2G ipod touch unhackable?

Unfortunately, it looks like the current form of Pwnage won’t work with the new iPod touch (n72ap).
The device has a new GID key (I assume this is because it uses a different processor; the S5L8720x, rather than the S5L8900 used in the first iPod touch, iPhone and iPhone 3G), which means that none of the system images can be decrypted.
Each image contains a KBAG tag which is 0x20 long (64 bytes) that is decrypted by the hardware AES engine, then the resulting keys are used to decrypt the image itself.
Since the GID key differs from every other device, you can only decrypt KBAG tag data using n72ap itself.
Of course, this leads you to a dead end, since you use either the kernel or iBoot to gain access to the hardware AES engine (which usually cannot be accessed).
A new exploit will have to be found to allow access to the hardware AES engine first, so that the KBAG data can then be decrypted, which will then allow for images to be decrypted and modified.

So, we have to wait for a new low-level exploit or settle for something less than Pwnage (probably not possible, since 2.x is locked down).
Unfortunately, I don’t think this will happen very quickly, since the Dev Team is actually the iPhone Dev Team, and they don’t seem to prioritize the iPod touch.
Here’s to hoping though!

Props to Chronic and WEsTbAeR– for making the processor and model information available so quickly.
I assume that one of the two, or both, also discovered that there is a new GID key.

{via IpodTouchFans}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: