Page 1 of 2 12 LastLast
Results 1 to 20 of 31

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Question for Saurik

  1. #1
    Default Question for Saurik
    Hey saurik,

    Thanks to your information, I decided to investigate how difficult it would be to effectively create my own TSS. Amazingly, I could not believe how easy it was. A little wireshark and 1 full restore later I have guaranteed my current version forever... though it is 3.1 (I only just got an iphone and upgraded before I ever thought about jailbreaking)

    What I was wondering is if you think it would be helpful if people obtained their own challenge/responses for posterity?

    Seeing how insanely simple it is for just about anyone to obtain this information. I wonder if more people could be 'saved' if the information was released and everyone was given the ability to stash their own challenge/responses...

    The next step for me will be to create a simple service (for myself of course) that will generate the ibec/ibss partial digest from the restore ipsw (and the other tidbits in the challenge requests).

    What are your thoughts on this?

    EDIT: Of course, this is primarily what you are doing =/ but my only concern would be if apple decides to block your IP, wouldn't it be good if everyone has the tool in-hand?

    EDIT: And of course you could play IP hot-potato but you know what I mean... distributed is safer than dedicated possibly...

    EDIT: Nevermind... the dominating issue that most are facing is changing their /etc/hosts file...

    I can't imagine walking them through setting up a local webserver with a simple webapp...
    Last edited by xsemaphorex; 2009-09-16 at 12:06 AM.

  2. The Following User Says Thank You to xsemaphorex For This Useful Post:

    InvisiBill (2009-09-16)

  3. #2
    Retired Moderator battlecrushr's Avatar
    Join Date
    Jun 2009
    Location
    Houston follow @al_da_beast
    Posts
    7,940
    Thanks
    273
    Thanked 1,034 Times in 956 Posts

    i dont think he has time to ansqwer ur question

  4. #3
    Default Question for you..
    Would you be willing to post your source.

  5. #4
    Quote Originally Posted by guisep View Post
    Would you be willing to post your source.
    If i get saurik's permission then i'm perfectly fine with that. I have a few questions for him before i go posting this stuff.
    It consists of two parts:

    The TSS Service
    I'll warn you, its not for end-users. You have to run tomcat, and it runs as a web application on your local machine... this means you have to have admin on your local machine.

    The TSS challenge/response data
    This stuff is relatively easy to obtain... but requires you to know things about your iphone: ChipID, ECID etc.

    The best thing is that once you

    1. have the challenge/responses...
    2. keep itunes 9 (the version i used)

    you should never have a problem downgrading to whatever version is associated with the challenge/response.

    Of course, I'm not going to do this unless saurik himself is ok with it... the potential for confusion is amazing. I'm perfectly fine keeping this to myself.

  6. #5
    Hey, i think what you did is awesome, wish i had your coding skills!
    Maybe you can help answer a question i've been having since my JB'd 3.01 went into an endless loop.
    If i do restore and upgrade to FW3.1, what is the process i should follow to ensure that my 3GS will be future-proof from a JB point of view? I am a bit confused in Saurik's process, and if it applies to my situation. I already modified the hosts file, but i don't want to go further till i don't understand exactly what i should do.
    Thank you in advance...
    mb

  7. #6
    If you are currently on a JB 3.0.1, I honestly wouldn't go any further.

    Do not pass go. Do not collect $200. You should wait for the 3.1 pwnagetool to create a 3.1 ipsw for your device. Can you put your device in DFU mode? If you can, the 3.1 pwnagetool likely (im assuming) will be able to help you out of that mess.

    Resist all urges to upgrade to 3.1 through Official iTunes!

  8. The Following User Says Thank You to xsemaphorex For This Useful Post:

    mbongio (2009-09-16)

  9. #7
    You know hashing the 3.1 files does you no good. You need pre-3.1 in order to still be able to jailbreak later, thats the entire point.

  10. The Following User Says Thank You to cpjr For This Useful Post:

    mbongio (2009-09-16)

  11. #8
    Quote Originally Posted by cpjr View Post
    You know hashing the 3.1 files does you no good. You need pre-3.1 in order to still be able to jailbreak later, thats the entire point.
    False... Mostly.

    Hashing 3.1 protects those that have foolishly or ignorantly or innocently upgraded their phones. We all know about greenpois0n by now and most of us know that this exploit will be able to jb a 3.1 ipt3g, and 3gs phones (along with the others). So, in a nutshell, DO NOT UPGRADE TO 3.1 via iTunes... cannot be emphasized enough. But if you have no choice because you just bought your phone, or you were too late, or whatever. Hashing 3.1 will enable you to stay at 3.1 (which we know is jailbreakable)

    Now with regards to 3.0.x jailbreaking you are absolutely right. The 3.1 challenge/responses won't do you any good.
    Last edited by xsemaphorex; 2009-09-16 at 02:12 AM.

  12. #9
    Thanks much for the quick replies!
    I can definitely resist the urge and keep my "endless booting" iphone in its box for a few more weeks, that's not a problem at all.
    And yes, to answer your question, i can put the phone in DFU mode... as a matter of fact i just did it now to try Saurik's method, and obviously got a 3002 error since i don't have my ECID info on file with Cydia.
    So, you think that even without the iBSS and iBEC, i will still be able to do a pwnage upgrade to 3.1?

    mb

  13. #10
    Quote Originally Posted by mbongio View Post
    Thanks much for the quick replies!
    I can definitely resist the urge and keep my "endless booting" iphone in its box for a few more weeks, that's not a problem at all.
    And yes, to answer your question, i can put the phone in DFU mode... as a matter of fact i just did it now to try Saurik's method, and obviously got a 3002 error since i don't have my ECID info on file with Cydia.
    So, you think that even without the iBSS and iBEC, i will still be able to do a pwnage upgrade to 3.1?

    mb
    If you are truly jailbroken on 3.0.1 then I believe that is the case. Remember musclenerds words - "Once jailbroken ALWAYS jailbroken so long as you stick to the hacked ipsw's!"

