I'm unpredictable when I'm bored. Last night I spent diving around the depths of a jailbroken iPod and getting the iPod's hardware crypto engine to spit me out decrypt keys so I could investigate the iPhone OS 2.x RAM disks and firmware. Bold, perhaps. But useful as a developer as you can see exactly where everything is in the system and what it can do or not, and class-dump is a useful ally if you're making yourself some internal applications that don't adhere to the SDK license. So don't kill me for being curious =) That led me to this simple little project : It does nothing except decrypt a given encrypted img3 file with an IV and a Key you pass into it. You have to know the IV and Key for each img3 file, which is something I can't help you with. I did also create a version of the tool that works against unencrypted img3 files (i.e. the 2.0 betas), but there's no need for me to release it. Was just a one line change in the source. img3decrypt is based upon 'imagetool.c' in the xpwn source code, and is literally a drop-in replacement (it won't compile by itself, you need the xpwn source). Today I took the time to investigate the MobileTerminal source code, and with some clevery hackery I managed to port it to the iPhone SDK / Simulator, as seen below. Not very useful, I admit. But it's still sweet to see running =)

No comments:

Post a Comment