The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Talk:Blackra1n"
MaybachMan (talk | contribs) (Added output from IDA, I hope I did it right...) |
m |
||
(4 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
+ | {{lowercase}} |
||
+ | == Why no AFC2? == |
||
Is there any reason why even RC3 doesn't add afc2 to services.plist? --[[User:Redart|Redart]] 13:40, 4 November 2009 (UTC) |
Is there any reason why even RC3 doesn't add afc2 to services.plist? --[[User:Redart|Redart]] 13:40, 4 November 2009 (UTC) |
||
== Payload == |
== Payload == |
||
− | |||
I notice pages like the one for [[ultrasn0w]] contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like [[purplera1n]] will be published? [[User:MaybachMan|MaybachMan]] 08:25, 1 August 2010 (UTC) |
I notice pages like the one for [[ultrasn0w]] contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like [[purplera1n]] will be published? [[User:MaybachMan|MaybachMan]] 08:25, 1 August 2010 (UTC) |
||
− | |||
:That would be really awesome to see. Anyone able to <del>negotiate</del> communicate with geohot? [[User:Iemit737|Iemit737]] 09:07, 1 August 2010 (UTC) |
:That would be really awesome to see. Anyone able to <del>negotiate</del> communicate with geohot? [[User:Iemit737|Iemit737]] 09:07, 1 August 2010 (UTC) |
||
− | |||
:I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for [[Spirit]]. -- [[User:Http|http]] 09:51, 1 August 2010 (UTC) |
:I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for [[Spirit]]. -- [[User:Http|http]] 09:51, 1 August 2010 (UTC) |
||
+ | :I have blackra1n open in IDA right now, here's what it gave me (I hope I did this right). |
||
− | |||
− | :I have blackra1n open in IDA right now, here's what it gave me. |
||
<pre> |
<pre> |
||
UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ |
UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ |
||
Line 278: | Line 276: | ||
UPX1:004E9C00 end start |
UPX1:004E9C00 end start |
||
</pre> |
</pre> |
||
+ | :--[[User:MaybachMan|MaybachMan]] 17:37, 3 August 2010 (UTC) |
||
− | |||
− | [[User:MaybachMan|MaybachMan]] 17:37, 3 August 2010 (UTC) |
Latest revision as of 03:33, 30 January 2013
Why no AFC2?
Is there any reason why even RC3 doesn't add afc2 to services.plist? --Redart 13:40, 4 November 2009 (UTC)
Payload
I notice pages like the one for ultrasn0w contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like purplera1n will be published? MaybachMan 08:25, 1 August 2010 (UTC)
- That would be really awesome to see. Anyone able to
negotiatecommunicate with geohot? Iemit737 09:07, 1 August 2010 (UTC) - I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for Spirit. -- http 09:51, 1 August 2010 (UTC)
- I have blackra1n open in IDA right now, here's what it gave me (I hope I did this right).
UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ UPX1:004E9A40 UPX1:004E9A40 UPX1:004E9A40 public start UPX1:004E9A40 start proc near UPX1:004E9A40 UPX1:004E9A40 var_AC = dword ptr -0ACh UPX1:004E9A40 UPX1:004E9A40 pusha UPX1:004E9A41 mov esi, offset byte_455015 UPX1:004E9A46 lea edi, [esi-54015h] UPX1:004E9A4C push edi UPX1:004E9A4D jmp short loc_4E9A5A UPX1:004E9A4D ; --------------------------------------------------------------------------- UPX1:004E9A4F align 10h UPX1:004E9A50 UPX1:004E9A50 loc_4E9A50: ; CODE XREF: start:loc_4E9A61�j UPX1:004E9A50 mov al, [esi] UPX1:004E9A52 inc esi UPX1:004E9A53 mov [edi], al UPX1:004E9A55 inc edi UPX1:004E9A56 UPX1:004E9A56 loc_4E9A56: ; CODE XREF: start+CF�j UPX1:004E9A56 ; start+E5�j UPX1:004E9A56 add ebx, ebx UPX1:004E9A58 jnz short loc_4E9A61 UPX1:004E9A5A UPX1:004E9A5A loc_4E9A5A: ; CODE XREF: start+D�j UPX1:004E9A5A mov ebx, [esi] UPX1:004E9A5C sub esi, 0FFFFFFFCh UPX1:004E9A5F adc ebx, ebx UPX1:004E9A61 UPX1:004E9A61 loc_4E9A61: ; CODE XREF: start+18�j UPX1:004E9A61 jb short loc_4E9A50 UPX1:004E9A63 mov eax, 1 UPX1:004E9A68 UPX1:004E9A68 loc_4E9A68: ; CODE XREF: start+52�j UPX1:004E9A68 add ebx, ebx UPX1:004E9A6A jnz short loc_4E9A73 UPX1:004E9A6C mov ebx, [esi] UPX1:004E9A6E sub esi, 0FFFFFFFCh UPX1:004E9A71 adc ebx, ebx UPX1:004E9A73 UPX1:004E9A73 loc_4E9A73: ; CODE XREF: start+2A�j UPX1:004E9A73 adc eax, eax UPX1:004E9A75 add ebx, ebx UPX1:004E9A77 jnb short loc_4E9A84 UPX1:004E9A79 jnz short loc_4E9AA3 UPX1:004E9A7B mov ebx, [esi] UPX1:004E9A7D sub esi, 0FFFFFFFCh UPX1:004E9A80 adc ebx, ebx UPX1:004E9A82 jb short loc_4E9AA3 UPX1:004E9A84 UPX1:004E9A84 loc_4E9A84: ; CODE XREF: start+37�j UPX1:004E9A84 dec eax UPX1:004E9A85 add ebx, ebx UPX1:004E9A87 jnz short loc_4E9A90 UPX1:004E9A89 mov ebx, [esi] UPX1:004E9A8B sub esi, 0FFFFFFFCh UPX1:004E9A8E adc ebx, ebx UPX1:004E9A90 UPX1:004E9A90 loc_4E9A90: ; CODE XREF: start+47�j UPX1:004E9A90 adc eax, eax UPX1:004E9A92 jmp short loc_4E9A68 UPX1:004E9A94 ; --------------------------------------------------------------------------- UPX1:004E9A94 UPX1:004E9A94 loc_4E9A94: ; CODE XREF: start:loc_4E9AC6�j UPX1:004E9A94 ; start:loc_4E9AD4�j UPX1:004E9A94 add ebx, ebx UPX1:004E9A96 jnz short loc_4E9A9F UPX1:004E9A98 mov ebx, [esi] UPX1:004E9A9A sub esi, 0FFFFFFFCh UPX1:004E9A9D adc ebx, ebx UPX1:004E9A9F UPX1:004E9A9F loc_4E9A9F: ; CODE XREF: start+56�j UPX1:004E9A9F adc ecx, ecx UPX1:004E9AA1 jmp short loc_4E9AF5 UPX1:004E9AA3 ; --------------------------------------------------------------------------- UPX1:004E9AA3 UPX1:004E9AA3 loc_4E9AA3: ; CODE XREF: start+39�j UPX1:004E9AA3 ; start+42�j UPX1:004E9AA3 xor ecx, ecx UPX1:004E9AA5 sub eax, 3 UPX1:004E9AA8 jb short loc_4E9ABB UPX1:004E9AAA shl eax, 8 UPX1:004E9AAD mov al, [esi] UPX1:004E9AAF inc esi UPX1:004E9AB0 xor eax, 0FFFFFFFFh UPX1:004E9AB3 jz short loc_4E9B2A UPX1:004E9AB5 sar eax, 1 UPX1:004E9AB7 mov ebp, eax UPX1:004E9AB9 jmp short loc_4E9AC6 UPX1:004E9ABB ; --------------------------------------------------------------------------- UPX1:004E9ABB UPX1:004E9ABB loc_4E9ABB: ; CODE XREF: start+68�j UPX1:004E9ABB add ebx, ebx UPX1:004E9ABD jnz short loc_4E9AC6 UPX1:004E9ABF mov ebx, [esi] UPX1:004E9AC1 sub esi, 0FFFFFFFCh UPX1:004E9AC4 adc ebx, ebx UPX1:004E9AC6 UPX1:004E9AC6 loc_4E9AC6: ; CODE XREF: start+79�j UPX1:004E9AC6 ; start+7D�j UPX1:004E9AC6 jb short loc_4E9A94 UPX1:004E9AC8 inc ecx UPX1:004E9AC9 add ebx, ebx UPX1:004E9ACB jnz short loc_4E9AD4 UPX1:004E9ACD mov ebx, [esi] UPX1:004E9ACF sub esi, 0FFFFFFFCh UPX1:004E9AD2 adc ebx, ebx UPX1:004E9AD4 UPX1:004E9AD4 loc_4E9AD4: ; CODE XREF: start+8B�j UPX1:004E9AD4 jb short loc_4E9A94 UPX1:004E9AD6 UPX1:004E9AD6 loc_4E9AD6: ; CODE XREF: start+A5�j UPX1:004E9AD6 ; start+B0�j UPX1:004E9AD6 add ebx, ebx UPX1:004E9AD8 jnz short loc_4E9AE1 UPX1:004E9ADA mov ebx, [esi] UPX1:004E9ADC sub esi, 0FFFFFFFCh UPX1:004E9ADF adc ebx, ebx UPX1:004E9AE1 UPX1:004E9AE1 loc_4E9AE1: ; CODE XREF: start+98�j UPX1:004E9AE1 adc ecx, ecx UPX1:004E9AE3 add ebx, ebx UPX1:004E9AE5 jnb short loc_4E9AD6 UPX1:004E9AE7 jnz short loc_4E9AF2 UPX1:004E9AE9 mov ebx, [esi] UPX1:004E9AEB sub esi, 0FFFFFFFCh UPX1:004E9AEE adc ebx, ebx UPX1:004E9AF0 jnb short loc_4E9AD6 UPX1:004E9AF2 UPX1:004E9AF2 loc_4E9AF2: ; CODE XREF: start+A7�j UPX1:004E9AF2 add ecx, 2 UPX1:004E9AF5 UPX1:004E9AF5 loc_4E9AF5: ; CODE XREF: start+61�j UPX1:004E9AF5 cmp ebp, 0FFFFFB00h UPX1:004E9AFB adc ecx, 2 UPX1:004E9AFE lea edx, [edi+ebp] UPX1:004E9B01 cmp ebp, 0FFFFFFFCh UPX1:004E9B04 jbe short loc_4E9B14 UPX1:004E9B06 UPX1:004E9B06 loc_4E9B06: ; CODE XREF: start+CD�j UPX1:004E9B06 mov al, [edx] UPX1:004E9B08 inc edx UPX1:004E9B09 mov [edi], al UPX1:004E9B0B inc edi UPX1:004E9B0C dec ecx UPX1:004E9B0D jnz short loc_4E9B06 UPX1:004E9B0F jmp loc_4E9A56 UPX1:004E9B14 ; --------------------------------------------------------------------------- UPX1:004E9B14 UPX1:004E9B14 loc_4E9B14: ; CODE XREF: start+C4�j UPX1:004E9B14 ; start+E1�j UPX1:004E9B14 mov eax, [edx] UPX1:004E9B16 add edx, 4 UPX1:004E9B19 mov [edi], eax UPX1:004E9B1B add edi, 4 UPX1:004E9B1E sub ecx, 4 UPX1:004E9B21 ja short loc_4E9B14 UPX1:004E9B23 add edi, ecx UPX1:004E9B25 jmp loc_4E9A56 UPX1:004E9B2A ; --------------------------------------------------------------------------- UPX1:004E9B2A UPX1:004E9B2A loc_4E9B2A: ; CODE XREF: start+73�j UPX1:004E9B2A pop esi UPX1:004E9B2B mov edi, esi UPX1:004E9B2D mov ecx, 0F1h UPX1:004E9B32 UPX1:004E9B32 loc_4E9B32: ; CODE XREF: start+F9�j UPX1:004E9B32 ; start+FE�j UPX1:004E9B32 mov al, [edi] UPX1:004E9B34 inc edi UPX1:004E9B35 sub al, 0E8h UPX1:004E9B37 