Difference between revisions of "Main Page"
User890104 (talk | contribs) (Bring back the updates archive, post the most recent news) |
m (remove duplicate text) |
||
| (22 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
[[File:EmCORE_Nano2G_Nano4G_Classic.jpg|280px|thumb|right|[[emCORE]] r779 on [[Nano 2G]], [[Nano 4G]] and [[Classic 2G]]]] | [[File:EmCORE_Nano2G_Nano4G_Classic.jpg|280px|thumb|right|[[emCORE]] r779 on [[Nano 2G]], [[Nano 4G]] and [[Classic 2G]]]] | ||
| − | This is the wiki for the freemyipod project. Freemyipod is a project | + | This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as [http://www.rockbox.org rockbox] or Linux. Freemyipod is a relaunch of [[Linux4nano]]. |
| − | == | + | == FAQ == |
| − | |||
| − | == | + | === What can I do with my iPod nano (2nd generation), iPod classic or older iPods? === |
| − | + | ||
| − | + | There's an upstream Rockbox port for these devices. Go use that. | |
| − | + | ||
| + | === What can I do with my iPod nano (3rd generation) or newer? === | ||
| + | |||
| + | Not much (yet) unless you're an embedded developer :). | ||
| + | |||
| + | On the 3rd, 4th and 5th generation, we have a stable tethered exploit ([[wInd3x]]) which allows early, untethered and safe (no permanent modification) code execution. This in turn allows you to run [[U-Boot]] and an early [[Linux|Linux port]] or experiment with reverse-engineering/modifying the original firmware, [[retailOS]]. | ||
| + | |||
| + | On the 6th and 7th generation, a font parsing vulnerability (CVE-2010-1797) can be exploited with [[ipod_sun]]. | ||
| + | |||
| + | There's a set of earlier tooling ([[emCORE]]/[[emBIOS]]/[[iBugger]]) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned. | ||
| + | |||
| + | == Getting an account == | ||
| + | Due to spambots, registration is closed. For an account contact [[User:User890104|User890104]] or [[User:Q3k|q3k]]. | ||
==Updates== | ==Updates== | ||
| + | * {{#dateformat:2023-12-28}} - [[ipod_sun]], a tool that enables code execution on the iPod nano 6th and 7th generation, is released. | ||
| + | * {{#dateformat:2023-01-07}} - [https://social.hackerspace.pl/@q3k/109655916469636189 A preliminary U-Boot port to the Nano 5G has been developed.] | ||
* {{#dateformat:2022-01-04}} - The bootrom of iPod Nano 5G was successfully dumped, and is in the process of being reverse-engineered! | * {{#dateformat:2022-01-04}} - The bootrom of iPod Nano 5G was successfully dumped, and is in the process of being reverse-engineered! | ||
* {{#dateformat:2021-12-31}} - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for Nano 4G and Nano 5G. | * {{#dateformat:2021-12-31}} - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for Nano 4G and Nano 5G. | ||
| Line 47: | Line 60: | ||
* [[ Contact ]] | * [[ Contact ]] | ||
* [[ Contributing ]] | * [[ Contributing ]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===Released Software=== | ===Released Software=== | ||
| − | * [[ | + | * [[wInd3x]] |
| − | * [[ | + | * [[ipod_sun]] |
| − | * [[ | + | * [[U-Boot|U-Boot port]] |
| − | + | * [[Linux|Linux port]] | |
| − | * | + | * Legacy: |
| − | ** [[ | + | ** [[iBugger]] |
| − | ** [[ | + | ** [[iLoader]] |
| − | ** [[emCORE | + | ** [[emCORE]] |
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"| | |style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"| | ||
| Line 74: | Line 82: | ||
===Reverse engineering results=== | ===Reverse engineering results=== | ||
* [[Firmware]] | * [[Firmware]] | ||
| − | * [[Firmware decryption]] | + | ** [[Bootrom]] |
| + | ** [[Boot Process]] | ||
| + | ** [[Firmware decryption]] | ||
| + | ** [[FTL|Flash Translation Layer]] | ||
| + | ** [[RetailOS]] | ||
| + | *** [[RetailOS Options]] | ||
* [[GUID table]] | * [[GUID table]] | ||
| + | * [[JTAG]] | ||
* Nano 2G | * Nano 2G | ||
** [[Nano2G clock gates]] | ** [[Nano2G clock gates]] | ||
** [[Nano2G LCD init]] | ** [[Nano2G LCD init]] | ||
| − | ** [[Nano2G | + | ** [[Nano2G HW analysis]] |
| + | ** [[S5L8701 analysis]] | ||
* Nano 4G | * Nano 4G | ||
** [[Nano4G firmware upgrade process]] | ** [[Nano4G firmware upgrade process]] | ||
| + | * Nano 5G | ||
| + | ** [[Nano 5G|General]] | ||
===Other guides=== | ===Other guides=== | ||
| − | |||
* [[Modes]] | * [[Modes]] | ||
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"| | |style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"| | ||
| Line 91: | Line 107: | ||
** [[Nano 1G]] | ** [[Nano 1G]] | ||
** [[Nano 2G]] | ** [[Nano 2G]] | ||
| − | |||
| − | |||
** [[Nano 3G]] | ** [[Nano 3G]] | ||
** [[Nano 4G]] | ** [[Nano 4G]] | ||
| + | *** [[920-0614-03]] | ||
** [[Nano 5G]] | ** [[Nano 5G]] | ||
** [[Nano 6G]] | ** [[Nano 6G]] | ||
| + | ** [[Nano 7G]] | ||
** [[Classic 1G]] | ** [[Classic 1G]] | ||
** [[Classic 2G]] | ** [[Classic 2G]] | ||
| Line 104: | Line 120: | ||
===Exploiting=== | ===Exploiting=== | ||
| + | * [[wInd3x]] | ||
* [[Pwnage 2.0]] | * [[Pwnage 2.0]] | ||
* [[Notes vulnerability]] | * [[Notes vulnerability]] | ||
Latest revision as of 03:11, 20 August 2024
This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as rockbox or Linux. Freemyipod is a relaunch of Linux4nano.
FAQ
What can I do with my iPod nano (2nd generation), iPod classic or older iPods?
There's an upstream Rockbox port for these devices. Go use that.
What can I do with my iPod nano (3rd generation) or newer?
Not much (yet) unless you're an embedded developer :).
On the 3rd, 4th and 5th generation, we have a stable tethered exploit (wInd3x) which allows early, untethered and safe (no permanent modification) code execution. This in turn allows you to run U-Boot and an early Linux port or experiment with reverse-engineering/modifying the original firmware, retailOS.
On the 6th and 7th generation, a font parsing vulnerability (CVE-2010-1797) can be exploited with ipod_sun.
There's a set of earlier tooling (emCORE/emBIOS/iBugger) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.
Getting an account
Due to spambots, registration is closed. For an account contact User890104 or q3k.
Updates
- 2023-12-28 - ipod_sun, a tool that enables code execution on the iPod nano 6th and 7th generation, is released.
- 2023-01-07 - A preliminary U-Boot port to the Nano 5G has been developed.
- 2022-01-04 - The bootrom of iPod Nano 5G was successfully dumped, and is in the process of being reverse-engineered!
- 2021-12-31 - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for Nano 4G and Nano 5G.
- 2021-12-27 - A new vulnerability was discovered in iPod Nano 4G and Nano 5G bootrom, which allows arbitrary code execution!
- 2018-08-25 - The website software has been updated to MediaWiki 1.31 after about 2 months of downtime.
Follow our Twitter feed to get status updates automatically. See the Status page for more detailed information. Check our SVN activity page for the latest changes to our source code.
Project infoReleased Software
|
Basic skillsReverse engineering results
Other guides |
HardwareExploiting |
