ipod_sun

ipod_sun is a tool that builds a modified firmware image enabling code execution on the iPod nano 6th and 7th generation. It works by replacing a font file in the rsrc partition of the firmware image with a malformed OTF font exploiting CVE-2010-1797^[1].

Usage

Once the firmware is booted on the device, usually via the osos/disk swapping bug, the following additional SCSI commands are added:

C6 96 01 __ __ __ __ - write data to memory
C6 96 02 __ __ __ __ - read data from memory
C6 96 03 __ __ __ __ - call a certain address in memory

The underscores represent the 4-byte memory address.

C6, the operation code for these commands, is used for proprietary Apple SCSI commands and exists in unmodified firmware. Only these instructions are part of ipod_sun.

↑ https://www.cve.org/CVERecord?id=CVE-2010-1797

[1] ttps://www.cve.org/CVERecord?id=CVE-2010-1797

[1]

ipod_sun

Usage

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Info

Reverse engineering Results

Exploiting

Other Guides

Tools