Difference between revisions of "Nanotron 3000"

From freemyipod.org
Jump to: navigation, search
Line 3: Line 3:
 
== Technical details for 4G ==
 
== Technical details for 4G ==
 
*Time to hold down menu and center buttons to restart: exactly 5 seconds
 
*Time to hold down menu and center buttons to restart: exactly 5 seconds
 +
=== Cable disconnected ===
 
*Time to reboot to main menu: 17.5 seconds
 
*Time to reboot to main menu: 17.5 seconds
*Time to boot cold to main menu: ~25 seconds (shouldn't be needed)
+
*Time to reboot to disk mode: 2-3 seconds depending on how quick you can press it
*Time to reboot to disk mode: 2-3 seconds depending on how quick you can press it (this is like .25 seconds after Apple logo). I did see 10 seconds once so I guess there might be a last-minute check after the Apple logo
+
=== Cable connected ===
 +
*Time to reboot to main menu: 35 seconds
 +
*Time to reboot to disk mode: 11 seconds
 +
 
 +
For some reason booting up with the cable connected doubles the time to boot up, but we pretty much have to use the cable.
  
 
Using the times I've gathered, we can make a timeline of how our process will work, starting from disk mode:
 
Using the times I've gathered, we can make a timeline of how our process will work, starting from disk mode:
 
# Take off old note file, put in new one (half a second)
 
# Take off old note file, put in new one (half a second)
 
# Hold down menu and play to reboot (5 seconds)
 
# Hold down menu and play to reboot (5 seconds)
# Wait for boot (17.5 seconds)
+
# Wait for boot (35 seconds)
 
# Find out what state the iPod is in and react accordingly (5 seconds if we have to force reboot)
 
# Find out what state the iPod is in and react accordingly (5 seconds if we have to force reboot)
# Boot to disk mode and start from beginning (2.5 seconds)
+
# Boot to disk mode and start from beginning (11 seconds)
  
So the amount of time to test one file would take roughly 30.5 seconds. With that time we can test about 2832 files a day. With a 16-byte step (might be better to use 8 bytes?) we could bust through a whopping 45312 bytes a day (0xB100)
+
So the amount of time to test one file would take roughly 56.5 seconds (most likely 60 seconds with some delays in between). With that time we can test about 1440 files a day. With a 16-byte step (4 instructions, maybe we should do 2?) we could bust through a whopping 23040 bytes a day (0x5A00). Some addresses will have to be skipped for UTF-8 reasons.
  
 
We might end up having to try both the freeze and the crash files for the same address, which would double the time, but still be very practical.
 
We might end up having to try both the freeze and the crash files for the same address, which would double the time, but still be very practical.
  
 
TODO: work out ways from the robot's perspective to determine how the iPod reacts to the notes file. The easiest way seems to use the backlight, but this needs to be looked into. Perhaps we could use the iPod's USB status to tell...
 
TODO: work out ways from the robot's perspective to determine how the iPod reacts to the notes file. The easiest way seems to use the backlight, but this needs to be looked into. Perhaps we could use the iPod's USB status to tell...

Revision as of 04:00, 23 August 2009

Because of the immense amount of time it will take to brute force the 3G and the 4G, the Linux4nano team has hatched an ambitious idea. We have decided to build a brute forcing robot with LEGO Mindstorms. We can leave this bot running overnight and hopefully find out the correct addresses. If the LEGO idea is not feasible we can resort to using transistors like Sto used on the 2G. This would be more expensive but easier IMO.

Technical details for 4G

  • Time to hold down menu and center buttons to restart: exactly 5 seconds

Cable disconnected

  • Time to reboot to main menu: 17.5 seconds
  • Time to reboot to disk mode: 2-3 seconds depending on how quick you can press it

Cable connected

  • Time to reboot to main menu: 35 seconds
  • Time to reboot to disk mode: 11 seconds

For some reason booting up with the cable connected doubles the time to boot up, but we pretty much have to use the cable.

Using the times I've gathered, we can make a timeline of how our process will work, starting from disk mode:

  1. Take off old note file, put in new one (half a second)
  2. Hold down menu and play to reboot (5 seconds)
  3. Wait for boot (35 seconds)
  4. Find out what state the iPod is in and react accordingly (5 seconds if we have to force reboot)
  5. Boot to disk mode and start from beginning (11 seconds)

So the amount of time to test one file would take roughly 56.5 seconds (most likely 60 seconds with some delays in between). With that time we can test about 1440 files a day. With a 16-byte step (4 instructions, maybe we should do 2?) we could bust through a whopping 23040 bytes a day (0x5A00). Some addresses will have to be skipped for UTF-8 reasons.

We might end up having to try both the freeze and the crash files for the same address, which would double the time, but still be very practical.

TODO: work out ways from the robot's perspective to determine how the iPod reacts to the notes file. The easiest way seems to use the backlight, but this needs to be looked into. Perhaps we could use the iPod's USB status to tell...