Main Page: Difference between revisions

From freemyipod
Jump to navigation Jump to search
← Older edit
Jdkjkjj (talk | contribs)
confirmed
11 edits
show all updates since and including wInd3x
Jdkjkjj (talk | contribs)
confirmed
11 edits
m fastfetch on ipod nano 2g
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__NOTOC__
__NOTOC__
[[File:Photo 2025-12-27 20-36-24.jpg|280px|thumb|right|[[Linux]] 6.14.0 on [[Nano 7G]]]]
[[File:EmCORE_Nano2G_Nano4G_Classic.jpg|280px|thumb|right|[[emCORE]] r779 on [[Nano 2G]], [[Nano 4G]] and [[Classic 2G]]]]
This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as [https://www.rockbox.org/ Rockbox] or [https://kernel.org/ Linux]. Freemyipod is a relaunch of [[Linux4nano]].
This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as [https://www.rockbox.org/ Rockbox] or [https://kernel.org/ Linux]. Freemyipod is a relaunch of [[Linux4nano]].


Line 14: Line 12:
Not much (yet) unless you're an embedded developer :).
Not much (yet) unless you're an embedded developer :).


On the [[Nano 3G]], [[Nano 4G]] and [[Nano 5G]], we have a stable tethered exploit ([[wInd3x]]) which allows early, untethered and safe (no permanent modification) code execution. This in turn allows you to run [[U-Boot]] and an early [[Linux|Linux port]] or experiment with reverse-engineering/modifying the original firmware, [[retailOS]].
Here's the current progress, by iPod model:


On the [[Nano 6G]], [[Nano 7G]] and iPod shuffle (4th generation), a vulnerability in DFU_DNLOAD packet parsing code can be exploited with [[S5Late]]. It allows tethered code execution.
[[Nano 3G]] and [[Nano 4G]]
* [[wInd3x]] allows untethered and safe code execution (no permanent modification).
* Rockbox bootloader has been published, but [https://isthererockboxonipodnano3g.freemyipod.org/ the Rockbox port is not yet completed].


On the [[Nano 6G]] and [[Nano 7G]], a font parsing vulnerability (CVE-2010-1797) can be exploited with [[ipod_sun]]. It allows untethered code execution.
[[Nano 5G]]
* [[wInd3x]] allows untethered and safe code execution (no permanent modification).
* There's a [[U-Boot]] port, and [[Linux|Linux]] boots with an initramfs.
 
[[Nano 6G]] and [[Nano 7G]]
* Tethered code execution using [[S5Late]] (a vulnerability in DFU_DNLOAD packet parsing code) (also for iPod shuffle (4th generation))
* Untethered code execution using [[ipod_sun]] (CVE-2010-1797)
 
[[Nano 7G]]
* There's a [[U-Boot]] port, and [[Linux|Linux]] boots with an initramfs.


There's a set of earlier tooling ([[emCORE]]/[[emBIOS]]/[[iBugger]]) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.
There's a set of earlier tooling ([[emCORE]]/[[emBIOS]]/[[iBugger]]) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.
== Gallery ==
<gallery>
File:Fastfetch_nano_7g_7.1-rc3.png|fastfetch on [[Nano 7G]]
File:Fastfetch nano 2g 6.10.png|fastfetch on [[Nano 2G]]
File:Linux nano 7g 7.1-rc3.jpg|[[Linux]] 7.1.0-rc3 on [[Nano 7G]]
File:Photo 2025-12-27 20-36-24.jpg|[[Linux]] 6.14.0 on [[Nano 7G]]
File:EmCORE_Nano2G_Nano4G_Classic.jpg|[[emCORE]] r779 on [[Nano 2G]], [[Nano 4G]] and [[Classic 2G]]
</gallery>


== Getting an account ==
== Getting an account ==
Line 26: Line 44:


