In the next incarnation of a series of hacks against the
iPhone comes a new gem: full shell access. Last Friday "geohot" of
the Hackint0sh forums, representing the #iPhone channel on irc.osx86.hu, announced that
he/she had gained access to a debugging command prompt via the iPhone's data
connector. More importantly, the command prompt includes the ability to
transfer files via TFTP, which can allow hackers to transfer data--and maybe
user programs, eventually--to and from the iPhone.
At this time, we have not seen any outside confirmation of #iPhone's work,
though as time passes more parties will come forward with additional
Currently, the hack requires a fair bit of know-how in electronics and
soldering, although someone may likely be selling ready-made cables in the
future. The hack isn't much of a security risk as execution requires a hardware
access and a little bit of preparation via other homebrew software. However,
with access to the iPhone internals, it is conceivable that further hacks could
be developed as a result of this newfound access.
Today, a progress report on the iPhone Dev
Wiki clarified some of the findings from Friday:
bootloader is basically a dead end. Everything that goes into it must be
signed, and without apples 1024-bit RSA private key, this isn't going to
happen. Fortunately we have another in. We have basically full command over the
file system and can upload, copy, and run files. I'll say this, ringtones would
be a *trivial* thing to do now. We know the radio is accessible though software
from from this bbupdate dump.
Once the toolchain is working, we can write a program to write to
/dev/tty.baseband, and finally unlock this thing."
Previous hacks include someone brute-forcing
the iPhone's internal system passwords, and the ability to activate parts of the
iPhone without going through AT&T.
A command list for the command prompt is available here.