable state.
No comments:
Post a Comment