![]() ![]() We remember the earliest models using FireWire instead of USB, so perhaps we can zero in on the 3rd or 4th generation. Enough code could be extracted to find the address of the USB serial port, allowing new code to be made which dumped the firmware via USB. ![]() After much experimenting, the memory location was found which would flash the backlight, and from there a piece of ARM code could be injected which would dump the firmware very slowly bitwise by flashing the light. In short, an HTML file was found which triggered a reboot, meaning a buffer overrun had been found in the firmware. When the original manufacturer is Apple this is never made easy, and as reminds us in the case of one of the earlier iPod models it required an unusual approach. If someone makes a device, someone else will want to break it open and run their own software on it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |