[Release] XPwn (experimental pwnage tool for Linux)

WOO. i might have to test this.

Hey,

first of all thx for your work, seems to be a great tool!

I`ve tested an get stuck at the following error

Code:

prInZ@prInZ-desktop:~/Desktop/xpwn$ sudo ./ipsw iPod1,1_1.1.4_4A102_Restore.ipsw custom.ipsw \ bundles/Installer.bundle/files
loading: 022-3893-4.dmg (132075520)
loading: 022-3896-4.dmg (18764938)
loading: 022-3900-4.dmg (18764938)
loading: Firmware/all_flash/all_flash.n45ap.production/applelogo.img2 (14474)
loading: Firmware/all_flash/all_flash.n45ap.production/batterycharging.img2 (73866)
loading: Firmware/all_flash/all_flash.n45ap.production/batterylow0.img2 (59530)
loading: Firmware/all_flash/all_flash.n45ap.production/batterylow1.img2 (67722)
loading: Firmware/all_flash/all_flash.n45ap.production/DeviceTree.n45ap.img2 (39050)
loading: Firmware/all_flash/all_flash.n45ap.production/iBoot.n45ap.RELEASE.img2 (141450)
loading: Firmware/all_flash/all_flash.n45ap.production/LLB.n45ap.RELEASE.img2 (55434)
loading: Firmware/all_flash/all_flash.n45ap.production/manifest (175)
loading: Firmware/all_flash/all_flash.n45ap.production/needservice.img2 (24714)
loading: Firmware/all_flash/all_flash.n45ap.production/recoverymode.img2 (53386)
loading: Firmware/dfu/iBEC.n45ap.RELEASE.dfu (99466)
loading: Firmware/dfu/iBSS.n45ap.RELEASE.dfu (103562)
loading: Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu (9354)
loading: kernelcache.release.s5l8900xrb (3356266)
loading: Restore.plist (1599)
Cannot open Info.plist: FirmwareBundles/.bundle/Info.plist
Segmentation fault
tim@tim-desktop:~/Desktop/xpwn$ sudo ./ipsw iPod1,1_1.1.4_4A102_Restore.ipsw custom.ipsw \ bundles/Installer.bundle/files
loading: 022-3893-4.dmg (132075520)
loading: 022-3896-4.dmg (18764938)
loading: 022-3900-4.dmg (18764938)
loading: Firmware/all_flash/all_flash.n45ap.production/applelogo.img2 (14474)
loading: Firmware/all_flash/all_flash.n45ap.production/batterycharging.img2 (73866)
loading: Firmware/all_flash/all_flash.n45ap.production/batterylow0.img2 (59530)
loading: Firmware/all_flash/all_flash.n45ap.production/batterylow1.img2 (67722)
loading: Firmware/all_flash/all_flash.n45ap.production/DeviceTree.n45ap.img2 (39050)
loading: Firmware/all_flash/all_flash.n45ap.production/iBoot.n45ap.RELEASE.img2 (141450)
loading: Firmware/all_flash/all_flash.n45ap.production/LLB.n45ap.RELEASE.img2 (55434)
loading: Firmware/all_flash/all_flash.n45ap.production/manifest (175)
loading: Firmware/all_flash/all_flash.n45ap.production/needservice.img2 (24714)
loading: Firmware/all_flash/all_flash.n45ap.production/recoverymode.img2 (53386)
loading: Firmware/dfu/iBEC.n45ap.RELEASE.dfu (99466)
loading: Firmware/dfu/iBSS.n45ap.RELEASE.dfu (103562)
loading: Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu (9354)
loading: kernelcache.release.s5l8900xrb (3356266)
loading: Restore.plist (1599)
Cannot open Info.plist: FirmwareBundles/.bundle/Info.plist
Segmentation fault

Get the same error if i try: ./xpwn iPod1,1_1.1.4_4A102_Restore.ipsw ipod1.1.4_CUstom.ipsw -b bootlogo.png

any idea?

<edit: im using ubuntu, hardy)

I've snipped out everything but the relevant error message. The segfault is me apparently not properly exiting the program if an error like that is detected, oops.

