Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
q3k :blobcatcoffee: (q3k@social.hackerspace.pl)'s status on Tuesday, 07-Jan-2025 01:14:01 JST q3k :blobcatcoffee:

More iPod Nano 7G discoveries!
gsch discovered that if you boot diags from WTF (instead of from bootloader), you actually get a serial console... with full memory read/write.
Turns out this works because WTF ships with an EFI UART/Serial driver, but the bootloader doesn't. So if you run diags from WTF, you get that very nice serial console. And since both WTF and the bootloader are signed, you can just send them over DFU.
Who need exploits when you have built-in functionality? :)
In conversation about 6 months ago from social.hackerspace.pl permalink
Attachments
1. Terminal: :-) md 20000000 20 20000000: 00 F0 21 E1 00 F0 21 E1 00 F0 21 E1 00 F0 21 E1 |..!...!...!...!.| 20000010: 00 F0 21 E1 00 F0 21 E1 00 F0 21 E1 00 F0 21 E1 |..!...!...!...!.| :-) memrw w 3c500048 0 Old value of address 0x3C500048 = 0x001BA585 New value of address 0x3C500048 = 0x00000000 :-) md 20000000 20 20000000: 28 00 00 EA 84 F0 9F E5 84 F0 9F E5 84 F0 9F E5 |(...............| 20000010: 84 F0 9F E5 00 F0 20 E3 80 F0 9F E5 80 F0 9F E5 |...... .........| :-)
  https://object.ceph-waw3.hswaw.net/mastodon-prod/media_attachments/files/113/778/962/058/641/697/original/1148cedb55ad86c9.png
- feld likes this.

Feeds