Posted by blogs@bobvila.com (Dave) on under offensive odors, offensive odor, dutch boy, hammer, amp, adults, pers | 
You are somewhat insensitive toward the offensive odors in your own home but attuned to picking up the offensive smells in others. According to a recent study by Dutch Boy and Harris Interactive, 96 percent of adults have noticed an offensive odor in another person's home, but only 36 percent have noticed a similar smell in their own home. Of course, Dutch Boy has got an angle on all this research. Its new Refresh paint is formulated with Arm & Hammer odor-eliminating technology. Not ...
Tagi: offensive odors, offensive odor, dutch boy, hammer, amp, adults, pers
Posted by blogs@bobvila.com (Dave) on under offensive odors, offensive odor, dutch boy, hammer, amp, adults, pers |
You are somewhat insensitive toward the offensive odors in your own home but attuned to picking up the offensive smells in others. According to a recent study by Dutch Boy and Harris Interactive, 96 percent of adults have noticed an offensive odor in another person's home, but only 36 percent have noticed a similar smell in their own home. Of course, Dutch Boy has got an angle on all this research. Its new Refresh paint is formulated with Arm & Hammer odor-eliminating technology. Not ...
Tagi: offensive odors, offensive odor, dutch boy, hammer, amp, adults, pers
Posted by George Hotz on under bootloader, nck, wrg, ipsf, brute force, chunk, firmware, algorithm, vector, hack, boots, pers, spy |
I don't see it happening anytime soon.
The old exploits aren't there anymore. The hope would be finding an exploit in the new baseband code itself to run a large chunk of code. But I think the bootloader is pretty well locked down.
First of all, downgrading the bootloader from software is out of the question. The bootrom exploit runs before the current bootloader, so it can access the bootloader. But when the bootloader boots, it locks down its sections of flash. So after the bootloader runs, the bootloader can't be touched.
Secondly, the only secpack that validates on 4.6 is >= 1.1.3 They made a change to the format of the secpack so the older ones don't validate. So if we looked for an exploit in the baseband itself, it would have to be on post 1.1.2
Firmware is written as it is uploaded, and this is what IPSF and AnySim take advantage of. The old bootloader just relied on waiting for the sig to verify before writing the first 0x400 bytes, which contain the start vector. The new bootloader also needs the "secpack" in 0x3c0000 to not verify. So we would have to find an exploit which can write the first 0x400 and erase 0x3c0000.
The IPSF unlock itself uses an RSA hack in bootloader 3.9 This has been thoroughly patched in 4.6
Also even if we found a way to brute force the NCK's in reasonable time, we can't get the information to do the brute force off 4.6 The only hope here is to find the Apple algorithm used to generate the NCK. I don't think this is possible, unless we have a spy in Apple :)
I hope I am wrong, and some clever person will come along with a software unlock.
Tagi: bootloader, nck, wrg, ipsf, brute force, chunk, firmware, algorithm, vector, hack, boots, pers, spy
Posted by George Hotz on under versis, dfu, binary file, filesystems, phe, iboot, file formats, mascot, 3g, peoe, pers |
I still can't believe how many people believed yiPhone. It's amazing how a couple lines of javascript(the counter) can piss so many people off. I was just trying to push dev to work a little harder ;-)
I have never done the jailbreaks for any previous versions of the phone, what makes you think this one would be different? I also like to think I have more honor than using someone elses exploit before they do. And really, who was the mascot in the picture? Yorro? Once he exists, maybe yiPhone will exist.
Also, heres why a certain person claimed the DFU was the key. You could, without any exploits, upload the 114 iBoot(even to the 3g), the 114 kernelcache(ok, this crashes on the 3g), and a hacked ramdisk. But the filesystems don't mount. And even if they did, you'd need a way around sig checking.
Here is a little program(with source of course) to run whatever you want at the DFU level; an implementation of the dev pwnage 2.0 exploit. Pass it a binary file, it will start executing at the start of the file(no file formats to deal with). I'll leave it to dev to explain the exploit used.
Tagi: versis, dfu, binary file, filesystems, phe, iboot, file formats, mascot, 3g, peoe, pers
Posted by on under mac os x, check th, warning danger, temp directory, phe, downside, itunes, ibec, tmp, ace, os x, beta, modes, pers |
Remember we warned you to stay away from any updates to 3.1 if you want to be able to jailbreak or unlock your 3GS.
Well this is an additional message to all you 3GS owners that would like to jailbreak your device sometime soon, but this advice comes with a warning! A warning that if you accidentally upgrade to 3.1, you will not be able to use Ultransn0w, so please re-read and double check this warning at the bottom of this post before proceeding.
You may have read or heard about techniques to capture files during the iTunes restore process. These will be required to jailbreak your phone in the near future, most of the methods involve icky USB snoops. Well, there is an even better and more reliable method to get your hands on those lovely files.
During the restore process iTunes nicely keeps these oh-so-top-secret-files in a lovely accessible place for us to copy out and backup, that place? /tmp on Mac OS X or %TEMP% on Windows. Thanks Apple — handy!
The downside to this approach is that you actually need to go through the restore process to get these signed files, which has risks if you are anywhere near 3.1 or 3.1 beta :-)
If you are ready to proceed and you know the risks we’ll get down to the nitty-gritty -
So during a usual recovery with iTunes, your signed iBEC is written to /tmp and during a DFU mode restore the signed iBSS is written there also. To be sure, restore in both modes one after another to be able to grab them both. You’ll need to keep an eye on the temp directory and copy it before it is deleted again by iTunes. I’m sure some nice folks will create a tutorial about this, we’ll link to the first person who makes a good one.
Should you choose to accept this mission, act fast, this needs to be done quickly! But again, always, always double check here to see if 3.1 has been released, if is has, then don’t do this.
WARNING!! - DANGER, WILL ROBINSON! - NB! - REMEMBER!
IF YOU CARE ABOUT ULTRASN0W, BE VERY CAREFUL WITH THIS METHOD! Do not attempt this if you have downloaded the 3.1 beta. You do NOT WANT TO accidentally restore your device to 3.1 beta — you’ll lose ultrasn0w if you do! BE WARNED :-)
Update: iClarified has come up with a good picture-filled guide for doing this on a Mac and also one for Windows. Good luck!
Tagi: mac os x, check th, warning danger, temp directory, phe, downside, itunes, ibec, tmp, ace, os x, beta, modes, pers
