User talk:Scotty2

method

Hey. I was looking through some colloquy logs and I didn't appear to understand the significance of something you said, but now that I have educated myself quite a bit on this stuff, I wanted to know how you were able to do this memory dump. It may serve as very very useful in jailbreaking the new iPod Touch 2G, because we can boot the device into recovery or something and then dump a decrypted iBoot. Not to mention we could send it a ramdisk, and execute the ramdisk command. That will put the decrypted output of what we just sent to 0xC000000 in memory, and if we can dump that, then we can get the ASR key to decrypt the root filesystem. IN case you were wondering, the mdb iBoot command only works up to 0xAFF0000, so dumping anything that way is a no go :(

scotty2: no, i don't mesh with them. i got in fights with 2 of them yesterday once i learned just how wrong they were about the bootloader chain

scotty2: they were arguing with me about something they had no idea about

scotty2: i told them that the vrom is not where they think it is, that what they're looking at is only a memory copy of it, and they just told me i was stupid.

scotty2: so i provided dumps

scotty2: and they stopped talking to me

scotty2: but basically, we are now able to observe the very first instructions that run on the application processor, and every step in between. hopefully we can look for an exploit down in unflashable space, like dfu

scotty2: the second you plug your phone into itunes in dfu mode with 7.7, it instantly uploads new dfu code. (can't flash it though, just in memory) which leads us to think that maybe they found a hole in the old dfu code