Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What is required for the port on Nano 7(not refresh) #3

Open
platinumstufff opened this issue Aug 31, 2024 · 12 comments
Open

What is required for the port on Nano 7(not refresh) #3

platinumstufff opened this issue Aug 31, 2024 · 12 comments

Comments

@platinumstufff
Copy link

No description provided.

@CUB3D
Copy link
Owner

CUB3D commented Sep 15, 2024

There aren't a lot of differences between the og n7g and the refresh, the only real difference is the different firmware versions. The only reason I didn't add it is I don't have an og to test on and you would need both (To use the decryption payload with a n7g refresh to decrypt the og's firmware). I could try adding it without testing if someone else could test it.

All that would be needed is:

  • Add the download links and model to the cli
  • Decrypt the firmware
  • Unpack and RE the firmware to find the offset of the SCSI handlers and create an exploit config for it

@platinumstufff
Copy link
Author

Thank you for your answer. If you port it to og nano 7 I can test it. I really want to decrypt firmware.

@platinumstufff
Copy link
Author

Also is it possible to make a tool just to replace rsrs partition and do a disk swap trick?

@CUB3D
Copy link
Owner

CUB3D commented Sep 27, 2024

I've pushed up experimental support for the nano7 2012 here: https://github.com/CUB3D/ipod_sun/tree/nano7_2012
I can confirm that the final 1.0.4 firmware from the old nano can be decrypted by a new one and it looks almost identical so I'm relatively confident this should work.

I'm probably not going to add support for pure rsrc swapping myself, the un/packing code is brittle from what I remember and would probably need a bit of work to make usable (plus I'm more interested in fully replacing the ipod software than patching it). But if someone adds support for it I've got no problem with merging it.

@platinumstufff
Copy link
Author

Thank you. I will test it soon

@platinumstufff
Copy link
Author

platinumstufff commented Sep 27, 2024

std::fs::write(&format!("./tmp-{:?}.bin", name.iter().rev().map(|s| *s as char).collect::<String>()), section_data).unwrap();
what this line do? it fails on windows. Previos versions of ipod sun works perfectly.

@platinumstufff
Copy link
Author

platinumstufff commented Sep 27, 2024

Then i comented it and it seems to replace the font

@CUB3D
Copy link
Owner

CUB3D commented Sep 29, 2024

std::fs::write(&format!("./tmp-{:?}.bin", name.iter().rev().map(|s| *s as char).collect::<String>()), section_data).unwrap(); what this line do? it fails on windows. Previos versions of ipod sun works perfectly.

Oops, that's not supposed to be there, I've pushed up a commit to remove it.

Then i comented it and it seems to replace the font

Did you try installing it? If it boots fine then the firmware patching works, maybe try the bootrom dumping steps to prove the actual exploit worked as well

@platinumstufff
Copy link
Author

platinumstufff commented Sep 29, 2024

Did you try installing it?

Yes, I installed it and found a changed font. I not sure that ipod_sun scripts gonna work on Windows.

@platinumstufff
Copy link
Author

thread 'main' panicked at src/main.rs:47:48: called Result::unwrap()on anErrvalue: Os { code: 2, kind: NotFound, message: "No such file or directory" } stack backtrace: 0: rust_begin_unwind at /build/rustc-ntAYxy/rustc-1.75.0+dfsg0ubuntu1/library/std/src/panicking.rs:645:5 1: core::panicking::panic_fmt at /build/rustc-ntAYxy/rustc-1.75.0+dfsg0ubuntu1/library/core/src/panicking.rs:72:14 2: core::result::unwrap_failed at /build/rustc-ntAYxy/rustc-1.75.0+dfsg0ubuntu1/library/core/src/result.rs:1653:5 3: scsi_dumper::main note: Some details are omitted, run withRUST_BACKTRACE=full for a verbose backtrace. 00:00:00 1 / 128 [## ] 1% ETA 00:00:07
it doesnt work. also is /dev/sdc is ipod drive in sudo sg_raw -o /dev/null -r 512 -vvv /dev/sdc c6 96 04 00 00 00 00 ?

@platinumstufff
Copy link
Author

I had some issues with GitHub and my issue disappeared.

@platinumstufff
Copy link
Author

?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants