gsch

@nyan_satan @gre3nSnow (: I know hahaha

@gre3nSnow cc. @__gsch man your stuff doesn't work

SundanceInH2A rev3 adds patch parameterization, iOS 6.1.x support (6.1.3 & 6.1.6 as of now) and fixes lock screen overlay in wallpaper settings github.com/NyanSatan/Sund…

Click-click! A very basic GPIO support for iPod nano 7th generation running Linux 6.14

Oh, one more thing… our new website is live! 🌐 ps.tc Still lots in the works - from our research blog to other initiatives - but here’s a nice sneak peek for now 👀

@b_nnett @Xernium It was but unfortunately there's no recording. Whenever I get to documenting all this stuff I'll post an update here :)

@__gsch @Xernium was this for a conference? I love putting talks on in the background while I work. thank you – looking forward to reading through it :)

And the penguin has finally emerged from the black void🐧

@b_nnett @Xernium Not really a blogspot but there's a better explanation in this slides :) github.com/NyanSatan/Slid…

@__gsch @Xernium any update? :)

Another newcomer is sponsoring us this year: @prdgmshift! @prdgmshift is an independent European EU leader in cybersecurity research. With a team of world-class researchers, we uncover critical zero-days and deliver state-of-the-art research to keep our partners one step ahead.

Here are the slides from my & @__gsch's & q3k's 0x41con 2025 talk - "1,000 bugs in your pocket" It's about non-iOS iPod hacking github.com/NyanSatan/Slid…

Amazing as always! Thanks to the organizers and attendees! I had honor to present my & @__gsch’s & q3k’s talk titled “1,000 bugs in your pocket” We’ll likely publish the slides soon

@re_jevi S5Late github.com/m-gsch/S5Late Also implemented in wInd3x github.com/freemyipod/wIn…

@__gsch Makes me want to go back to iOS exploitation, what vuln are you using?

Still WIP but to answer some people's question: yes, it can :)

@b_nnett Not for now. The bootrom exploit (S5Late) is tethered, and there's no driver for its NAND yet. I'm running from an NFS. In the future when proper driver support is in place it could be made untethered by using the ipod_sun exploit. Cool to hear it's gaining some interest :)

@Xernium Maybe next month but no promises :)

@__gsch Can't wait for that blogpost or write-up

Getting some earlyprintk going for the iPod Nano7 after I managed to get USB working on U-Boot. Also figured enough of the LCD controller to draw on the screen. This is all thanks to previous work by q3k :)

Turns out you could access DiagShell in iPod Nano7 without any exploit by just sending the diag image after WTF. And memrw works so you can read/write anywhere 🙃

After working together with q3k, wInd3x now supports iPod Nano 7G by using S5Late. That makes decrypting and running custom binaries very straightforward. github.com/freemyipod/wIn…

iPod shuffle 4 (S5L8443) is now also O B L I T E R A T E D by virtue of @__gsch's S5Late bug (Yes, the ROM is so similar to S5L8723, that they didn't even bother changing serial number string)

Here is my preliminary iPod nano 6 (S5L8723) port of the new bootrom exploit by @__gsch - S5Late As usual, be careful with this and etc. github.com/NyanSatan/S5La…

@guyru_ @CellebriteLabs Appreciate the offer but I'm happy at my current position :)

@__gsch Nice bootrom bug. If you're interested in security research on Apple targets, we might have interesting opportunities for you in my team at @CellebriteLabs. Let me know if you want to hear more.

iPod Nano 7G bootrom exploit a bit too late ~ github.com/m-gsch/S5Late

@CyberMehul @travisgoodspeed Hence the "a bit too late". Also it's still fun to do, no need for people to use it :)

@__gsch @travisgoodspeed Does anyone still use it though?