https://freemyipod.org/api.php?action=feedcontributions&user=68.59.238.111&feedformat=atomfreemyipod.org - User contributions [en]2024-03-29T00:52:58ZUser contributionsMediaWiki 1.31.0https://freemyipod.org/index.php?title=Hardware&diff=1527Hardware2009-03-09T00:02:27Z<p>68.59.238.111: </p>
<hr />
<div>Although iPods have many other components, here we are only listing the components that might be relavent to cracking firmware encryption. If you have any suggestions for any other components to add, just post on the talk page or IRC. Links to datasheets are important if they can be found.<br />
==1G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| Portal Player PP5021C-TDF. This is the last Nano that used a PortalPlayer processor.<br />
|-<br />
| RAM<br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=136&partnum=K4M56163PG Samsung K4M56163PG] - apparently the datasheet can be found [http://pdf1.alldatasheet.net/datasheet-pdf/view/168204/SAMSUNG/K4M56163PG/datasheet.pdf here].<br />
|-<br />
| Utility Flash ROM<br />
| <br />
|-<br />
| NAND Flash<br />
| This chip is dependent on the iPod model, but all interface in the same way.<br />
|}<br />
==2G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=212&partnum=S5L8700 Samsung S5L8701] ARM940T processor. The processor itself is Apple-branded and marked 337S3291 8701, but the markings share an S for Samsung, and 8701 for the part number.<br />
|-<br />
| Utility Flash ROM<br />
| [http://www.sst.com/products.xhtml/parallel_flash/39/x16/SST39WF800A SST SST39WF800A],stores Disk Mode, Diagnostic Mode and the code to flash this chip. Tof has [http://home.gna.org/linux4nano/dumping_SST39WF800A.html managed to extract] this data and the dump can be obtained by emailing Emmanuel Fleury.<br />
|-<br />
| RAM<br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=136&partnum=K4M56163PG Samsung K4M56163PG] - [http://pdf1.alldatasheet.net/datasheet-pdf/view/168204/SAMSUNG/K4M56163PG/datasheet.pdf here] is the datasheet. This is the same chip used in the iPod 1G Nano.<br />
|-<br />
| NAND Flash<br />
| This chip is dependent on the iPod model, but all interface in the same way. Common ones for the 2G Nano are the [http://www.datasheet4u.com/download.php?id=607807 Samsung K9MBG08U5M] and the [http://www.alldatasheet.com/datasheet-pdf/pdf/115161/HYNIX/HY27UF081G2M.html Hynix HY27UW08BGFM].<br />
|}<br />
==3G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=212&partnum=S5L8700 Samsung S5L8702] ARM940T processor. The package itself is Apple-branded and marked 337S3473 8702, but the markings share an S for Samsung, and 8702 for the part number.<br />
|-<br />
| RAM<br />
| [http://www.qimonda.com/mobile-ram/ddr-18/index.html Qimonda HYE18M169CX75] 256Mbit (32MByte) Mobile 1.8V DDRAM<br />
|-<br />
| Utility Flash ROM<br />
| <br />
|-<br />
| NAND Flash<br />
| This chip is dependent on the iPod model, but all interface in the same way. A common one for the 3G Nano is the [http://www.datasheet4u.com/download.php?id=607807 Samsung K9MBG08U5M].<br />
|}<br />
==4G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=212&partnum=S5L8700 Samsung S5L8720] ARM940T processor. It is definitely worth knowing that this is the exact same processor used in the iTouch 2G. This could mean that some of the same exploits for that could possibly be used. [http://theiphonewiki.com/wiki/index.php?title=S5L8720_(Hardware) Here] is a very interesting page about the S5L8720 processor.<br />
|-<br />
| RAM<br />
| <br />
|-<br />
| Utility Flash ROM<br />
| <br />
|-<br />
| NAND Flash<br />
| This chip is dependent on the iPod model, but all interface in the same way.<br />
|}<br />
==Helpful pages==<br />
http://home.gna.org/linux4nano/download/hardware_synth-1.0.pdf<br />
<br />
[http://pc.watch.impress.co.jp/docs/2005/0908/nano21.jpg Image of the 1G Nano board]<br />
<br />
http://arstechnica.com/apple/reviews/2005/09/nano.ars/4<br />
<br />
http://arstechnica.com/apple/reviews/2006/09/ipod-2g.ars/4<br />
<br />
http://insidetronics.blogspot.com/2007/09/teardown-ipod-nano-3g.html<br />
<br />
http://www.appleinsider.com/articles/07/09/10/a_peek_inside_apples_new_nano_and_classic_ipods_photos.html<br />
<br />
http://www.ifixit.com/Guide/First-Look/iPod-Nano-4th-Generation/584/1<br />
<br />
http://theiphonewiki.com/wiki/index.php?title=S5L8720_(Hardware)</div>68.59.238.111https://freemyipod.org/index.php?title=Modes&diff=1458Modes2009-02-25T10:59:29Z<p>68.59.238.111: </p>
<hr />
<div>Nanos have special modes that they can boot into called disk mode, DFU mode, and debug mode.<br />
<br />
==Disk mode==<br />
Disk mode has existed ever since the iPod has existed. Disk mode is stored in the 1MB NOR auxillary flash (along with the bootloader), so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the data flash chip.<br />
<br />
==DFU mode==<br />
DFU mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMoko and the newer iPods. DFU mode (since nano 3G) is probably contained in the on-processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.<br />
<br />
The nano 2G also has a DFU mode, but that one is probably booted of the NOR flash instead of mask ROM, and doesn't seem to have anything in common with the newer DFU modes. It is not yet found out how to communicate with a Nano 2G in DFU mode, not even iTunes can do that.<br />
<br />
===Getting DFU mode on 3g/4g===<br />
# Make sure your iPod is turned on and connected to your computer.<br />
# Press the menu button and select (central) button simultaneously.<br />
# The iPod's screen will go black, and the Apple logo will shortly appear.<br />
# Keep on pressing till the Apple logo turns into a black screen. This is about 10 seconds.<br />
# Release the menu and select buttons.<br />
<br />
You should see this device on you usb listing (lsusb):<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1224 Apple, Inc. (for 3G)<br />
Bus XXX Device YYY: ID 05ac:1225 Apple, Inc. (for 4G)<br />
</pre><br />
<br />
The product ID depends on whether the iPod is in DFU mode or not. For example, when a 4G Nano is not in DFU mode, lsusb returns:<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1263 Apple, Inc.<br />
*example for 3G needed*<br />
</pre><br />
<br />
==Debug (diagnostics) mode==<br />
This mode will give quite a lot of info about your iPod. Except for the very first iPods, it can be accessed by holding center and rewind when the apple logo appears during reboot.<br />
<br />
==Helpful pages==<br />
http://daniel.haxx.se/blog/2008/09/03/dfu-mode-on-2nd-gen-nanos/</div>68.59.238.111https://freemyipod.org/index.php?title=Modes&diff=1445Modes2009-02-25T03:03:11Z<p>68.59.238.111: </p>
<hr />
<div>Nanos have special modes that they can boot into called disk mode, DFU mode, and debug mode.<br />
<br />
==Disk mode==<br />
Disk mode has existed ever since the iPod has existed. Disk mode is stored in the 1MB NOR auxillary flash (along with the bootloader), so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the data flash chip.<br />
<br />
==DFU mode==<br />
DFU mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMoko and the newer iPods. DFU mode (since nano 3G) is probably contained in the on-processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.<br />
<br />
The nano 2G also has a DFU mode, but that one is probably booted of the NOR flash instead of mask ROM, and doesn't seem to have anything in common with the newer DFU modes. It is not yet found out how to communicate with a Nano 2G in DFU mode, not even iTunes can do that.<br />
<br />
===Getting DFU mode on 3g/4g===<br />
# Power off ipod holding play.<br />
# Screen will go black.<br />
# Plug ipod to your computer<br />
# Hold on using top switch and hold off (not needed?)<br />
# Keep pressing menu button and select (central) button simultaneously.<br />
# Screen will go black, shortly apple logo will appear.<br />
# Keep on pressing till apple logo turns into black screen. This is about 10 seconds.<br />
# Release menu and select buttons.<br />
<br />
You should see this device on you usb listing (lsusb):<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1224 Apple, Inc. (for 3G)<br />
Bus XXX Device YYY: ID 05ac:1225 Apple, Inc. (for 4G)<br />
</pre><br />
<br />
The product ID depends on whether the iPod is in DFU mode or not. For example, when a 4G Nano is not in DFU mode, lsusb returns:<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1263 Apple, Inc.<br />
*example for 3G needed*<br />
</pre><br />
<br />
==Debug (diagnostics) mode==<br />
This mode will give quite a lot of info about your iPod. Except for the very first iPods, it can be accessed by holding center and rewind when the apple logo appears during reboot.<br />
<br />
==Helpful pages==<br />
http://daniel.haxx.se/blog/2008/09/03/dfu-mode-on-2nd-gen-nanos/</div>68.59.238.111https://freemyipod.org/index.php?title=Modes&diff=1444Modes2009-02-25T02:37:10Z<p>68.59.238.111: </p>
<hr />
<div>The 2G Nano has special modes that it can boot into called disk mode, DFU mode, and debug mode.<br />
<br />
==Disk mode==<br />
Disk mode has existed ever since the iPod has existed. Disk mode is stored in the 1MB NOR auxillary flash (along with the bootloader), so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the data flash chip.<br />
<br />
==DFU mode==<br />
DFU mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMoko and the newer iPods. DFU mode (since nano 3G) is probably contained in the on-processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.<br />
<br />
<br />
The nano 2G also has a DFU mode, but that one is probably booted of the NOR flash instead of mask ROM, and doesn't seem to have anything in common with the newer DFU modes. It is not yet found out how to communicate with a nano 2G in DFU mode, not even iTunes can do that.<br />
<br />
===Getting DFU mode on 3g/4g===<br />
# Power off ipod holding play.<br />
# Screen will go black.<br />
# Plug ipod to your computer<br />
# Hold on using top switch and hold off (not needed?)<br />
# Keep pressing menu button and select (central) button simultaneously.<br />
# Screen will go black, shortly apple logo will appear.<br />
# Keep on pressing till apple logo turns into black screen. This is about 10 seconds.<br />
# Release menu and select buttons.<br />
<br />
You should see this device on you usb listing (lsusb):<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1224 Apple, Inc. (for 3G)<br />
Bus XXX Device YYY: ID 05ac:1225 Apple, Inc. (for 4G)<br />
</pre><br />
<br />
The product ID depends on whether the iPod is in DFU mode or not. For example, when a 4G Nano is not in DFU mode, lsusb returns:<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1263 Apple, Inc.<br />
*example for 3G needed*<br />
</pre><br />
<br />
==Debug (diagnostics) mode==<br />
Will give quite a lot info about your iPod. Except for the very first iPods, it can be accessed by holding center and rewind when the apple logo appears during reboot.<br />
<br />
==Helpful pages==<br />
http://daniel.haxx.se/blog/2008/09/03/dfu-mode-on-2nd-gen-nanos/</div>68.59.238.111https://freemyipod.org/index.php?title=Modes&diff=1443Modes2009-02-25T02:32:53Z<p>68.59.238.111: </p>
<hr />
<div>The 2G Nano has two special modes that it can boot into called disk mode and DFU mode<br />
<br />
==Disk mode==<br />
Disk mode has existed ever since the iPod has existed. Disk mode is stored in the 1MB NOR auxillary flash (along with the bootloader), so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the data flash chip.<br />
<br />
==DFU mode==<br />
DFU mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMoko and the newer iPods. DFU mode (since nano 3G) is probably contained in the on-processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.<br />
<br />
<br />
The nano 2G also has a DFU mode, but that one is probably booted of the NOR flash instead of mask ROM, and doesn't seem to have anything in common with the newer DFU modes. It is not yet found out how to communicate with a nano 2G in DFU mode, not even iTunes can do that.<br />
<br />
===Getting DFU mode on 3g/4g===<br />
# Power off ipod holding play.<br />
# Screen will go black.<br />
# Plug ipod to your computer<br />
# Hold on using top switch and hold off (not needed?)<br />
# Keep pressing menu button and select (central) button simultaneously.<br />
# Screen will go black, shortly apple logo will appear.<br />
# Keep on pressing till apple logo turns into black screen. This is about 10 seconds.<br />
# Release menu and select buttons.<br />
<br />
You should see this device on you usb listing (lsusb):<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1224 Apple, Inc. (for 3G)<br />
Bus XXX Device YYY: ID 05ac:1225 Apple, Inc. (for 4G)<br />
</pre><br />
<br />
The product ID depends on whether the iPod is in DFU mode or not. For example, when a 4G Nano is not in DFU mode, lsusb returns:<br />
<pre><br />
Bus XXX Device YYY: ID 05ac:1263 Apple, Inc.<br />
