Message-Id: <200710221256.50043.fdlist@digitaloffense.net>
Date: Mon, 22 Oct 2007 12:56:49 -0500
From: H D Moore <fdlist@...italoffense.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Cracking the iPhone (5 article series)

The last part of my iPhone-related blog entries was posted last night. The 
first article discusses the architecture and provides some useful 
shellcode for already-modified phones. 
 
http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html

The second article discusses the libtiff exploit and includes a link to a 
modified version of the weasel debugger. 

http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html

The third article steps through the entire libtiff exploit development 
process, using an updated version of the debugger. 

http://blog.metasploit.com/2007/10/cracking-iphone-part-2.html

The fourth article describes a different approach to exploiting the 
libtiff vulnerability that is much more reliable across a wider range of 
applications. 

http://blog.metasploit.com/2007/10/cracking-iphone-part-21.html

The fifth and final article walks through the process of developing a 
payload capable of writing arbitratry executables to disk and executing 
them. The final article closes with a stand-alone shell that can be used 
to gain remote, interactive access to unmodified iPhones, and 
demonstrates how to use this shell to apply the third-party libtiff 
patch.

http://blog.metasploit.com/2007/10/cracking-iphone-part-3.html

-HD

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists