<crakun> ok
<crakun> stuff is ready
<ele146cc> D:
<pwned4ever> yes crakun go nuts
<crakun> ok
<pwned4ever> nex you in here ??
<crakun> please pick up slide deck from twitter
<ele146cc> where i can follow the class?
<crakun> @crakun
<pwned4ever> slide deck ?
<crakun> link is posted on twitter for Day 4
<tihmstar> what twitter?
<jekro> http://www.hotwan.com/class/MHVI-Day4b_Published.pdf
<ojb> Safe No problems found with www.hotwan.com Safe
<tihmstar> thx
<crakun> please download an gaze thru it real quick
<crakun> will cicle back in 3 minutes to begin clazz
<pwned4ever> you want us to cicle through the http://www.hotwan.com/class/MHVI-Day4b_Published.pdf
<SwissHttp> Slide 5b is missing
<ojb> Safe No problems found with www.hotwan.com Safe
<sidewinder96> hahaha probably the most important slide ;P
<tihmstar> ^
<tihmstar> focus
<iosdowngrader> the class will be here right?
<SwissHttp> Hi Jonathan
<crakun> hello?
<DarkMalloc> iosdowngrader: it is starting…
<crakun> ok
<crakun> did u get today's class presentation?
<hackus> nice timing
<crakun> anyone? someone?
<AdiSai1> Hi SwissHttp
<jekro> Yes
<sidewinder96> yes
<AdiSai1> Hi Crakun
<AdiSai1> Yes
<pr0crast1nate> i got it, yes
<a_titkov> yep
<isa56k> This one http://www.hotwan.com/class/MHVI-Day4b_Published.pdf ?
<ojb> Safe No problems found with www.hotwan.com Safe
<crakun> yes
<JustVanBlooM> yes
<isa56k> got
<crakun> ok
<AdiSai1> How are you crakun
<AdiSai1> Are we in class
<AdiSai1> Or did it end?
<sidewinder96> yes AdiSai1 we are
<crakun> so this time, I want to try and combine skype with this irc
<tihmstar> so will there be a group call?
<AdiSai1> How crakun
<crakun> for those who want voice, plus side channel communications
<ele146cc> nice slides :D
<tihmstar> i want
<ele146cc> me too
<AdiSai1> I want voice
<crakun> I am at m0bdev on Skype
<pwned4ever> wow your gonna skype with the class?
<crakun> ping me on Skype and I'll add you to the conference
<iosdowngrader> i've add you crakun :)
<crakun> this will help keep Apple on their toes
<pwned4ever> just messaged you on skype
<ele146cc> crakun i've texted you on skype
<ele146cc> i'm Bardu
<kirb> AdiSai1: and i want a million dollars
<crakun> bare with me as I set up Skype
<pwned4ever> how do you ping in skype
<isa56k> pwned4ever: Just send an IM
<pwned4ever> k did that
<tihmstar> crakun you should use mumble next time, it hink it's alot better for that
<ele146cc> crakun
<iosdowngrader> or teamspeak
<ele146cc> can yuo add me on skype? thanks
<tihmstar> nah, mumble is fine
<SwissHttp> So the class is running on Skype or what?
<JustVanBlooM> can smwone write it down here? i don't join Skype for this
<crakun> adding more people
<crakun> on Skype
<iosdowngrader> downloading Skype on my macbook takes so long.. dam it :D
<besartzeka> crakun ?
<besartzeka> What about me on skype ?
<crakun> adding people on Skype…..
<iosdowngrader> crakun ive addet you
<iosdowngrader> im mdrunaway on skype
<sidewinder96> is it ok if im using skype on my mobile?
<besartzeka> Im besart.zeka on skype
<crakun> ok
<crakun> I think I got everyone
<sidewinder96> not me :/
<isa56k> ahh man I got to go out with family... enjoy class... will catch up on slides!
<tihmstar> mumble
<tihmstar> guys install mumble for next time
<iosdowngrader> crakun so you accepted me on Skype and now how do i get into the class?
<iosdowngrader> crakun how do i get into class not (you acceptet me on skype)
<hackus> this is the class
<iosdowngrader> ok thanks crakun
<crakun> going thru slide deck
<JustVanBlooM> say tme they should mute.. bad voice so for..
<crakun> slide 7
<crakun> submittals
<crakun> so far have been all sorts
<crakun> from mobilesafari to some mov files
<crakun> privilegs escalation
<crakun> kernel panics
<crakun> realized that we need a formal process for submittals
<pwned4ever> ive fuzzed a mov file and fuzzed a txt file
<SwissHttp> fuzzed a txt file?
<pwned4ever> cant get a mov file to crash safari however
<sidewinder96> crakun, sent you a request in skype :/
<pwned4ever> yes fuzzed a txt text file
<SwissHttp> me too
<JustVanBlooM> how to fuzz a txt file ?
<tihmstar> does that need to be a working mov file to be modified with fuzzer?
<crakun> ok
<crakun> for fuzzing automation
<crakun> I need to see where we are at on that
<crakun> there were some ideas on that last week
<crakun> Cykey came up with a script
<compilingEntropy> I've got it set up, my 3gs can do about 300 .mov files per hour
<crakun> anyone else?
<uroboro> Nexuist seemed to have one
<uroboro> ketelek too
<pwned4ever> nexiust
<compilingEntropy> https://ghostbin.com/paste/3hjau
<uroboro> *hetelek
<compilingEntropy> ^ my bash script
<crakun> so nexuist has something
<compilingEntropy> http://nexuist.tumblr.com/ << Nexuist's work
<ojb> Safe No problems found with nexuist.tumblr.com Safe
<crakun> ok great!
<crakun> slide 8
<Nick> whats going on all
<sjas> will there be mumble next time? if not, is it just the infrastructure that is lacking?
<crakun> so I'm getting .mov files that work on different phones and firmware, but not all
<crakun> yes
<crakun> skype is a bit noisy
<hackus> indeed
<crakun> just turn down volume
<crakun> so Oct 26, we will start to review some class submitted .mov files
<pwned4ever> k so on to step 8
<crakun> so we can learn and see if exploitable
<tihmstar> i will setup mumble for next time
<crakun> so get me some mov files that crash!!!!
<sidewinder96> crakun, can u add me on skype? i already sent u a request
<crakun> please
<Nick> crakun, why not fuzz each .mov file then add them together?
<SwissHttp> nick, what if the merged file crashes? Which change caused it?
<argp> using the files that already cause crashes as seeds for further fuzzing is a good idea
<Nick> ^
<crakun> ok
<crakun> slide 9
<crakun> please submit .mov files and finding in this format
<crakun> email in a zip
<crakun> we need to move forward in class, and that depends on your active participation
<Nick> I would participate but you jerks only learn when I'm at work :P
<crakun> any questions on submittals?
<crakun> the sweet gem is a .mov file that will cause a kernel panic
<crakun> the person who gets that, get a gold star by their name
<LeoTh3o> Is there anyone available/currently logged that can access openjailbreak.org as an admin?
<crakun> other bugs slide 10
<uroboro> how is the kernel panic noted in the crash log? it just says so?
<crakun> kernel panics cause the phone to reboot
<uroboro> ah, haha, great
<crakun> ok
<crakun> so for slide 11
<crakun> what are your answers
<crakun> please type in chat
<tihmstar> .mov
<pr0crast1nate> Bueller.....
<crakun> Bueller?
<crakun> where is he
<tylr> It's his day off
<crakun> heh
<crakun> ok, someone said pdf
<crakun> anybody else?
<crakun> .gif or image?
<compilingEntropy> .tiff
<compilingEntropy> way back in the day
<tihmstar> yes
<crakun> come'on folks
<tihmstar> tiff
<compilingEntropy> .xls
<crakun> ok
<tihmstar> .pdf -.-
<compilingEntropy> sms has been used
<pr0crast1nate> could iPhoto be crashed with RAW image?
<crakun> possibly
<tihmstar> imessage this unicode bug
<crakun> yes
<tihmstar> webkit ?
