Last week, Sherif Hashim, an iPhone hacker and developer, found an exploit for the latest baseband. He sent it to the iPhone Dev-Team and they confirmed it’s working, but no ETA was given, or even if they will release a tool to unlock this baseband, because they don’t want to waste the important exploit for a minor update firmware. They might be waiting for a more major firmware update such as 3.2 or 4.0 or maybe even for the next gen iPhone 4G.
But, what if both geohot and the dev team have the same exploit, if one releases it now, and it was the same, it will be useless in the future for any other firmwares. But if it’s different it could do a lot. That’s why both parties are communicating to see if it’s the same exploit so they don’t waste it on this minor update firmware.
Here is the excerpt posted by @visnet’s twitter that is going around from the IRC Channel.
All we can do is wait, and see if things work out, but I am pretty sure the hackers know what they are doing.What does geohot tweet mean?
<%geohot> its my bb exploit for safekeeping
<%Par4doX> geohot: did you turn that over to the dev team or are you doing something with it?
<%geohot> my days of turning things over are done
<%geohot> i hope its different from the one they have
<%geohot> but they prob already have it
<%geohot> its the one i orig wanted to release blacksn0w with
<%Par4doX> it’s still there in the new bb
<%geohot> yep, just checked
<%geohot> but then opted to use xemn since it was public
Oo, it carries over from 05.11 to 05.12?
<%geohot> why wouldn’t it, apple doesn’t fix things proactivly
<@MuscleNerd> geohot we prob should figure out a way to know if we have same exploit double blind, otherwise we may release 2 different ones at same time
<%geohot> any suggestions?
<@MuscleNerd> not sure how to do that without making it easy to brute force tho
<%geohot> yea, i salted the hash
<@MuscleNerd> yeah
<@MuscleNerd> hmm maybe if we both hash the stack dump
<@Confucious> Can you two take this out of public sight?
<@MuscleNerd> the stack itself, not the header before it or the registers after it
muscle: any notice about the exploits are the same ?
<%geohot> we are working on it
<%geohot> cryptography, perfect for people who don’t trust each other
No comments:
Post a Comment