通过网络协议破解iPhone和iPod文件系统结构
神通广大的黑客利用 AppleTalk Filing Protocol(AFP)协议成功地将iPhone/iPod修改成一个网络设备,然后用户就可以在OS X下利用Finder像访问可移动磁盘一样自由读写.
AFP Server目前还没有做成安装文件,需要根据一定的流程来利用脚本安装,完成后只需要访问iPhone的IP地址即可.
具体破解文件下载:
解压密码:www.zhuceji.org
注册破解文件
安装方法如下: 本文来自注册机之家
new - to enable bonjour
# ./dns-sd -R iPhoneFileServer _afpovertcp._tcp local. 548 &
[3] 54
Registering Service iPhoneFileServer._afpovertcp._tcp.local. port 548
Got a reply for iPhoneFileServer._afpovertcp._tcp.local.: Name now registered and active
Then it is published:
# ps aux | grep mDNS
root 20 0.0 0.0 273696 792 ?? Ss 1:47PM 0:00.34 /usr/sbin/mDNSResponder -launchd
root 57 0.0 0.0 274156 0 p0 R 1:54PM 0:00.00 grep mDNS
This command will log to syslog:
# kill -info 20
# Nov 11 13:54:33 localhost mDNSResponder-118 (Jul 12 2007 23: 24:35)[20]: ---- BEGIN STATE LOG ----
Nov 11 13:54:33 localhost : Timenow 0x9279574D (-1837541555)
Nov 11 13:54:33 localhost : ------------ Cache -------------
Nov 11 13:54:33 localhost : Slt Q TTL if U Type rdlen
Nov 11 13:54:33 localhost : 223 * 1878666 -U- - PTR 13 130.1.168.192.in-addr.arpa. PTR iphone.
Nov 11 13:54:33 localhost : 240 * 1878721 -U- - Addr 4 somehost.attwireless.net. Addr 172.16.9.100
Nov 11 13:54:33 localhost : Cache currently contains 4 records; 2 referenced by active questions
Nov 11 13:54:33 localhost : ---------- Questions -----------
Nov 11 13:54:33 localhost : Int Next if Type
Nov 11 13:54:33 localhost : 3600 3511 O PTR 130.1.168.192.in-addr.arpa.
Nov 11 13:54:33 localhost : 1 question; 1 active
Nov 11 13:54:33 localhost : ---- Active Client Requests ----
Nov 11 13:54:33 localhost : 11: DNSServiceRegister iPhoneFileServer._afpovertcp._tcp.local. 548
Nov 11 13:54:33 localhost : 10: DNSServiceRegister iPhone._sftp-ssh._tcp.local. 22
Nov 11 13:54:33 localhost : 9: DNSServiceRegister iPhone._ssh._tcp.local. 22
Nov 11 13:54:33 localhost : ------ Network Interfaces ------
Nov 11 13:54:33 localhost : Interface: v4 en0(2) 00:00:00:00:00:00 Active v4 8 -1 InterfaceID 0080DC00 Adv TxRx 192.168.1.130
Nov 11 13:54:33 localhost : Interface: v4 ip2(4) 00:00:00:00:00:00 DORMANT 90
Nov 11 13:54:33 localhost : DNS Server 192.168.1.113 .
Nov 11 13:54:33 localhost : Timenow 0x927957BA (-1837541446)
Nov 11 13:54:33 localhost mDNSResponder-118 (Jul 12 2007 23: 24:35)[20]: ---- END STATE LOG ----
so just grab dns-sd from above!
Notes
Extract the tar.gz file to /opt/iphone/afp/
Then just:
/opt/iphone/afp/startserver.sh
Should start the daemon
Seems fast enough to stream video
Here is a quick demo with a test mpeg tivo'd recording on the iphone:
imac /F12/ du -h FSWA.mp4
415M FSWA.mp4
The file system looks small as it is based off the root FS, but this is in the
media partition, so afp also follows the symlinks correctly (woot!)
AFP Registered Users on the iphone
Added DHX encryption:
Nov 10 13:48:17 localhost afpd[105]: uam: "DHCAST128" available
Nov 10 13:48:33 localhost afpd[106]: ASIP session:548(4) from 192.168.1.127:5018 5(7)
Nov 10 13:48:33 localhost afpd[105]: server_child[1] 106 done
We can now log in as root, same starting instructions as per guest example below.
Also edited uid 0 code in netatalk for this to work:
Two file systems are exported currently, they can be changed in AppleVolume.default in this distro:
Will log this to /var/log/syslog (you need this enabled if you want or need to see this):
Nov 10 13:55:46 localhost afpd[130]: ASIP session:548(4) from 192.168.1.127:50198(7)
Nov 10 13:55:46 localhost afpd[130]: dhx login: root
Nov 10 13:55:46 localhost afpd[130]: login: root login this is bad! but this is an iPhone!
Nov 10 13:55:46 localhost afpd[130]: login root (uid 0, gid 0) AFP2.2
文章评论
共有 0位注册机之家成员发表了评论 查看完整内容