<crakun> how do we know what file type extensions are handled in the iphone
<crakun> ok
<pr0crast1nate> email
<crakun> excellant
<tihmstar> push notifications
<crakun> keep thinking on this
<pwned4ever> how about the new airdrop feature in io7 that uses bluetooth or wifi
<pr0crast1nate> that would be cool, but I bet they're highly sanitized before display
<crakun> I know we are focused on .mov files, but this is food for thought
<uroboro> https://developer.apple.com/library/ios/DOCUMENTATION/AppleApplications/Reference/SafariWebContent/CreatingContentforSafarioniPhone/CreatingContentforSafarioniPhone.html#//apple_ref/doc/uid/TP40006482-SW15 has the limits of resources to be used in safari
<crakun> kool, thank u
<crakun> slide 12
<tihmstar> theiphonewiki.com
<SwissHttp> All references should be in the wiki. Let me know if something is missing.
<pwned4ever> whats the email for you crakun?
<crakun> so research URLs and irc channels, email them to me at [email protected] so that I can put them in the class slide deck for reference for everyone
<pwned4ever> lol
<pwned4ever> got it
<crakun> stressing need for .mov files from you
<crakun> so, lets move into fuzzing
<crakun> part II
<crakun> this is a snipit of Mobile Hacking II class I used to teach
<crakun> we will speed thru this section
<pwned4ever> im using zzuf on my ipad is there a fuzzer for windows youd recommend
<tihmstar> what slide ?
<crakun> please look at smart phone typical attack surface
<tylr> pwned4ever: Windows fuzzer: http://peachfuzzer.com
<ojb> Safe No problems found with peachfuzzer.com Safe
<crakun> unfortunately I did not have a slide number on it
<pwned4ever> thnx is it free
<tihmstar> slide 20
<crakun> cool
<pwned4ever> peachfuzzer? freeware?
<crakun> yes, peach is free
<tihmstar> slide 21
<crakun> look at the delivery channels
<crakun> following slide
<SwissHttp> card reader on the iPhone?
<pr0crast1nate> active would be packet injection like deauth packets
<pr0crast1nate> passive would be like using Reaver and active would be like a replay attack to crack WEP
<compilingEntropy> no, reaver is definitely active
<pr0crast1nate> yeah bad example lol
<tihmstar> slide 22
<AdiSai1> what did I Miss?
<AdiSai1> I had to do HW
<sidewinder96> you cant even fix it by restoring?
<crakun> be careful
<crakun> though unlikely
<crakun> fuzzing can brick a phone
<SwissHttp> probably applies mainly to Android
<ele146cc> isn't an wifi packet injection more easly to control and make an exploit?
<compilingEntropy> in terms of fuzzing mov files, I'm guessing that's extraordinarily unlikely?
<iOS5user> real brick or a restorable one
<crakun> where firmware installed by manufacuter is partially overwritten
<crakun> this is different firmware than what you see on IPSW
<crakun> bluetooth is an example of fuzzing
<crakun> i've seen it brick phones
<crakun> even sms
<ele146cc> crakun
<SwissHttp> phones or iPhones?
<crakun> there are sms attacks that can screw up your sim card
<ele146cc> what if we send a wifi packet that just can crash wifi iphone's service?
<jbusr> is the class still on ?
<iOS5user> yes
<crakun> this is a example
<AdiSai1> ok
<compilingEntropy> iOS Hacker's Handbook has some sms examples
<AdiSai1> ya
<SwissHttp> What page?
<iOS5user> can i have a link to this, if its downloadable from Amazon
<AdiSai1> It's paid
<AdiSai1> google it
<compilingEntropy> SwissHttp: I think it was somewhere near chapter 3
<iOS5user> ok
<crakun> it deals with messing up the SIM card via an OTA -over-the-air update
<crakun> malformed
<SwissHttp> page 162ff
<crakun> look at bluetooth fuzzing
<besartzeka> Ios Hackers Handbook's link: www.it-docs.net/ddata/781.pdf
<crakun> at the protocol stack, L2CAP can be attacked
<crakun> on any bluetooth device listening
<crakun> you do not have to be paired
<crakun> in order for this to work
<AdiSai1> besartzeka thanks
<besartzeka> ;)
<crakun> so those are some examples of other venues of attack, SMS and bluetooth can be dangerous
<crakun> but let's focus on .mov files
<crakun> for class
<pwned4ever> k
<crakun> ok
<crakun> so let's move to slide 29 as a refresher
<jbusr> is there a Wiki for this project ?
<crakun> types of bugs, vulns, exploits we are looking for
<crakun> we need a wiki
<crakun> need a volunteer to help out on that
<iMast777> jbusr: http://theiphonewiki.com/wiki/OpenJailbreak
<ojb> Safe No problems found with theiphonewiki.com Safe
<pwned4ever> volunteer for ?
<jbusr> installing mediawiki is pretty dead simple (but need where to put it)
<crakun> any volunteers that can help, whether bugs or research or code/ let me know -> [email protected]
<crakun> ok
<crakun> whoops, slide 30 typo
<crakun> meeting next week, sat.
<crakun> ok now open floor, questions
<AdiSai1> Crakun can I edit httpI//theiphonewikik.com/wiki/OpenJailbrealk
<jbusr> does the new 64bit kernel has more protection then the previous 32bit one ?
<iMast777> AdiSai1: Not sure why you'd want to do that, you would have to contact SwissHttp for that.
<jbusr> how different is the new 64 bit arch then the 32 bit previous one in terms of all the tools that were used to the old instruction set ?
<iOS5user> Should i update my iPhone to 6.1.2 (i have working SHSH blobs) or stay on 5.1.1?
<crakun> on skype and irc
<crakun> use complex .mov files
<sidewinder96> will the 64-bit processor be killing some exploits?
<crakun> with quicktime, final cut pro
<iosdowngrader> @ios5user which iphone
<iOS5user> 4
<iosdowngrader> jeah you should can this
<iosdowngrader> ios 6 is better than 5 because of the featueres
<iOS5user> ok, i will probably do it later today
<iosdowngrader> but 5 is ok too
<iOS5user> i could always downgrade
<crakun> or free software
<iosdowngrader> ok than you can decide :D
<crakun> that make mov files
<iOS5user> lol
<jbusr> ffmpeg can do .mov files
<jbusr> any ideas what can be done with battery life and iOS 7 on iPhone 4S ? it's like 75% or worse then with iOS 6 when I do stuff
<argp> sidewinder96, arm64 kills some exploits as surely as opens new ones
<sidewinder96> you can use avid its a free video editing program
<sidewinder96> argp, thanks
<jbusr> the nice thing with ffmpeg is that it's open source, so you can really see how the .mov is built and try to fuzzy even more
<iOS5user> is class over? im without the powerpoint
<argp> a good approach is to have seed files (in this case mov files) from as many and diverse sources as possible
<JustVanBlooM> ok ppl .. aim out. @crakun i'll post steps to crash to your email. as requested :) gn8t
<jbusr> you can easily do a auto fuzzy with some javascirpt and html magic
<crakun> and cykey is qorking on an automated fuzzing
<crakun> as well
<argp> create them with many different generators (ffmpeg, etc), collect them online, and so on
<jbusr> i.e. keep producing MOV with FFMPEG, then host them on an HTTP server which plays a created .MOV file, and skips to the next
<jbusr> when the client crashes, it will stop doing requests
<tihmstar> i will try to create a mumble server for next week's class
<crakun> ok, I got some good questions on skype
<crakun> i will work on answering those for next week
<tihmstar> i'll maybe need someone to test it, so be sure to install mumble ;)
<pwned4ever> k nesuist your here
<pwned4ever> nexuist
<crakun> we will go deeper into .mov files. construction, etc
<pwned4ever> can you post your blog in here ? nexuist
<jbusr> crakun, any better open source recommended tools for .mov then ffmpeg ?
<compilingEntropy> this script generates files and automates the opening of them in mobilesafari. it'll play the file if it can be played and everything. https://ghostbin.com/paste/8b7n2
<crakun> class next week. Sat 6am PST
<pr0crast1nate> http://nexuist.tumblr.com/
<ojb> Safe No problems found with nexuist.tumblr.com Safe
<crakun> yes, there are several
<iosdowngrader> sat 6am can you tell me that in utc ?
<crakun> you want to make complex mov files
<jbusr> you don't need to jailbreak your device to do automated fuzzy .mov testing
<crakun> then fuzz those
<crakun> for best results
<crakun> ok. class adjourned
<crakun> someone, please save logs