pwnage easily patchable?

Discussion in 'iPod touch Firmware 2.X Jailbreak' started by gojohnnyboi, Sep 15, 2008.

  1. gojohnnyboi

    gojohnnyboi Well-Known Member

    Joined:
    Jan 25, 2008
    Messages:
    3,339
    Likes Received:
    55
    Ok, so thinking here gave me this idea. Couldn't apple have iTunes check the SHA1 or md5 of the ipsw that its restore with to make sure its the same one that THEY created, and not let you restore if it's different? Why haven't they done that yet?

    -John
  2. Jarlath

    Jarlath Retired Moderator

    Joined:
    Mar 21, 2008
    Messages:
    2,321
    Likes Received:
    0
    Isn't that part of what pwnage disabled? And why you had to kill all iTunes processes for?
  3. Ryan

    Ryan Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    4,129
    Likes Received:
    28
    Device:
    Nexus 4
    i never knew pwnage did anything to your itunes :\
  4. jfb392

    jfb392 New Member

    Joined:
    Oct 20, 2007
    Messages:
    2,512
    Likes Received:
    21
    Device:
    iPod touch
    They haven't done it yet because they know that any attempt to hash check a firmware could be easily patched out.
    For each new firmware update, a new build of iTunes would be needed with added hashes.
    The inability to use older versions of iTunes would just frustrate users.
    Also, they could always have it check a remote server for hash data, but we all know how easy it is to circumvent that sort of thing..
    If they thought of some other way to do it, it's easy enough to patch an executable.

    No, it kills iTunes processes so they don't control your device.
    Pwnage only disables the signature check for images sent the device, which is done by patching out the check in the NOR of the device.
    It never touches iTunes.
    "Pwning iTunes" simply replaces a small .ipsw with a modified one containing a WTF file with malformed certificate data which takes advantage of the bootrom certificate parsing overflow.
    It doesn't.

Share This Page