==Updates==
==Updates==
* {{#dateformat:2026-03-30}} - Some of us will be at GPN24 in Karlsruhe! [https://entropia.de/GPN24 More info here]. Let us know on IRC/Discord/Matrix if you're also there!
* {{#dateformat:2026-03-30}} - Some of us will be at [https://entropia.de/GPN24 GPN24] in Karlsruhe! [[Contact|Let us know on IRC/Discord/Matrix]] if you're also there!
* {{#dateformat:2025-12-28}} - [[User:Hug0|Hug0]] made a lightning talk at 39C3 on [https://www.youtube.com/watch?v=FKHL1yyOKJc iPod Nano reverse engineering].
* {{#dateformat:2025-12-28}} - [[User:Hug0|Hug0]] made a lightning talk at [https://events.ccc.de/congress/2025/infos/startpage.html 39C3] on [https://www.youtube.com/watch?v=FKHL1yyOKJc iPod Nano reverse engineering].
* {{#dateformat:2025-12-26}} - Some of us will be at 39C3 in Hamburg! Get in touch with [https://events.ccc.de/congress/2025/hub/en/user/q3k q3k] and/or [https://events.ccc.de/congress/2025/hub/en/user/slackware Slackware] if you're around!
* {{#dateformat:2025-12-26}} - Some of us will be at [https://events.ccc.de/congress/2025/infos/startpage.html 39C3] in Hamburg! Get in touch with [https://events.ccc.de/congress/2025/hub/en/user/q3k q3k] and/or [https://events.ccc.de/congress/2025/hub/en/user/slackware Slackware] if you're around!
* {{#dateformat:2025-06-12}} - Some of us will be at GPN23 in Karlsruhe! [https://entropia.de/GPN23 More info here]. Let us know on IRC/Discord/Matrix if you're also there!
* {{#dateformat:2025-06-12}} - Some of us will be at [https://entropia.de/GPN23 GPN23] in Karlsruhe! [[Contact|Let us know on IRC/Discord/Matrix]] if you're also there!
* {{#dateformat:2024-12-25}} - Some of us will be at 38C3 in Hamburg! [https://events.ccc.de/congress/2024/hub/en/project/ipod-nano-hacking-freemyipod/ Come say hi!]
* {{#dateformat:2024-12-25}} - Some of us will be at [https://events.ccc.de/congress/2024/infos/startpage.html 38C3] in Hamburg! [https://events.ccc.de/congress/2024/hub/en/project/ipod-nano-hacking-freemyipod/ Come say hi!]
* {{#dateformat:2024-12-16}} - [[S5Late]], a tethered iPod bootrom/DFU exploit for [[Nano 7G]] (and possibly [[Nano 6G]]), is released.
* {{#dateformat:2024-12-16}} - [[S5Late]], a tethered iPod bootrom/DFU exploit for [[Nano 7G]] (and possibly [[Nano 6G]]), is released.
* {{#dateformat:2023-12-28}} - [[ipod_sun]], a tool that enables code execution on the [[Nano 6G]] and [[Nano 7G]], is released.
* {{#dateformat:2023-12-28}} - [[ipod_sun]], a tool that enables code execution on the [[Nano 6G]] and [[Nano 7G]], is released.
* {{#dateformat:2023-01-07}} - [https://social.hackerspace.pl/@q3k/109655916469636189 A preliminary U-Boot port to the [[Nano 5G]] has been developed.]
* {{#dateformat:2023-01-07}} - A preliminary [[U-Boot]] port to the [[Nano 5G]] [https://social.hackerspace.pl/@q3k/109655916469636189 has been developed].
* {{#dateformat:2022-01-04}} - The bootrom of [[Nano 5G]] was successfully dumped, and is in the process of being reverse-engineered!
* {{#dateformat:2022-01-04}} - The bootrom of [[Nano 5G]] was successfully dumped, and is in the process of being reverse-engineered!
* {{#dateformat:2021-12-31}} - An exploit named wInd3x, which exploits the latest vulnerability, is being prepared for [[Nano 4G]] and [[Nano 5G]].
* {{#dateformat:2021-12-31}} - An exploit named [[wInd3x]], which exploits the latest vulnerability, is being prepared for [[Nano 4G]] and [[Nano 5G]].
* {{#dateformat:2021-12-27}} - A new vulnerability was discovered in [[Nano 4G]] and [[Nano 5G]] bootrom, which allows arbitrary code execution!
* {{#dateformat:2021-12-27}} - A new vulnerability was discovered in [[Nano 4G]] and [[Nano 5G]] bootrom, which allows arbitrary code execution!
<!--
<!--
Line 108: Line 126:
* Nano 5G
* Nano 5G
** [[Nano 5G|General]]
** [[Nano 5G|General]]
===Other guides===
* [[Modes]]
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|
===Hardware===
===Hardware===
Line 125: Line 140:
* [[Chronology]]
* [[Chronology]]
* [[S5L8700 datasheet]]
* [[S5L8700 datasheet]]
* [[Modes]]


===Exploiting===
===Exploiting===

Latest revision as of 16:29, 16 May 2026

This is the wiki for the freemyipod project. Freemyipod is a project aimed at reverse-engineering non-iOS iPods (all models other than the Touch) and creating tools and documentation so that other people can port alternative firmwares to them such as Rockbox or Linux. Freemyipod is a relaunch of Linux4nano.

FAQ

What can I do with my iPod nano (2nd generation), iPod classic (6th generation) or older iPods?

There's an upstream Rockbox port for these devices. Go use that.

What can I do with my iPod nano (3rd generation) or newer?

Not much (yet) unless you're an embedded developer :).

Here's the current progress, by iPod model:

iPod nano (3rd generation) and iPod nano (4th generation)

iPod nano (5th generation)

  • wInd3x allows untethered and safe code execution (no permanent modification).
  • There's a U-Boot port, and Linux boots with an initramfs.

iPod nano (6th generation) and iPod nano (7th generation)

  • Tethered code execution using S5Late (a vulnerability in DFU_DNLOAD packet parsing code) (also for iPod shuffle (4th generation))
  • Untethered code execution using ipod_sun (CVE-2010-1797)

iPod nano (7th generation)

  • There's a U-Boot port, and Linux boots with an initramfs.

There's a set of earlier tooling (emCORE/emBIOS/iBugger) which was exploiting other vulnerabilities and was a lead-up to a port of Rockbox, but it's mostly abandoned.

Getting an account

Due to spambots, registration is closed. For an account contact User890104 or q3k.

Updates

Follow our X feed to get status updates automatically. See the Status page for more detailed information. Check our GitHub repositories for the latest changes to our source code.

Project info

Released Software

Basic skills

Reverse engineering results

Hardware

Exploiting

Retrieved from "https://freemyipod.org/index.php?title=Main_Page&oldid=22324"