Difference between revisions of "Main Page"

From freemyipod.org
Jump to: navigation, search
m (remove duplicate text)
 
(188 intermediate revisions by 11 users not shown)
Line 1: Line 1:
This is the wiki page for the Linux4nano project. [http://home.gna.org/linux4nano/ Here] is the project homepage, and [http://mail.gna.org/public/linux4nano-dev/ here] is a link to the project's mailing list. Linux4nano also has a fairly active IRC channel, #linux4nano-dev @ irc.freenode.net. [http://theiphonewiki.com/wiki/index.php?title=Main_Page The iPhone Wiki] is an excellent resource to use when researching, because much of the hardware and software aspects are similar to that of the iPod.  
+
__NOTOC__
 +
[[File:EmCORE_Nano2G_Nano4G_Classic.jpg|280px|thumb|right|[[emCORE]] r779 on [[Nano 2G]], [[Nano 4G]] and [[Classic 2G]]]]
 +
This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as [http://www.rockbox.org rockbox] or Linux. Freemyipod is a relaunch of [[Linux4nano]].
  
'''Feel free to add information and make changes!''' This is a wiki after all. Just make sure you are logged in before you try to edit.
+
== FAQ ==
  
==This wiki==
+
=== What can I do with my iPod nano (2nd generation), iPod classic or older iPods? ===
[[About]]
 
==iPod Firmware==
 
===Obtaining===
 
[[Dumping firmware]]
 
  
[[Extracting firmware]]
+
There's an upstream Rockbox port for these devices. Go use that.
  
[[Disassembling firmware]]
+
=== What can I do with my iPod nano (3rd generation) or newer? ===
===Analysis===
 
[[Firmware]]
 
  
[[Bootstrapping sequence]]
+
Not much (yet) unless you're an embedded developer :).
  
[[Firmware encryption]]
+
On the 3rd, 4th and 5th generation, we have a stable tethered exploit ([[wInd3x]]) which allows early, untethered and safe (no permanent modification) code execution. This in turn allows you to run [[U-Boot]] and an early [[Linux|Linux port]] or experiment with reverse-engineering/modifying the original firmware, [[retailOS]].
==iPod Hardware==
 
[[Hardware]]
 
  
[[Hardware annotation]]
+
On the 6th and 7th generation, a font parsing vulnerability (CVE-2010-1797) can be exploited with [[ipod_sun]].
  
[[S5L8701 analysis]]
+
There's a set of earlier tooling ([[emCORE]]/[[emBIOS]]/[[iBugger]]) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.
  
[[S5L8700 datasheet]]
+
== Getting an account ==
 +
Due to spambots, registration is closed. For an account contact [[User:User890104|User890104]] or [[User:Q3k|q3k]].
  
[[Modes]]
+
==Updates==
 +
* {{#dateformat:2023-12-28}} - [[ipod_sun]], a tool that enables code execution on the iPod nano 6th and 7th generation, is released.
 +
* {{#dateformat:2023-01-07}} - [https://social.hackerspace.pl/@q3k/109655916469636189 A preliminary U-Boot port to the Nano 5G has been developed.]
 +
* {{#dateformat:2022-01-04}} - The bootrom of iPod Nano 5G was successfully dumped, and is in the process of being reverse-engineered!
 +
* {{#dateformat:2021-12-31}} - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for Nano 4G and Nano 5G.
 +
* {{#dateformat:2021-12-27}} - A new vulnerability was discovered in iPod Nano 4G and Nano 5G bootrom, which allows arbitrary code execution!
 +
* {{#dateformat:2018-08-25}} - The website software has been updated to MediaWiki 1.31 after about 2 months of downtime.
 +
<!--
 +
* {{#dateformat:2016-06-17}} - The freemyipod project is becoming deprecated, as parts of the code is slowly being integrated in Rockbox. It is likely that no future development on the freemyipod project will take place. Essential parts of emCORE helped building a Rockbox bootloader for iPod Classic, and any future development will take place in the Rockbox project.
 +
* {{#dateformat:2014-03-26}} - A bug that prevented [[emCORE]] installations on certain Windows configurations (getting stuck on "Booting UBI file..."), has been finally fixed! If the installation has failed for you before, you can retry it using the updated version of our tool (use the iTunes method for now).
 +
* {{#dateformat:2012-01-02}} - There have been some problems with the latest release. A hotfix release ([[EmCORE_Releases/r859|r859]]) has been published to fix some of these problems. iPod nano 2g users are advised to upgrade.  See the [[EmCORE_Releases/r859|release details page]] for more information.
 +
* {{#dateformat:2012-01-01}} - A new release <s>([[EmCORE_Releases/r855|r855]])</s> is out! It includes a couple of new features, several bugfixes and a new bootmenu theme! More information on the <s>[[EmCORE_Releases/r855|release details page]]</s>.
 +
* {{#dateformat:2011-04-25}} - The [[emCORE]] kernel now runs on the iPod Touch 2G as well, thanks to the help of kleemajo. This is of course not a fully functional port yet, but we'll see how it continues. It's about the same state as the iPod Nano 4G now. /7
 +
* {{#dateformat:2011-03-25}} - [[emCORE]] is replacing [[emBIOS]] completely now. Therefore [[emBIOS]] will be deprecated software as of now! All emBIOS users are advised to upgrade to emCORE including people using iLoader 0.2.2 or less. More detailed update instructions will follow!
 +
* {{#dateformat:2011-01-08}} - The Rockbox port for the iPod Classic is slowly getting usable. Most of the blocking issues have been fixed. The  first-generation 160GB model still doesn't work, and some people are experiencing slightly garbled display contents.
 +
* {{#dateformat:2011-01-04}} - There is an early Rockbox port for the iPod Classic! It still isn't quite usable, playback stutters etc., but if you want to play around with it, here are some quick'n'dirty notes on the installation procedure: [[IPod Classic iLoader Installation]]
 +
* {{#dateformat:2010-11-22}} - We now have emBIOS support for the iPod classic 1g, the others might follow soon
 +
* {{#dateformat:2010-08-29}} - We're proud to announce the release of [[emBIOS]] v0.1.0 and [[iLoader]] v0.2.0!
 +
* {{#dateformat:2010-08-26}} - [[iLoader]], its installer and uninstaller all have been fully ported to [[emBIOS]] now. A beta release will be coming soon!
 +
* {{#dateformat:2010-08-13}} - [[emBIOS]] is continually being improved and the next step is porting tools like [[iLoader]] to use it.
 +
* {{#dateformat:2010-08-06}} - The wiki has now been moved to www.freemyipod.org
 +
* {{#dateformat:2010-08-05}} - Recently we've been working on a hardware abstraction project called [[emBIOS]]. Follow development [http://websvn.freemyipod.org/listing.php?repname=freemyipod&path=/embios/ here]
 +
* {{#dateformat:2010-08-03}} - We can now access the Nano 4G accelerometer.
 +
* {{#dateformat:2010-08-02}} - serpilliere managed to decrypt the NOR flash on the [[Nano 3G]].
 +
* {{#dateformat:2010-08-01}} - serpilliere managed to access and dump the NOR flash on the [[Nano 3G]]. This code could possibly work on the Classics.
 +
* {{#dateformat:2010-07-27}} - The server got zapped by lightning but a new one was up and running within a day.
 +
* {{#dateformat:2010-02-23}} - We can now execute code on everything besides the [[Nano 5G]]! Minimalistic iBugger working on [[Nano 3G]]!
 +
* {{#dateformat:2009-11-01}} - iBugger core v0.1 successfully running on [[Nano 4G]]! [http://img217.imageshack.us/img217/4122/img0969.jpg]
 +
-->
 +
Follow [http://twitter.com/freemyipod our Twitter feed] to get status updates automatically. See the [[Status]] page for more detailed information. Check our [[ Special:Code/freemyipod|SVN activity ]] page for the latest changes to our source code.
  
