iPhone Hacking with Pwnage, iPhone Dev Team

Hackers calling themselves the iPhone Dev Team have reported breaking into the iPhone firmware upgrade that ships with the recently launched software development kit for the smartphone.

The hack allows developers to go right into the iPhone system without paying the $100 annual fee to gain access to the device’s software development kit.

The hacker team is working on a feature called Pwnage, which lets iPhones download and run other software programs that haven’t gone through any official, Apple-controlled software distribution channels.

Once distributed, the Pwnage feature means Apple may no longer be able to excercise the tight control over the flow of the software to its iPhone. Additionally, Apple will not be able to count on taking a 30% share of every iPhone software program sold.

The iPhone Dev Team has been using dual-booting to jailbreak the iPhone for several months now. Several more advanced techniques have been developed, many of which are still private.

Pwnage exploits a bad chain of trust in the boot sequence of the S5L8900 device. The boot sequence includes LLB and iBoot modules which are stored in device NOR flash and are typically encrypted (as of 1.1.*). However, they are not signed with RSA signature at that point, because the 8900 container is dropped away before the file is written to NOR flash. Pwnage exploits this vulnerability.

First, Apple assumes that if something is in the NOR flash, it had necessarily passed through an RSA signature verification, and is therefore authentic Apple code. This is incorrect, because the only mechanism preventing the writing of unauthorized code to the NOR flash is the kernel. The iPhone/iPod Touch kernel contains an extension designed specifically to write to the NOR flash, called AppleImage2NORAccess. This extension performs an RSA signature verification on any data it tries to write. The verification itself is performed by the Fairplay extension, which is heavily obfuscated, but neutering the check is very simple. After the check is patched out, anything can be written to the NOR flash.

Second, Apple assumes that disabling the encryption keys in “normal” environment will prevent from writing firmware files to the NOR flash. Hackers have found a way to run their code in “secure” environment and use AppleImage2NORAccess extension the same way as Apple does it on restore.

Pwnage starts by booting from a memory device (ramdisk) in “secure” environment to prevent the kernel from disabling encryption keys. Hackers also add another memory device, pointed at the kernel’s address space, to allow live kernel patching. After booting up, hackers patch out signature check from AppleImage2NorAccess extention and proceed with flashing our custom firmware files (iBoot, LLB, DeviceTree, and pictures).

Because the signature check has been patched out, and encryption keys are available, AppleImage2NORAccess happily writes them to the suitable location in NOR flash. After that, the device can be restarted, and will accept any unsigned 8900 file without complaint.