lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 02 Jul 2007 00:07:54 +0200
From: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: iPhone Security Settings

The file is a zip file.

It's interesting to note the encrypted DMG image "694-5262-39.dmg" of
82MB . It ask for a password.


Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's
not encrypted (strings 694-5259-38.dmg | less) .

Some selected information to have an idea of what's inside:

DWD_USIF_BOOTLOADER_FILENAME/Secure_USIF_Bootloader.3.9.fls
MN_SMS_CB_MESSAGE_ID_LIMIT_IND
sio#wake-ind
SI_PHONE_NUMBER_READ_IND
../../ms-gprs-l1-src/text/l1d_rshd.c
../../ms-ds-src/at/atc/common/text/atc_sdl_mn.c
SIMULATED RESET due to AT+CFUN=16. This is NOT a crash!
../../ms-bt-src/src/bt-ctrl/io_bt.c
../../ms-gprs-l2-src/ma/mac/text/decoders/mac_decoders.c
../../ms-gprs-l2-src/rl/rlc/text/rlc_op2.c
../../ms-l3-src/rr/grr/text/grr_op2.c
       1 ==> output of EQUALIZER RAW DATA acc. to <rx_channel / 0 FOR
SPEECH CALLS> using a
Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz
value],[int: 1 - 100]
GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s,
GPRS Ciphering Algorithm: GEA/%d
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/IfxSource/DLL_source/OS_dependent_code/timer_if/../../../../IFWD_timer.c
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp
/System/Library/PrivateFrameworks/Bom.framework/Bom
/SourceCache/Bom/Bom-122.0.0.3/Common/BOMSystemCmds.c
/dev/tty.baseband
/private/tmp/.SafeBoot
/bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst
-sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature
Boot-loader is active
Skip secure loader
Injecting EBL-Loader (PSI).
DWD_RAM_BOOTLOADER_FILENAME/Default_RAM_Bootloader.7.0.fls
GsmRadioModule::fEnableMobileAnalyzer
Signature cannot be authenticated
single user shell terminated.
Singleuser boot -- fsck not done
sq->capacity >= (((((4096 + 7) / 8) + (sizeof(giantDigit)) - 1) /
(sizeof(giantDigit))) + 1)
/System/Library/Lockdown/SBOOT_S5L8900.pem
/System/Library/Lockdown/SBOOT_S5L8900_DEV.pem

There are a couple of user with their password:

root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh

Does someone have some time to arrange a quick john session (should be
quick)?

In Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img2
there is the string:
Apple Secure Boot Certification Authority1


* The password of the encrypted DMG?
* The user root and mobile with preconfigured passwords?
* The "GsmRadioModule::fEnableMobileAnalyzer" ?
* The
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp that
maybe use at command to update the firmware of the GSM transceiver?
* What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom
* The security of the boot system plenty of digital signatures to
prevent firmware hacking?


-naif

Kevin Finisterre (lists) wrote:
> While you are at it...
>
> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ 
> 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
>
> -KF
>
> On Jun 29, 2007, at 8:10 PM, John Smith wrote:
>
>   
>> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html
>>
>> John
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>     
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