  14. #11
    Quote Originally Posted by xsemaphorex View Post
    Of course, I'm not going to do this unless saurik himself is ok with it... the potential for confusion is amazing. I'm perfectly fine keeping this to myself.
    By putting source out there you raise the chances of it falling into the wrong hands and Apple obtaining more knowledge from us than they need.

  15. #12
    as a matter of fact, i would be extremely happy to be able and just do a restore to 3.01 with pwnage, but i don't think it's out a version that works with the GS.
    I am only nervous because i can't even boot in the springboard... basically what is happening is a a loop that takes the iphone till the screen with apple logo and the pinwheel (at first rotating, then not rotating any more), then reboots after a few minutes and do the same, and again, and again....
    BUT... i can go in DFU mode, and while it loops i can browse the filesystem through iFuntastic (that in fact helped me savings pictures and movies i had in it and not yet sync'd).
    It's just a true mess... just bad luck that it started the boot loop the very day after Apple stopped signing the old FW's, and that f'd me up.

    Quote Originally Posted by subnetwork View Post
    By putting source out there you raise the chances of it falling into the wrong hands and Apple obtaining more knowledge from us than they need.
    +1 for that!

    mb
    Last edited by mbongio; 2009-09-16 at 02:24 AM. Reason: Automerged Doublepost

  16. #13
    Quote Originally Posted by xsemaphorex View Post
    False... Mostly.

    Hashing 3.1 protects those that have foolishly or ignorantly or innocently upgraded their phones. We all know about greenpois0n by now and most of us know that this exploit will be able to jb a 3.1 ipt3g, and 3gs phones (along with the others). So, in a nutshell, DO NOT UPGRADE TO 3.1 via iTunes... cannot be emphasized enough. But if you have no choice because you just bought your phone, or you were too late, or whatever. Hashing 3.1 will enable you to stay at 3.1 (which we know is jailbreakable)

    Now with regards to 3.0.x jailbreaking you are absolutely right. The 3.1 challenge/responses won't do you any good.
    Dont count your chickens before they are hatched. There is no official 3.1 3GS jailbreak solution, so currently.....like I said.....and the fact that there is no firmware version above 3.1.....the hash does you no good (ATM).

  17. #14
    I'm not gonna lie. Nothing that saurik is doing is news to Apple. They already know their challenge/response system. There really is nothing they can do to stop this ball from rolling.

    Enable SSL for the challenge/response? So what. Would require an iTunes update.

    Change the format? Would require iTunes update.

    Stop signing altogether? Would require an iTunes update AND would defeat the purpose.

    See.. even if they force you to use iTunes BLAH.BLAH, you can still have a back up machine running iTunes 9 acting as your own personal biatch for restoring your phone.

    So.. releasing my source would do little if anything to harm or hurt us. I just don't want to cause more confusion. I think it would be more wise for everyone to go to a centralized repo for these hashes. The problem is that saurik is still working on the 3.1 scenario. Conceptually it's easy but actually putting it into play for all of you (and keep it generic) will take a bit of time. I sympathize with him.

    My solution was for me and me alone. I have my challenge/responses and the server with which i can serve them up to myself on.

    It was pure magic pointing itunes to it and watching the restore succeed

    Quote Originally Posted by cpjr View Post
    Dont count your chickens before they are hatched. There is no official 3.1 3GS jailbreak solution, so currently.....like I said.....and the fact that there is no firmware version above 3.1.....the hash does you no good (ATM).
    Not counting any chickens. There _is_ a 3.1 exploit. What there is _NOT_ is a 3.1 unlock.

    Worlds of difference. That fact alone makes it completely BAD to upgrade to 3.1.
    Last edited by xsemaphorex; 2009-09-16 at 02:32 AM. Reason: Automerged Doublepost

  18. #15
    Do you know how long there was an exploit before jailbreak on a few other firmwares? It doesnt count till im sitting here using the program

  19. The Following User Says Thank You to cpjr For This Useful Post:

    rcd0161 (2009-09-16)

  20. #16

  21. #17
    I for one would be interested in learning how to do this myself. Although I'm sure at the moment it is way above my head, I am not afraid to try it, mess up, try again, screw the computer and reinstall windows, try again, etc, etc til I get it right - as long as the process is doable on either Vista or XP. If you get the ok, please let me know. If nothing else, it would be something new to learn (or at least try and learn).

  22. #18
    I'd be interested in knowing how to do this as well. I have several machines, and I wouldn't mind dropping this "hack" onto them to protect myself for the future. I like the conversation going on here, as well. Good job on creating this for yourself, xsemaphorex :-)

  23. #19
    xsemaphorex, I really don't understand why you need permission from saurik for posting something that you created. If you develop the mechanism to capture the challenge/response yourself, you can do whatever you want with it. Release to the public or keep it to yourself. You're the only one who can make the decision. However, if saurik has helped you or provided you with the mechanism to do the capturing, then of course you'll need his permission for releasing to public.

  24. #20
    Understood. First things first: saurik, while providing the information that led me to do what I did didn't do this.

    I only appeal to him simply because the concept was his first and the last thing I want to do is bring MORE confusion to a large group of people (some of which have troubles with /etc/hosts)

    I'll likely end up releasing the code here.

  25. The Following User Says Thank You to xsemaphorex For This Useful Post:

    Zwayne (2009-09-16)

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •