--- Log opened Tue Oct 18 00:00:30 2011
00:51 -!- Liath [~Liath@fctnnbsc30w-142166244093.dhcp-dynamic.FibreOp.nb.bellaliant.net] has quit [*.net *.split]
00:51 -!- Utchybann [~Utchy@rps6752.ovh.net] has quit [*.net *.split]
00:51 -!- GaveUp [gaveup@your.friendly.neighborhood.hellmouth.info] has quit [*.net *.split]
00:55 -!- Liath [~Liath@fctnnbsc30w-142166244093.dhcp-dynamic.FibreOp.nb.bellaliant.net] has joined #freemyipod
00:55 -!- GaveUp [gaveup@your.friendly.neighborhood.hellmouth.info] has joined #freemyipod
00:55 -!- Utchybann [~Utchy@rps6752.ovh.net] has joined #freemyipod
02:29 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Disconnected by services]
02:29 -!- [7] [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod
05:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
05:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
05:02 -!- n1s [~quassel@rockbox/developer/n1s] has joined #freemyipod
06:04 -!- Keripo [~Keripo@dhcp0751.kin.resnet.group.upenn.edu] has joined #freemyipod
06:08 -!- Keripo [~Keripo@dhcp0751.kin.resnet.group.upenn.edu] has quit [Ping timeout: 258 seconds]
08:23 -!- Keripo [~Keripo@dhcp0751.kin.resnet.group.UPENN.EDU] has joined #freemyipod
08:27 -!- Keripo [~Keripo@dhcp0751.kin.resnet.group.UPENN.EDU] has quit [Ping timeout: 244 seconds]
10:29 -!- perror [~fleury@aldebaran.labri.fr] has joined #freemyipod
10:39 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has joined #freemyipod
10:43 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has quit [Client Quit]
10:43 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has joined #freemyipod
11:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
11:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
11:24 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has quit [Remote host closed the connection]
12:35 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has joined #freemyipod
12:35 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has quit [Client Quit]
12:39 -!- [Saint] [~Saint]@101.98.129.152] has joined #freemyipod
12:39 -!- [Saint] [~Saint]@101.98.129.152] has quit [Changing host]
12:39 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has joined #freemyipod
13:45 < adiblol> is there any mailbox that only trusted developers read, for sending possible bugs?
13:50 < adiblol> or just /msg an active wiki editor?
13:57 < user890104> adiblol: you can either message [7], Farthen or me
13:58 < user890104> this is the list of developers: http://www.freemyipod.org/wiki/Special:Code/freemyipod/author
14:16 -!- thehodapp [~thehodapp@129.244.137.243] has joined #freemyipod
15:10 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has quit [Quit: Quit...]
15:39 -!- [Saint_] [~Saint]@101.98.129.152] has joined #freemyipod
15:39 -!- [Saint_] [~Saint]@101.98.129.152] has quit [Changing host]
15:39 -!- [Saint_] [~Saint]@unaffiliated/saint/x-8516940] has joined #freemyipod
15:54 < thehodapp> has there been any progress with the nano 5g?
15:55 < Farthen> nope
15:55 < Farthen> still no exploit
15:56 < Farthen> but tbh there are not many "active" people right now anyways :-P
15:56 < Farthen> and most people of the "team" don't have a n5g
16:03 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has joined #freemyipod
16:08 < thehodapp> :/ any way I can help change that?
16:09 < thehodapp> or perhaps not even worth my time?
16:09 < Farthen> do you have any programming skills? espacially lowlevel stuff like c and asm?
16:12 < thehodapp> I'm 2nd year compsci major. I know a bit of c and a bit of asm (though not for ARM). not sure how far I'd get with that.
16:13 < adiblol> look for bugs ;)
16:14 -!- perror [~fleury@aldebaran.labri.fr] has quit [Quit: Bye all !]
16:15 < adiblol> but WARNING WARNING WARNING DO NOT, exclaim the bug to the world on a public IRC channel or mailing list. http://www.freemyipod.org/wiki/Contributing#Vulnerabilities
16:15 < Farthen> thehodapp: ok so at least you have the right preconditions :-P
16:16 < Farthen> but as we don't have any exploit for the n5g you need to find one
16:16 < Farthen> feel free to mess around with the firmware and look if you find bugs
16:16 < thehodapp> what kind of bugs you looking for? and how do I go about doing that?
16:17 < Farthen> buffer overflows mainly
16:17 < Farthen> bc those enable us to inject code
16:17 < Farthen> there are unfortunately not really methods to find them easily
16:17 < Farthen> you could try messing with the itunesdb
16:17 < thehodapp> wouldn't I need access to the asm code to find them?
16:18 < Farthen> the problem is rather that you can't dump the asm code before finding an exploit :-P
16:18 < thehodapp> oh crap
16:19 < Farthen> do you have ida pro?
16:19 < thehodapp> huh. so just find a way to make it crash?
16:19 < adiblol> someone wanted to mess up with LCD lines ;)
16:19 < Farthen> well, crashes and freezes are indications of possible buffer overflows
16:19 < Farthen> this does of course not mean that any crash/freeze is exploitable
16:23 < Farthen> thehodapp: they may be a lot of unused potential in the itunes db sqlite driver code
16:23 < thehodapp> well I've definitely managed to screw up the itunes db plenty of times.
16:24 < Farthen> you could try finding some bugs in the nano 4g version of the sqlite code
16:24 < Farthen> i don't think they have updated this significantly
16:27 < thehodapp> where can I get the code?
16:28 < adiblol> sqlite.org ?
16:29  * Farthen doesn'T think this uses the original code
16:29 < Farthen> but i may be wrong
16:32 < thehodapp> hmm..ok. and no I don't have ida pro.
16:36 < adiblol> how will we dump firmware after discovering exploit if we dont know commands of interfacing usb etc...? (or are they generic?)
16:38 < user890104> basicly we inject code which then dumps the bootrom
16:38 < user890104> then we disassemble it
16:39 < adiblol> dumps the bootrom to... ?
16:39 < user890104> via usb for example ([7] usually writes the driver)
16:39 < user890104> or uart on nano2g iirc
16:41 < user890104> there are even more weird methods of extracting it: http://en.wikipedia.org/wiki/Ipodlinux#History
16:42 < adiblol> on old ipl wiki there was article about that, but now 404, anyone mirror?
16:42 < user890104> yeah, http://ipl.derpapst.eu/
16:42 < adiblol> it was technically not on wiki
16:42 < user890104> this is the whole site
16:43 < adiblol> http://ipodlinux.org/stories/piezo/index.html
16:43 < adiblol> http://ipl.derpapst.eu/stories/piezo/index.html 404
16:52 < user890104> http://web.archive.org/web/20070601200428/http://www.ipodlinux.org/stories/piezo/index.html
17:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
17:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
17:06 < adiblol> http://sqlite.org/fileformat2.html might be useful
17:10 -!- thehodapp [~thehodapp@129.244.137.243] has quit [Ping timeout: 276 seconds]
18:01 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has joined #freemyipod
18:13 -!- n1s [~quassel@rockbox/developer/n1s] has quit [Ping timeout: 260 seconds]
18:16 < [7]> Farthen: how do you come to the conclusion that the itunesdb is sqlite?
18:16 < [7]> i haven't seen any signs of that
18:16 < Farthen> i'm pretty sure it was
18:16 < Farthen> at least the later versions
18:16 < Farthen> they switched the database model at some point
18:16 < Farthen> and i think they switched it to sqlite
18:19 < adiblol> someone succeed to open it just with sqlite; i will verify it as soon as i get my ipod back.
18:20 -!- Keripo [~Keripo@seas675.wireless-pennnet.upenn.edu] has joined #freemyipod
18:23 < [7]> hm, i'm fairly sure that the n4g database is still the old ipod format
18:23 < [7]> i don't know much about the newer generations though
18:24 -!- n1s [~quassel@rockbox/developer/n1s] has joined #freemyipod
18:46 < user890104> [7]: yeah, it is in the old format, i just verified that
18:51 -!- Keripo [~Keripo@seas675.wireless-pennnet.upenn.edu] has quit [Quit: Leaving.]
19:05 < teuf> nano5g and 6g have sqlite databases
19:05 < teuf> mostly the same format as for ios devices
19:06 -!- Keripo [~Keripo@seas675.wireless-pennnet.upenn.edu] has joined #freemyipod
19:07 < user890104> teuf: are these databases (or some columns in them) encrypted in any way?
19:07 < teuf> the databases by themselves aren't encrypted
19:08 < teuf> however one of them (Locations.itdb) has a companion .cbk file
19:08 < teuf> which contains checksums + a signature built using these hashes
19:08 < teuf> and it's not really well known how this signature is computed
19:22 < adiblol> libgpod developers managed to make compatible algorithm
19:23 < teuf> not for this signature/hash (whatever you call it)
19:31 -!- [Saint_] [~Saint]@unaffiliated/saint/x-8516940] has left #freemyipod
19:32 -!- [Saint] [~Saint]@101.98.129.152] has joined #freemyipod
19:32 -!- [Saint] [~Saint]@101.98.129.152] has quit [Changing host]
19:32 -!- [Saint] [~Saint]@unaffiliated/saint/x-8516940] has joined #freemyipod
19:51 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has quit [Quit: Bye ;)]
20:17 -!- Keripo [~Keripo@seas675.wireless-pennnet.upenn.edu] has quit [Quit: Leaving.]
20:23 -!- user890104 [~Venci@static.225.178.40.188.clients.your-server.de] has quit [*.net *.split]
20:24 -!- user890104 [~Venci@static.225.178.40.188.clients.your-server.de] has joined #freemyipod
20:47 -!- Keripo1 [~Keripo@dhcp0751.kin.resnet.group.UPENN.EDU] has joined #freemyipod
20:54 -!- Keripo1 [~Keripo@dhcp0751.kin.resnet.group.UPENN.EDU] has quit [Ping timeout: 256 seconds]
20:58 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Read error: Connection reset by peer]
20:59 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has joined #freemyipod
21:12 -!- Keripo [~Keripo@dhcp0751.kin.resnet.group.UPENN.EDU] has joined #freemyipod
21:16 -!- Keripo [~Keripo@dhcp0751.kin.resnet.group.UPENN.EDU] has quit [Ping timeout: 258 seconds]
21:38 < adiblol> so libgpod wont work even on initialized ipod?
21:59 < user890104> from teuf's words, looks like so
21:59 < user890104> did they say that nano5g+ is supported?
22:00 < user890104> Latest stable release is version 0.8.0. This release has support for all iPod models except the iPod Nano 6g (the touch one).
22:00 < user890104> uhm, they seem to support it
22:00 < user890104> this is interesting :)
22:31 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Remote host closed the connection]
23:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
23:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
--- Log closed Wed Oct 19 02:28:11 2011