The error is due to my unfortunate assumption that there will be a slash in the path name. Try "./iPod1,1_1.1.4_4A102_Restore.ipsw custom.ipsw" instead for now. It will be fixed.

EDIT: Fixed and updated URL on top post.

Some people have been asking me about beta 4 support. That's not really something that would only go into an individual implementation like this, but a generic thing that all utilities will get at about the same time. Anyway, we're making patches for it, but we've only just begun yesterday really, so hold your horses. Shouldn't be too long, since we're getting annoyed at the lack of pwnage support too.

WOW Thats what i call a fast update thx!

Tested and now it works totally fine!

Operating OS: Linux Ubuntu 8.04 Hardy Heron (latest)
-Ipod Touch 1.1.4 / 16GB (no bsd-root error! so the ramdisk seems to work fine!)

Great Work planetbeeing!

prinz - itouchable.de

I've added Windows binaries now, if anyone's interested in that sort of thing.

Details: http://wikee.iphwn.org/news:xpwn_release

WO, Sweet, now I can Use linux to pwn too, also I have not seen you iun forever Planet Being!! "HI" lol

Very nice job. +rep for you

Woah. Cool man, it looks hot~!

could someone please tell me what went wrong here,
in the terminal it looked like everything was going fine,
i tried to load the original 1.1.4 restore image to my ipod but when it was all finished
there was no change at all to the ipod,

heres the terminal log

john@john-desktop:~/Desktop/xpwn-build$ ./xpwn 'iPod1,1_1.1.4_4A102_Restore.ipsw'
... Connecting
... Loading IPSW
loading: 022-3893-4.dmg (132075520)
loading: 022-3896-4.dmg (18764938)
loading: 022-3900-4.dmg (18764938)
loading: Firmware/all_flash/all_flash.n45ap.production/applelogo.img2 (14474)
loading: Firmware/all_flash/all_flash.n45ap.production/batterycharging.img2 (73866)
loading: Firmware/all_flash/all_flash.n45ap.production/batterylow0.img2 (59530)
loading: Firmware/all_flash/all_flash.n45ap.production/batterylow1.img2 (67722)
loading: Firmware/all_flash/all_flash.n45ap.production/DeviceTree.n45ap.img2 (39050)
loading: Firmware/all_flash/all_flash.n45ap.production/iBoot.n45ap.RELEASE.img2 (141450)
loading: Firmware/all_flash/all_flash.n45ap.production/LLB.n45ap.RELEASE.img2 (55434)
loading: Firmware/all_flash/all_flash.n45ap.production/manifest (175)
loading: Firmware/all_flash/all_flash.n45ap.production/needservice.img2 (24714)
loading: Firmware/all_flash/all_flash.n45ap.production/recoverymode.img2 (53386)
loading: Firmware/dfu/iBEC.n45ap.RELEASE.dfu (99466)
loading: Firmware/dfu/iBSS.n45ap.RELEASE.dfu (103562)
loading: Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu (9354)
loading: kernelcache.release.s5l8900xrb (3356266)
loading: Restore.plist (1599)
... Opening ramdisk
... Reading ramdisk
... Will send kernel at: kernelcache.release.s5l8900xrb
... Sending ramdisk
Response: setenv filesize 0x80000
]
... Sending kernelcache
Response: setenv filesize 0x33366a
]
... Clearing boot arguments
Response: setenv boot-args ""
]
... Setting auto-reboot
Response: setenv auto-boot true
]
... Saving environment
Response: saveenv
]
... Setting up ramdisk
Response: setenv boot-args "-v pmd0=0x09400000.0x80000 pmd1=0x8000000.0x8000000 rd=md0"
]
... Booting
Disconnected. Please wait patiently until it has rebooted to the SpringBoard.
If you get repeating 'bsd root' messages, it means the ramdisk somehow got corrupted in memory before it could be loaded. Just reboot into recovery mode and try again.
john@john-desktop:~/Desktop/xpwn-build$

planetbeing, I love you.