lists at infosecurity
Jul 1, 2007, 3:07 PM
Post #3 of 7
(2152 views)
Permalink
|
The file is a zip file.
It's interesting to note the encrypted DMG image "694-5262-39.dmg" of
82MB . It ask for a password.
Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's
not encrypted (strings 694-5259-38.dmg | less) .
Some selected information to have an idea of what's inside:
DWD_USIF_BOOTLOADER_FILENAME/Secure_USIF_Bootloader.3.9.fls
MN_SMS_CB_MESSAGE_ID_LIMIT_IND
sio#wake-ind
SI_PHONE_NUMBER_READ_IND
../../ms-gprs-l1-src/text/l1d_rshd.c
../../ms-ds-src/at/atc/common/text/atc_sdl_mn.c
SIMULATED RESET due to AT+CFUN=16. This is NOT a crash!
../../ms-bt-src/src/bt-ctrl/io_bt.c
../../ms-gprs-l2-src/ma/mac/text/decoders/mac_decoders.c
../../ms-gprs-l2-src/rl/rlc/text/rlc_op2.c
../../ms-l3-src/rr/grr/text/grr_op2.c
1 ==> output of EQUALIZER RAW DATA acc. to <rx_channel / 0 FOR
SPEECH CALLS> using a
Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz
value],[int: 1 - 100]
GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s,
GPRS Ciphering Algorithm: GEA/%d
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/IfxSource/DLL_source/OS_dependent_code/timer_if/../../../../IFWD_timer.c
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp
/System/Library/PrivateFrameworks/Bom.framework/Bom
/SourceCache/Bom/Bom-122.0.0.3/Common/BOMSystemCmds.c
/dev/tty.baseband
/private/tmp/.SafeBoot
/bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst
-sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature
Boot-loader is active
Skip secure loader
Injecting EBL-Loader (PSI).
DWD_RAM_BOOTLOADER_FILENAME/Default_RAM_Bootloader.7.0.fls
GsmRadioModule::fEnableMobileAnalyzer
Signature cannot be authenticated
single user shell terminated.
Singleuser boot -- fsck not done
sq->capacity >= (((((4096 + 7) / 8) + (sizeof(giantDigit)) - 1) /
(sizeof(giantDigit))) + 1)
/System/Library/Lockdown/SBOOT_S5L8900.pem
/System/Library/Lockdown/SBOOT_S5L8900_DEV.pem
There are a couple of user with their password:
root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
Does someone have some time to arrange a quick john session (should be
quick)?
In Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img2
there is the string:
Apple Secure Boot Certification Authority1
* The password of the encrypted DMG?
* The user root and mobile with preconfigured passwords?
* The "GsmRadioModule::fEnableMobileAnalyzer" ?
* The
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp that
maybe use at command to update the firmware of the GSM transceiver?
* What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom
* The security of the boot system plenty of digital signatures to
prevent firmware hacking?
-naif
Kevin Finisterre (lists) wrote:
> While you are at it...
>
> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/
> 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
>
> -KF
>
> On Jun 29, 2007, at 8:10 PM, John Smith wrote:
>
>
>> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html
>>
>> John
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
signature.asc
