The last part of my iPhone-related blog entries was posted last night. The first article discusses the architecture and provides some useful shellcode for already-modified phones. http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html The second article discusses the libtiff exploit and includes a link to a modified version of the weasel debugger. http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html The third article steps through the entire libtiff exploit development process, using an updated version of the debugger. http://blog.metasploit.com/2007/10/cracking-iphone-part-2.html The fourth article describes a different approach to exploiting the libtiff vulnerability that is much more reliable across a wider range of applications. http://blog.metasploit.com/2007/10/cracking-iphone-part-21.html The fifth and final article walks through the process of developing a payload capable of writing arbitratry executables to disk and executing them. The final article closes with a stand-alone shell that can be used to gain remote, interactive access to unmodified iPhones, and demonstrates how to use this shell to apply the third-party libtiff patch. http://blog.metasploit.com/2007/10/cracking-iphone-part-3.html -HD
