Tutorial: “Unlock” Your iPhone With SuperSim via Hackint0sh

6 08 2007

So far this hack is only reported to work in Europe.  Basically all you need is a blank SIM card and a SIM card reader/writer, oh and the instruction posted at the link below:

Tutorial: “Unlock” your iPhone with SuperSim – Hackint0sh

Sure its old news, but I just thought some peeps would like to know.

NES Emulator on the iPhone

6 08 2007

Hey there iPhone lovers.  Yes, there is finally a NES emulator for the iPhone.

Find the code here: iphonenes – Google Code

And just in case you don’t believe it…

After searching around a bit I found some more links that will probably satisfy you lust for iPhoneNES emulator details:

There are alot of links out there with the Google Code for iphonenes.  Have phun.

My original source: http://popurls.com/

Mac OS X Hacking: InfoSecSellout’s “Rape.osx” Worm and ExploitingiPhone.com “iPhone Exploits”

24 07 2007

If you haven’t read about the latest (as of 7.23.07) Mac exploit/s then you either don’t care or haven’t looked at the intarwebs lately. I’ll give you the short version, with LOTS of links:

Engadget is aflame with comments on their posts, so far THREE, about the alleged “rape.osx” worm that a group of hackers, who call themselves “InfoSecSellOut“, posted some hints about on their blogspot blog as well as a link to a securityfocus.com notice about the “worm”, oh and a hint that they want money for having created the worm. There’s been way too much drama to map out here (death threats much?!?!), but lets just say its gotten out of hand and TMBBITW is totally neutral, we’re strictly grey hat and ALL homegrown Linux. No plans to release the code for the rape.osx worm have been revealed, not even a little bit.
HackZine has a little blurb up about a video that has popped up on www.exploitingiphone.com, which is really a redirect to a slashed Independent Security Evaluators URL. Obviously, ISE has an iPhone exploit on their hands, however they have notified Apple and have some good info up. There’s a truncated white paper out and they plan to reveal their code on August 2nd, at the Black Hat convention in Vegas.

For the Windows folks out there, you haven’t been left out. A win32 version of Safari was released, but hacked in ONE day.

And that’s everything in a nutshell since last wednessday. Now I’ll go on to explain all the information I could gather on all of these, what we like to call, Mac Hacks.

ALL of the malware/exploits/worms/whatever you wanna call them are executed via Safari. That means all three versions (mobile, desktop and Win32).

First is the most interesting, the iPhone exploit. Basically ISE has done a buttload of work, not to mention a bang up job creating this:

If you read the white paper that they have on their site, which is pretty exhaustive, you’ll find out the level of knowledge that this hack took to find and make into a shell script.

Here’s how they started, and what will probably be THE way to find new exploits for the iPhone:

Using jailbreak and iPhoneInterface, the binaries can be extracted from the device and statically analyzed, using a disassembler. Additionally, since the MobileSafari and MobileMail applications are based on the open source WebKit project, a source code audit of that package can be performed. Finally, dynamic analysis, or fuzzing, can be executed against the device. This involves sending malformed data to the device in an effort to cause a fault and make it crash. Such fuzzing can be performed against applications such as MobileSafari or against the WiFi or BlueTooth stack. (you can download the tools mentioned in the above excerpt by clicking on them, as for fuzzers and debuggers just use BACKTRACK and DBG)

NOTE: For a quick tut on how to “activate” an iPhone go HERE: http://www.pqdvd.com/blog/iphone/category/unlock-iPhone/

Get the one click “unlock” kit, via DVD Jon, for yer iPhone HERE: http://therealdonquixote.files-upload.com/393766/iphoneunlocktoolkit.zip.html

Now this is where it gets a bit tricky:

[…] in order to view memory and discover the way the execution flows in the application. However, in this case we were able to utilize the Mac OS X crash reporter. This daemon runs and monitors any programs for crashes. When one is detected it records a log of the crash, including relevant register values. These reports can then be transported to a desktop computer when syncing. The crash reports can also be downloaded directly off the iPhone using jailbreak and iPhoneInterface. While the CrashReporter provides register values and basic memory mapping information, it does not include direct access to the memory. In order to obtain this crucial information, it is possible to modify the iPhone in such a way that the applications will dump core files when they crash. This is accomplished by adding the file /etc/lauchd.conf containing the line “limit core unlimited”
to the iPhone using iPhoneInterface. Core files can be retrieved off the iPhone from the /cores directory, again using iPhoneInterface.

In order to generate valid opcodes for the iPhone, we first installed a Linux x86 to ARM cross compiler. This would compile our ARM assembly to bytecode which we could then extract into shellcode. Besides not having a debugger, developing iPhone shellcode also presented other challenges. Since we didn’t have access to an ARM processor with a debugger, we had absolutely no real way to test the shellcode besides trying it and using the core files obtained.

That’s pretty much where I gave up on trying to go at this on my own. ISE actually has two hacks for the iPhone where one collects data and the other can actually make your phone do whatever they want, dial, ring whatever. That’s all I got, but anyone is welcome to give iPhone hacking a whirl. All the files are linked up there.

Now on to InfoSecSellOut’s “Rape.osx”. To start it is supposed to be a worm which is deployed via Safari. From what securityfocus.com says, it seems to be based on mDNSresponder (yes, click to download). All that I can find out about it is that ISSO (InfoSecSellOut) was able to download a text file using their exploit. However, in reading the white paper for the iPhone hack, I saw that the real problem with Mac OS X (pick one) security is that all applications are run as “root” or with “admin” privilages. So that means that once you are in a Mac OS X machine, you can do whatever you want.

