| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Jul 2007 11:03:35 -0400 From: "mOses[at]networksamurai" <trklisted@...worksamurai.org> To: matthew wollenweber <mwollenweber@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, dailydave <dailydave@...ts.immunitysec.com> Subject: Re: [Dailydave] iPhone Roadblock From what I understand of the phone it is running a native version of OS X. Which may mean to say its running the underlying BSD kernel of 'Darwin' with a modified Aqua (which is their impementation of XWindows) on top. As with any type of blackbox testing you must go with the 'knowns' to find the 'unknowns' (yai!!). Learn what the points of ingress are from the device it self, i.e. is safari still vulnerable and maybe can be used as a gateway into the directory structure? Or can you write code to use safari in that manner? If not then you must take a closer look inside the phone. One thing is certain, at some point a developer needed a way into the phone to do proper debugging, maybe not a JTAG interface on this device but some type of 'shell'. I have seen certain sites where people have taken apart the device and have started to peer into it. I do know that their no SDK for the device but it does have a fully functional Safari browser which will allow for AJAX.... so quick start coding ;0 m matthew wollenweber wrote: > I'm one of the lucky (or possibly crazy) people that managed to get an > iPhone yesterday. If you're curious, I'm very happy with it so far. > I'm not an Apple nut that buys all things Apple, but after years of > "smartphones" that never seemed quite right, the iPhone really seems > to have hit the mark. My biggest worry was that it used Edge rather > than 3G. While at some points this is noticeable, the caching and > windowing mechanisms really make up for the difference. On the whole > it's the best smartphone experience I've had. But you can read all the > reviews in a more appropriate forum... > > I'm really interested in hacking up my iPhone. Anything with a *nix OS > underneath is just too tempting to leave alone. Unfortunately Apple > threw a curve ball that's outside my skill set. The iPhone doesn't > mount as a harddrive. I couldn't find any options in iTunes and in > linux I only got: > > Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device > using ehci_hcd and address 15 > Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone > Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. > Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 > Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen > from 3 choices > > USB device drivers aren't my thing. Anyone have any suggestions on how > to get the thing mounted or to go about figuring out how to do so? > > Thanks for any help. > > -- > Matthew Wollenweber > mwollenweber@...il.com <mailto:mwollenweber@...il.com> | > mjw@...erwart.com <mailto:mjw@...erwart.com> > www.cyberwart.com <http://www.cyberwart.com> > ------------------------------------------------------------------------ > > _______________________________________________ > Dailydave mailing list > Dailydave@...ts.immunitysec.com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists