On Wed, Jul 18, 2012 at 2:22 PM, Hans Petter Selasky <hselasky_at_c2i.net> wrote: > Hi, > > I have one of those locked down silvery IPod's, and wanted to try out gnupod > to get some MP3's transferred to the device. I made it once, but then my luck > ended :-) Anyway I found what looks like a remote crash vulnerability in the > IPod firmware. How to make it crash: > > 1) Plug USB cable and wait for /dev/daX device to appear. > 2) mount -t msdosfs /dev/daX /mnt > 3) rm -rf /mnt/* > 4) umount /mnt > 5) Now unplug the USB cable and wait for the device to boot into menu mode. > Don't press any keys. > 6) Then plug the USB cable again into the PC/Lapop running FreeBSD 8/9. > > 7) Observation: The device goes into an infinite reboot loop until the USB > cable is unplugged. > > 8) How to recover your device: > 9) Add this quirk: > > usbconfig add_dev_quirk_vplh 0x05ac 0x1262 0 65535 UQ_MSC_NO_SYNC_CACHE > ^^ vendor ^^ product > > Please write down the iProduct and iVendor before testing this, else you will > have to plug your device into a Linux/Mac box to get it back. You can do this > by running the following command before executing any of the steps above: > > usbconfig -d X.Y dump_device_desc > > 10) Plug your device. > 11) /dev/daX should appear again :-) Puuuuhhh :-) > > This is the dmesg you see when the device is crashing. > > usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored) > usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored) > usb_alloc_device: Failure selecting configuration index 0:USB_ERR_STALLED, > port 2, addr 3 (ignored) > ugen7.3: <Apple Inc.> at usbus7 > ugen7.3: <Apple Inc.> at usbus7 (disconnected) > > If Apple could explain this, would be great! I believe some Apple people are > hanging around on these lists :-) Been meaning to mention this... I run into this regularly as of a couple months ago with my iPod classic as well (I used to use my FreeBSD workstation as a "charger" for my iPod). I'll provide more details if I get a chance. Thanks, -GarrettReceived on Wed Jul 18 2012 - 20:03:59 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:29 UTC