[Full-disclosure] iPhone Security Settings
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Sun Jul 1 23:07:54 BST 2007
The file is a zip file.
It's interesting to note the encrypted DMG image "694-5262-39.dmg" of
82MB . It ask for a password.
Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's
not encrypted (strings 694-5259-38.dmg | less) .
Some selected information to have an idea of what's inside:
SIMULATED RESET due to AT+CFUN=16. This is NOT a crash!
1 ==> output of EQUALIZER RAW DATA acc. to <rx_channel / 0 FOR
SPEECH CALLS> using a
Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz
value],[int: 1 - 100]
GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s,
GPRS Ciphering Algorithm: GEA/%d
/bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst
-sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature
Boot-loader is active
Skip secure loader
Injecting EBL-Loader (PSI).
Signature cannot be authenticated
single user shell terminated.
Singleuser boot -- fsck not done
sq->capacity >= (((((4096 + 7) / 8) + (sizeof(giantDigit)) - 1) /
(sizeof(giantDigit))) + 1)
There are a couple of user with their password:
Does someone have some time to arrange a quick john session (should be
there is the string:
Apple Secure Boot Certification Authority1
* The password of the encrypted DMG?
* The user root and mobile with preconfigured passwords?
* The "GsmRadioModule::fEnableMobileAnalyzer" ?
maybe use at command to update the firmware of the GSM transceiver?
* What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom
* The security of the boot system plenty of digital signatures to
prevent firmware hacking?
Kevin Finisterre (lists) wrote:
> While you are at it...
> On Jun 29, 2007, at 8:10 PM, John Smith wrote:
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.