Pretty scary stuff, even if you trust all of your users:

victor@mercury ~ $ ./exploit
 Linux vmsplice Local Root Exploit
 By qaaz
[+] mmap: 0x100000000000 .. 0x100000001000
[+] page: 0x100000000000
[+] page: 0x100000000038
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4038
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0x2ac3dee3c000 .. 0x2ac3dee6e000
[+] root
mercury ~ # whoami
I’ve been mulling over upgrading my iPhone’s firmware to 1.1.1 for the last few weeks but have been put off by the complexity of it. All the tools and steps had been outlined so it was merely just running through the steps, but there were a ton of them, and it seemed like more of a pain in the ass than it was worth. Well, the hacker community has come through again with a easy solution, and now the 1.0.2->1.1.1 process is pretty painless. If you have an unlocked 1.0.2 iPhone and used AnySIM 1.0x to do it, you must “virginize” your iPhone before you can upgrade to 1.1.1. Apparently AnySIM 1.0x had a bug that damaged the seczone of your baseband firmware, causing the 1.1.1 upgrade to brick your iPhone. With the new release of the iphone-elite RevirginizingTool, here’s how you do it on a Windows machine: Make sure iTunes is configured to sync your contacts to something (e.g. Windows Address Book) and your photos are backed up (I lost the photos on my iPhone). Virginize your iPhone back to 1.0.2 OS and baseband using RevirginizingTool Use iTunes to upgrade to 1.1.1 Jailbreak 1.1.1 using CARNAVAL Use AppTapp (installed by CARNAVAL) to install BSD Subsystem and OpenSSH SCP AnySIM 1.1 to your iPhone Run AnySIM GREAT SUCCESS!!! Assumptions You have an unlocked 1.0.2 phone that used AnySIM 1.0x You have BSD Subsystem and OpenSSH packages installed (install with Installer.app aka AppTapp) You have a strong WIFI signal If you have a virgin phone, just use iTunes to upgrade to 1.1.1 and then skip to step 4 Detailed Procedure Step 1 Run a full sync on iTunes to back up all of your settings. This will take care of your address book and most of your various settings. Copy off any photos you want to your computer. Step 2 Download this. This is the latest release from the iphone elite team packaged with a script that will automatically virginize your iphone by backing up your seczone and flashing the baseband to its factory 1.0.2 state. Now SCP (try WinSCP) this file to your iPhone using login “root” and the default password of “alpine”. SSH into your iPhone using root/alpine, and then make sure the file is in your iPhone’s root directory, since the default home (really /private/var) is a partition mounted with noexec. Move the file from root user’s home to the file system /: bashmv ~/virginiser.tar.gz / Then change dir to /, then run this command (all on one line, or you can run each command between the && separately): bashtar -xzvf Virginiser.tar.gz && ./Virginiser/virginise.sh && mv Virginiser/seczone.backup . This untars the archive, runs the automated script, and then copies a backup of your seczone to the filesystem /. SCP this seczone.backup file to your computer. Hold down the power button, slide to confirm, and then reboot your iphone. Now you should have a 1.0.2 iphone locked but still jailbroken. At this point I recommend using iTunes to restore your iphone to 1. Read more...

iPhone owned

This is the first time I’ve been back in the States since the iPhone was released, and after getting a chance to play with one yesterday, I decided I had to go out and buy one today. The problem is that AT&T-locked JesusPhone doesn’t work in Germany without a little bit of hackery, and Apple’s just-released-last-week 1.1.1 firmware is reported all over the internet to brick hacked iPhones. Would an AT&T store in Mount Pleasant, SC turn over so many iPhones that they would already be selling boxed 1.1.1 models? South Carolina isn’t exactly a technology hotspot, so I took a bet that I could buy a boxed iPhone with an older, perhaps original 1.0, firmware (flip-flops and sundresses, on the other hand, sell like hotcakes here). I won my bet and within an hour of getting home, I had a completely unlocked iPhone with a myriad of cool unofficial apps, thanks to tools like iBrickr and PACAY. My new iPhone now has a youtube viewer, OpenSSH, BSD utilities, a wifi stumbler, flickr uploader, and a completely cool Over The Air application installer. The device is incredibly well built and solid. It’s smaller than I had imagined, but the screen is definitely adequate for browsing. The touch screen obviously lacks tactile feedback, but it’s also the most accurate touch interface I’ve ever used. I’m able to type much faster than I ever could using normal keys and T9. With it unlocked and freed from Apple’s proprietary grip, the iPhone is very special. Free and open source software on such a beautiful piece of hardware is very exciting, but when Apple sets out to hamper such innovation and creativity, I can’t help but think of their past mistakes with closed systems. Things could have turned out very differently had MacOS been a little more open early on, and things may very well turn out similarly if Apple doesn’t change their ways. Here’s to hoping Google’s gPhone will be the IBM PC to Apple’s II. Highly useful link: Unlock your iPhone using the latest AnySIM

Self balancing pendubot

That’s my friend Tim with our final project as Clemson EE students back in 2004. We were given a computer running QNX and told to build a pendubot: The Pendubot is a two-linked inverted pendulum actuated by a single motor. The links are connected to each other by a rotational joint, and the base of one link is connected to the motor. Control of the Pendubot is available only at the base of one of the links, thus the challenge of the project is to balance the top link by only the bottom link. I recently found this video, and so I thought I’d share by making my first youtube.com upload.