[[Chronology]]
+
{| cellspacing="3" width="100%"
 +
|- valign="top"
 +
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|
 +
===Project info===
 +
* [[ Status ]]
 +
* [[ Contact ]]
 +
* [[ Contributing ]]
 +
 
 +
===Released Software===
 +
* [[wInd3x]]
 +
* [[ipod_sun]]
 +
* [[U-Boot|U-Boot port]]
 +
* [[Linux|Linux port]]
 +
* Legacy:
 +
** [[iBugger]]
 +
** [[iLoader]]
 +
** [[emCORE]]
 +
 
 +
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|
 +
 
 +
===Basic skills===
 +
* [[Working with binaries]]
 +
* [[Dumping firmware]]
 +
* [[Extracting firmware]]
 +
* [[Firmware downgrading]]
 +
* [[Troubleshooting]]
 +
 
 +
===Reverse engineering results===
 +
* [[Firmware]]
 +
** [[Bootrom]]
 +
** [[Boot Process]]
 +
** [[Firmware decryption]]
 +
** [[FTL|Flash Translation Layer]]
 +
** [[RetailOS]]
 +
*** [[RetailOS Options]]
 +
* [[GUID table]]
 +
* [[JTAG]]
 +
* Nano 2G
 +
** [[Nano2G clock gates‎]]
 +
** [[Nano2G LCD init]]
 +
** [[Nano2G HW analysis]]
 +
** [[S5L8701 analysis]]
 +
* Nano 4G
 +
** [[Nano4G firmware upgrade process]]
 +
* Nano 5G
 +
** [[Nano 5G|General]]
 +
 
 +
===Other guides===
 +
* [[Modes]]
 +
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|
 +
===Hardware===
 +
* [[Hardware]]
 +
** [[Nano 1G]]
 +
** [[Nano 2G]]
 +
** [[Nano 3G]]
 +
** [[Nano 4G]]
 +
*** [[920-0614-03]]
 +
** [[Nano 5G]]
 +
** [[Nano 6G]]
 +
** [[Nano 7G]]
 +
** [[Classic 1G]]
 +
** [[Classic 2G]]
 +
** [[Classic 3G]]
 +
* [[Chronology]]
 +
* [[S5L8700 datasheet]]
 +
 
 +
===Exploiting===
 +
* [[wInd3x]]
 +
* [[Pwnage 2.0]]
 +
* [[Notes vulnerability]]
 +
** [[Address bruteforcing]]
 +
** [[Nanotron 3000]]
 +
|}

Latest revision as of 02:11, 20 August 2024

This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as rockbox or Linux. Freemyipod is a relaunch of Linux4nano.

FAQ

What can I do with my iPod nano (2nd generation), iPod classic or older iPods?

There's an upstream Rockbox port for these devices. Go use that.

What can I do with my iPod nano (3rd generation) or newer?

Not much (yet) unless you're an embedded developer :).

On the 3rd, 4th and 5th generation, we have a stable tethered exploit (wInd3x) which allows early, untethered and safe (no permanent modification) code execution. This in turn allows you to run U-Boot and an early Linux port or experiment with reverse-engineering/modifying the original firmware, retailOS.

On the 6th and 7th generation, a font parsing vulnerability (CVE-2010-1797) can be exploited with ipod_sun.

There's a set of earlier tooling (emCORE/emBIOS/iBugger) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.

Getting an account

Due to spambots, registration is closed. For an account contact User890104 or q3k.

Updates

  • 2023-12-28 - ipod_sun, a tool that enables code execution on the iPod nano 6th and 7th generation, is released.
  • 2023-01-07 - A preliminary U-Boot port to the Nano 5G has been developed.
  • 2022-01-04 - The bootrom of iPod Nano 5G was successfully dumped, and is in the process of being reverse-engineered!
  • 2021-12-31 - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for Nano 4G and Nano 5G.
  • 2021-12-27 - A new vulnerability was discovered in iPod Nano 4G and Nano 5G bootrom, which allows arbitrary code execution!
  • 2018-08-25 - The website software has been updated to MediaWiki 1.31 after about 2 months of downtime.

Follow our Twitter feed to get status updates automatically. See the Status page for more detailed information. Check our SVN activity page for the latest changes to our source code.

Project info

Released Software

Basic skills

Reverse engineering results

Other guides

Hardware

Exploiting