iPod touch 1.1 (3A101a) firmware file released...

http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPod/SBML/osx/bundles/061-3882.20070910.N8uyT/iPod1,1_1.1_3A101a_Restore.ipsw

Thanks, very nice!

Somebody tried to decompress the DMG files? Maybe we can get the foreign keyboard layouts out of it and install it to the iPhone?

Yes!! Please give us access to the keyboards! :)

Keyboards!!!!!!!!

Great - and german Autocorrection?

Would be nice 2 have :-)

how would i decode the dmg files? i´m on windows by the way :(
anybody know?
i would really like to take a look

i tried the old method how the dev decrypt the iPhone firmware, but didn't get luck. maybe we need to wait, since everyone are crazy about the sw unlock right now...

i second this request ;)

give us !

btw, 3A101a is not the first known version. there is 3A100a before this version, just like there is a secret private version 1C27 between 1.0.1(1C25) and 1.0.2(1C28) for iPhone.

We really need to decrypt this!

bump.......

Anybody knows in which DMG file the language file are? Can we bruteforce to find out the passwords?

Thanks.

I tried the iPhone method, but it didn't work. The key was probably wrong. Anybody knows how to find the new key?

Has anyone made any progress here?

From what I've seen they encrypted everything this time, including the ramdisk, so it's probably going to be harder :)

Well if they were smart and the key is pre-installed onboard, keep trying without a device won't do much :)

We got to keep trying.

I need the language files *buhuuu*

Me too! It would be one of the most needed fixes next to the total unlock of my iPhone!!

Hope someone can crack the iPod Touch and get those foreign dictionary files and keyboard settings!

Bowser

Just wait , the iphone will be out in Europe soon enough.

how to decrypt dmg file?

that is a very good question chinaet.

Still no decrypted .dmg?
thats almost unbelievable ... was Apple doin' well this time with the passwords?

Still no decrypted .dmg?
thats almost unbelievable ... was Apple doin' well this time with the passwords?

The pass key is not going to be brute forced.

The pass key on 1.0.0 was 28c909fc6d322fa18940f03279d70880e59a4507998347c70d 5b8ca7ef090ecccc15e82d

On 1.0.1 and 1.0.2 it was 7d5962d0b582ec2557c2cade50de90f4353a1c1de07b742125 13fef9cc71fb890574bfe5

Those are too long to be brute forced in any reasonable time. The keys above were found because they were exposed as simple strings in the "asr" recovery-mode executables.

The pass key is not going to be brute forced.

The pass key on 1.0.0 was 28c909fc6d322fa18940f03279d70880e59a4507998347c70d 5b8ca7ef090ecccc15e82d

On 1.0.1 and 1.0.2 it was 7d5962d0b582ec2557c2cade50de90f4353a1c1de07b742125 13fef9cc71fb890574bfe5

Those are too long to be brute forced in any reasonable time. The keys above were found because they were exposed as simple strings in the "asr" recovery-mode executables.

So Apple fixed that Hole for the iPod touch ... dammit

and no such string in itouch asr

i dont know this can be of any help but i could offer computing power. i could spare 7 of my 8 xeon 3Ghz cores ;)
seriously, if computing power is needed, i could help out.

thanks for this! there is a newer one out there, can't seem to find it wih phobos.apple etc...let the decryption begin!! :D

thanks for this! there is a newer one out there, can't seem to find it wih phobos.apple etc...let the decryption begin!! :D

the question os how to proceed? Bruteforce? Even so, this would take a considerable amount of time. What other possibilities are there?

i would really like to know what i can do to help.

I'll see what I can do.

My 8GB touch purchased at the local Apple store last Friday is running 1.1 (3A100a), according to the Settings/General/About/Version information.
Its serial begins with 1A737 (week 37 batch) and the model number is MA623LL.

If there is anything special about my version that would be useful to hacking community, let me know. I'd be willing to part with it for what I paid for it (plus shipping) and go buy another one.

Someone should start a project like SETI at home for bruteforcing stuff like this, imagine if we had 2000 or so decent PC's working on this? It would be done today :D

Someone should start a project like SETI at home for bruteforcing stuff like this, imagine if we had 2000 or so decent PC's working on this? It would be done today :D

there is, it's called "BOINC" even seti runs on it already as far as i know. but who'd be able to write a decent program for decrypt the file? i myself have no idea of cryptology or hacking password enabled files.
i think we need knowledge right now. if there's something to be computed, that's the next step and we need a reasonable softwaresolution for doing the job.

Some simple math reveals that a 72 character hex password would take a while...

Let's assume those 3GHz Xeon cores can generate a guess every cycle (impossibly fast).

Let's say every computer in the world has 7 free 3GHz Xeon cores to dedicate to this project (about 7 billion processors).

Let's say we get luck and we discover an answer after trying 1/2 the guesses.

Let's say there is no overhead to making these cores work together.

We'd be done in about 7.5 x 10^59 years.

Of course, if we converted all the atoms in the universe into 3GHz Xeon processors, and borrowed some wire and power from another universe, we'd be done in about 19 hours.

I knew it would be some rediculous amount of time but I didn't think it would be that long. unfortunately my calculations confirm that within a factor of 10, which in this case is negligable. in fact the earth will be consumed by the sun well before the brute force method would yield a result. heres to hoping martyn can get the key from the flash.

Some simple math reveals that a 72 character hex password would take a while...

Let's assume those 3GHz Xeon cores can generate a guess every cycle (impossibly fast).

Let's say every computer in the world has 7 free 3GHz Xeon cores to dedicate to this project (about 7 billion processors).

Let's say we get luck and we discover an answer after trying 1/2 the guesses.

Let's say there is no overhead to making these cores work together.

We'd be done in about 7.5 x 10^59 years.

Of course, if we converted all the atoms in the universe into 3GHz Xeon processors, and borrowed some wire and power from another universe, we'd be done in about 19 hours.

Well just have to use Blue Gene won't we.

Anyway i'll ignore your post and ask anyone if they want to start an xgrid :).

Has anyone put iTunes in a debugger as it updated their itouch? surely that key has be stored in memory while the image is decrypted, before it's passed to the itouch.

There is an easier way to decrypt the dmg than bruteforce.

ollydbg, immunity debugger, IDA (windows)
GDB, DDD, (OS X)

A Book Link: Introduction to Reverse Engineering Software (http://www.acm.uiuc.edu/sigmil/RevEng/)

lets go!
-falken

i played with this ipod,
it has all languaches all dictionarys inthere
would be very nice to use it on the iphone...
:)

I'm pretty sure that those languages are added in iPhone firmware 1.11. Unfortunately it's still encrypted. When we're able to decrypt the firmware we'll be able to use firmware 1.11 anyways so it won't matter.

Also if you think that your information would be useful Falken, add it to the wiki. You can reach it at TouchDev.net (http://www.touchdev.net).

I'm pretty sure that those languages are added in iPhone firmware 1.11. Unfortunately it's still encrypted. When we're able to decrypt the firmware we'll be able to use firmware 1.11 anyways so it won't matter.

Also if you think that your information would be useful Falken, add it to the wiki. You can reach it at TouchDev.net (http://www.touchdev.net).

no i played with the iphone runing 1.1.1
no languaches on it, no dictionary
at least on the legal activated iphone with att

:(

Apologies. Not sure where I thought I read that... You'd think with the iPhone coming out in Europe they'd have support for other languages by now...

Ninjafish: thanks, when I have something I'll toss it up there.

Other ideas:

Usb sniffer, log all the data going to the ipod as it is updated. Try and determine if the dmg decryption happens in itunes or on the ipod itself.

http://sourceforge.net/projects/usbsnoop/
http://www.pcausa.com/Utilities/UsbSnoop/default.htm