UPX1:004E9B37 loc_4E9B37: ; CODE XREF: start+11C�j UPX1:004E9B37 cmp al, 1 UPX1:004E9B39 ja short loc_4E9B32 UPX1:004E9B3B cmp byte ptr [edi], 1 UPX1:004E9B3E jnz short loc_4E9B32 UPX1:004E9B40 mov eax, [edi] UPX1:004E9B42 mov bl, [edi+4] UPX1:004E9B45 shr ax, 8 UPX1:004E9B49 rol eax, 10h UPX1:004E9B4C xchg al, ah UPX1:004E9B4E sub eax, edi UPX1:004E9B50 sub bl, 0E8h UPX1:004E9B53 add eax, esi UPX1:004E9B55 mov [edi], eax UPX1:004E9B57 add edi, 5 UPX1:004E9B5A mov al, bl UPX1:004E9B5C loop loc_4E9B37 UPX1:004E9B5E lea edi, [esi+0E7000h] UPX1:004E9B64 UPX1:004E9B64 loc_4E9B64: ; CODE XREF: start+146�j UPX1:004E9B64 mov eax, [edi] UPX1:004E9B66 or eax, eax UPX1:004E9B68 jz short loc_4E9BA6 UPX1:004E9B6A mov ebx, [edi+4] UPX1:004E9B6D lea eax, [eax+esi+0EA164h] UPX1:004E9B74 add ebx, esi UPX1:004E9B76 push eax UPX1:004E9B77 add edi, 8 UPX1:004E9B7A call dword ptr [esi+0EA1C8h] UPX1:004E9B80 xchg eax, ebp UPX1:004E9B81 UPX1:004E9B81 loc_4E9B81: ; CODE XREF: start+15E�j UPX1:004E9B81 mov al, [edi] UPX1:004E9B83 inc edi UPX1:004E9B84 or al, al UPX1:004E9B86 jz short loc_4E9B64 UPX1:004E9B88 mov ecx, edi UPX1:004E9B8A push edi UPX1:004E9B8B dec eax UPX1:004E9B8C repne scasb UPX1:004E9B8E push ebp UPX1:004E9B8F call dword ptr [esi+0EA1CCh] UPX1:004E9B95 or eax, eax UPX1:004E9B97 jz short loc_4E9BA0 UPX1:004E9B99 mov [ebx], eax UPX1:004E9B9B add ebx, 4 UPX1:004E9B9E jmp short loc_4E9B81 UPX1:004E9BA0 ; --------------------------------------------------------------------------- UPX1:004E9BA0 UPX1:004E9BA0 loc_4E9BA0: ; CODE XREF: start+157�j UPX1:004E9BA0 call dword ptr [esi+0EA1DCh] UPX1:004E9BA6 UPX1:004E9BA6 loc_4E9BA6: ; CODE XREF: start+128�j UPX1:004E9BA6 mov ebp, [esi+0EA1D0h] UPX1:004E9BAC lea edi, [esi-1000h] UPX1:004E9BB2 mov ebx, 1000h UPX1:004E9BB7 push eax UPX1:004E9BB8 push esp UPX1:004E9BB9 push 4 UPX1:004E9BBB push ebx UPX1:004E9BBC push edi UPX1:004E9BBD call ebp UPX1:004E9BBF lea eax, [edi+19Fh] UPX1:004E9BC5 and byte ptr [eax], 7Fh UPX1:004E9BC8 and byte ptr [eax+28h], 7Fh UPX1:004E9BCC pop eax UPX1:004E9BCD push eax UPX1:004E9BCE push esp UPX1:004E9BCF push eax UPX1:004E9BD0 push ebx UPX1:004E9BD1 push edi UPX1:004E9BD2 call ebp UPX1:004E9BD4 pop eax UPX1:004E9BD5 popa UPX1:004E9BD6 lea eax, [esp+2Ch+var_AC] UPX1:004E9BDA UPX1:004E9BDA loc_4E9BDA: ; CODE XREF: start+19E�j UPX1:004E9BDA push 0 UPX1:004E9BDC cmp esp, eax UPX1:004E9BDE jnz short loc_4E9BDA UPX1:004E9BE0 sub esp, 0FFFFFF80h UPX1:004E9BE3 jmp near ptr dword_401240 UPX1:004E9BE3 start endp UPX1:004E9BE3 UPX1:004E9BE3 ; --------------------------------------------------------------------------- UPX1:004E9BE8 dd 6 dup(0) UPX1:004E9C00 dd 100h dup(?) UPX1:004E9C00 UPX1 ends UPX1:004E9C00 UPX1:004E9C00 UPX1:004E9C00 end start
- --MaybachMan 17:37, 3 August 2010 (UTC)