Re: On the iPhone PDF and kernel exploit

[Sabahattin Gucukoglu <mail () sabahattin-gucukoglu com>]

On 5 Aug 2010, at 10:13, Ryan Sears wrote:
Well I'm no expert but I'm going to see if I can reverse engineer the PDFs used for jailbreaking (obviously I'd need an 
ARM assembly book or someone who knows it :-P) and figure out exactly what they're doing. I agree with was said 
earlier, I'm not saying they're doing something malicious, but if I wanted to backdoor thousands of phones this is how 
I'D do it. 

It didn't work for me.  I use VoiceOver, which didn't like the (fake) slider implemented in javascript, so I had to 
spoof the UA on a Mac, grab the source, inspect it, grab the PDF, email it to myself ... it didn't work. :-(  iPhone 
3GS = 2,1, yes?

> Either way anyone interested in doing the same I've discovered that the webserver (lighthttpd 1.4.19) drops the index 
> if you GET a null byte. 
>
> http://www.jailbreakme.com/%00

Nice, did you just try it in case it might work, or does this constitute a vuln that wants fixing in current lighttpd?  
It's just that indexing happens to be enabled on http://jailbreakme.com/_/ too.
> Also if anyone knows how to get in contact with any of the admins for the site (or anyone who runs it for that 
> matter) please either let me know or let them know.

Ditto, thanks.

Cheers,
Sabahattin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/