NOTE: Many linux OS’s use mDNSresponder as well, so be on the lookout. However, most people do know not to login as root on their linux machine, right?

I have no code, no apps, nothing on rape.osx other than the code for mDNSresponder. I do have some code for the first Mac virus, the Leap.A virus, as well as some other info I gathered in order to further the purposes of writting worms/viri/malware for Mac OS X.

DOWNLOAD HERE: MAC_osX_Malware_Data_Sourc_codes_papers..zip

The file contains the following:


As for the Win32 version of Safari, what were people thinking?!?!? Porting, what is essentially an open source Mac app to Windows? Yeah, no one is going to hack that. Stick to FireFox with all the JS, Flash, AD, PopUp, bad shit blocking extensions that you can shake a stick at.

And that’s all she wrote for now folks.

Keep on keepin on hackers of all hats. I’ll keep you updated.

*Sources – Noted and linked throughout the article, accepting VX CHAOS FILE SERVER where I get ALL my super sweet viri source codes and all the best viri, malware, trojans, RATs, you name it and AZAG has got it!!

How To: Export Video From Your Set-Top Box To Your Mac via Hackszine.com

5 06 2007

This hack is so simple I am humbled to stupidity in its presence.

Follow the link to see the extremely brief and easy to follow tutorial with download links!!

HERE: How To: Export Video From Your Set-Top Box To Your Mac [via] Hackszine.com

Enjoy, you macheads you!!

Apple Seeds OS 9.3 To Developers?!?

3 05 2007

 So this is some weird news, but hilariously written by the folks over at Crazy Apple Rumors.

Apple Seeds OS 9.3.

In a surprising turn of events, Apple seeded OS 9.3 to developers late this afternoon.According to the release notes, 9.3 resolves several bugs, provides updates for QuickTime, iTunes and Java, and makes OS 9 compatible with the current Intel-based Macintosh architecture.

According to sources at Apple, the company is entirely at a loss to explain where this seed came from.

“I didn’t do it,” said senior vice president of software engineering Bertrand Serlet. “I can’t even get Leopard done in time. I’m swamped. Stupid iPhone and Apple TV. Nobody asked me whether or not we should make those. I mean, I haven’t gone to the bathroom in three weeks. OS 9? Je pense que non.”

Some believe that a long-lost OS 9 developer is somewhere in the building still working away by himself.

BTW – You need a developer account to get the seed.

I’m more interested in the OS X dvd’s that are patched to run on windows.  I have a couple but I haven’t had time to test em out yet.

Happy developing.

New Mac OS X Exploit; High Risk (Downloads)

22 11 2006

Mac OS X Apple UDTO HFS+ Disk Image Denial of Service (1) [via] Month of Kernel Bugs (MoKB)

From what I hear this is the shizzle for killing a Mac:

Mac OS X fails to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors), leading to an exploitable denial of service condition. Although it hasn’t been checked further, memory corruption is present under certain conditions (in this particular case, unlikely to allow arbitrary code execution).

This issue probably exists in FreeBSD as well, although it can’t be trigerred in the same manner. Thus, a future MoKB release will cover related filesystem bugs verified for FreeBSD.

This issue is remotely exploitable as Safari loads DMG files from external sources (ex. visiting an URL). This can be prevented by changing the Preferences and deactivating the functionality for ‘opening “safe” files after downloading’.

The following DMG image can be used to reproduce the bug: MOKB-21-11-2006.dmg.bz2

bunzip2 MOKB-21-11-2006.dmg.bz2 && hdiutil attach MOKB-21-11-2006.dmg

For Safari users feeling lucky, at: MOKB-21-11-2006.dmg

Nice one there MoKB!!

BTW – Anyone interested in haxxxoring the Mac OS should probably get this app for their Mac: Apple Xcode


Free OS X Portable Applications (Downloads)

16 10 2006

OS X Portable Applications — FreeSMUG

For all you macheads out there:

Portable Firefox OS X
The award-winning Web browser just got better. It’s free, and easy to use. Join the millions of people worldwide enjoying a better Web experience.

 Portable Thunderbird OS X
An e-mail and newsgroup client with powerful, new junk mail controls.

 Portable Adium
Multiple protocol instant messaging client.

Portable AbiWord OS X
Word processing program similar to Microsoft® Word.

Portable Nvu OS X
A complete Web Authoring System. HTML wysiwyg editor.

Portable Sunbird OS X
Cross platform standalone calendar and task manager.

Portable Cyberduck
FTP and SFTP Browser.

Portable Check Off
To-Do Manager.

Portable Gimp.app
A binary distribution of the GNU Image Manipulation Program for Mac OS X.

Portable Newspeak
Cocoa IRC client for Mac OS X.

Portable Inkscape OS X
Scalable Vector Graphics editor.

Portable VLC OS X
Video stream and multimedia player.

Portable Audacity OS X
Audio editor.

Portable OpenOffice.org OS X
Complete Office suite.

Portable RSSOwl
RSS, RDF, Atom newsreader.

Portable Feed
Ligth RSS & Atom newsreader.

Portable X-Chat Aqua
IRC client.

Portable Camino
Web browser optimized for Mac OS X with a Cocoa user interface, and powerful Gecko layout engine.