Main Page: Difference between revisions

This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as Rockbox or Linux. Freemyipod is a relaunch of Linux4nano.

There's an upstream Rockbox port for these devices. Go use that.

Not much (yet) unless you're an embedded developer :).

On the iPod nano (3rd generation), iPod nano (4th generation) and iPod nano (5th generation), we have a stable tethered exploit (wInd3x) which allows early, untethered and safe (no permanent modification) code execution. This in turn allows you to run U-Boot and an early Linux port or experiment with reverse-engineering/modifying the original firmware, retailOS.

On the iPod nano (6th generation), iPod nano (7th generation) and iPod shuffle (4th generation), a vulnerability in DFU_DNLOAD packet parsing code can be exploited with S5Late. It allows tethered code execution.

On the iPod nano (6th generation) and iPod nano (7th generation), a font parsing vulnerability (CVE-2010-1797) can be exploited with ipod_sun. It allows untethered code execution.

There's a set of earlier tooling (emCORE/emBIOS/iBugger) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.

Due to spambots, registration is closed. For an account contact User890104 or q3k.

• 2026-03-30 - Some of us will be at GPN24 in Karlsruhe! Let us know on IRC/Discord/Matrix if you're also there!
• 2025-12-28 - Hug0 made a lightning talk at 39C3 on iPod Nano reverse engineering.
• 2025-12-26 - Some of us will be at 39C3 in Hamburg! Get in touch with q3k and/or Slackware if you're around!
• 2025-06-12 - Some of us will be at GPN23 in Karlsruhe! Let us know on IRC/Discord/Matrix if you're also there!
• 2024-12-25 - Some of us will be at 38C3 in Hamburg! Come say hi!
• 2024-12-16 - S5Late, a tethered iPod bootrom/DFU exploit for iPod nano (7th generation) (and possibly iPod nano (6th generation)), is released.
• 2023-12-28 - ipod_sun, a tool that enables code execution on the iPod nano (6th generation) and iPod nano (7th generation), is released.
• 2023-01-07 - A preliminary U-Boot port to the iPod nano (5th generation) has been developed.
• 2022-01-04 - The bootrom of iPod nano (5th generation) was successfully dumped, and is in the process of being reverse-engineered!
• 2021-12-31 - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for iPod nano (4th generation) and iPod nano (5th generation).
• 2021-12-27 - A new vulnerability was discovered in iPod nano (4th generation) and iPod nano (5th generation) bootrom, which allows arbitrary code execution!

Follow our X feed to get status updates automatically. See the Status page for more detailed information. Check our GitHub repositories for the latest changes to our source code.