*example for 3G needed*<br />
</pre><br />
<br />
===Debug (diagnostics) mode===<br />
Will give quite a lot info about your iPod. Except for the very first iPods, it can be accessed by holding center and rewind when the apple logo appears during reboot.<br />
<br />
==Helpful pages==<br />
http://daniel.haxx.se/blog/2008/09/03/dfu-mode-on-2nd-gen-nanos/</div>68.59.238.111https://freemyipod.org/index.php?title=Modes&diff=1392Modes2009-02-24T00:53:07Z<p>68.59.238.111: </p>
<hr />
<div>The 2G Nano has two special modes that it can boot into called disk mode and DFU mode<br />
<br />
==Disk mode==<br />
Disk mode has existed ever since the iPod has existed. Disk mode is burned into the processor's bootrom, so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the flash chips.<br />
==DFU mode==<br />
DFU mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMogo and the newer iPods. DFU mode is also flashed in the processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.<br />
<br />
==Helpful pages==<br />
http://daniel.haxx.se/blog/2008/09/03/dfu-mode-on-2nd-gen-nanos/</div>68.59.238.111https://freemyipod.org/index.php?title=Main_Page&diff=1391Main Page2009-02-24T00:47:44Z<p>68.59.238.111: </p>
<hr />
<div>This is the wiki page for the Linux4nano project. [http://home.gna.org/linux4nano/ Here] is the project homepage, and [http://mail.gna.org/public/linux4nano-dev/ here] is a link to the project's mailing list. Linux4nano also has a fairly active irc channel, #linux4nano-dev @ irc.freenode.net. Please excuse the fact that this is on the NXT++ wiki; I can't set up another wiki on my server right now. Please also excuse the slow hosting. I am using a free service until I can set up my own server.<br />
<br />
==This wiki==<br />
[[About]]<br />
<br />
==The iPod==<br />
[[Modes]]<br />
<br />
[[Firmware]]</div>68.59.238.111https://freemyipod.org/index.php?title=Modes&diff=1390Modes2009-02-24T00:47:22Z<p>68.59.238.111: New page: The 2G Nano has two special modes that it can boot into called disk mode and DFU mode ==Disk mode== Disk mode has existed ever since the iPod has existed. Disk mode is burned into the pro...</p>
<hr />
<div>The 2G Nano has two special modes that it can boot into called disk mode and DFU mode<br />
<br />
==Disk mode==<br />
Disk mode has existed ever since the iPod has existed. Disk mode is burned into the processor's bootrom, so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the flash chips.<br />
==DFU mode==<br />
DFU mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMogo and the newer iPods. DFU mode is also flashed in the processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.</div>68.59.238.111https://freemyipod.org/index.php?title=Main_Page&diff=1387Main Page2009-02-24T00:16:19Z<p>68.59.238.111: </p>
<hr />
<div>This is the wiki page for the Linux4nano project. [http://home.gna.org/linux4nano/ Here] is the project homepage, and [http://mail.gna.org/public/linux4nano-dev/ here] is a link to the project's mailing list. Linux4nano also has a fairly active irc channel, #linux4nano-dev @ irc.freenode.net. Please excuse the fact that this is on the NXT++ wiki; I can't set up another wiki on my server right now. Please also excuse the slow hosting. I am using a free service until I can set up my own server.<br />
<br />
==This wiki==<br />
[[About]]<br />
<br />
==The iPod==<br />
[[Modes]]<br />
[[Firmware]]</div>68.59.238.111https://freemyipod.org/index.php?title=Main_Page&diff=1385Main Page2009-02-24T00:02:51Z<p>68.59.238.111: New page: This is the wiki page for the Linux4nano project. [http://home.gna.org/linux4nano/ Here] is the project homepage, and [http://mail.gna.org/public/linux4nano-dev/ here] is a link to the pro...</p>
<hr />
<div>This is the wiki page for the Linux4nano project. [http://home.gna.org/linux4nano/ Here] is the project homepage, and [http://mail.gna.org/public/linux4nano-dev/ here] is a link to the project's mailing list. Linux4nano also has a fairly active irc channel, #linux4nano-dev @ irc.freenode.net. Please excuse the fact that this is on the NXT++ wiki; I can't set up another wiki on my server right now. Please also excuse the slow hosting. I am using a free service until I can set up my own server.<br />
<br />
--This wiki<br />
[[About]]<br />
<br />
--The iPod<br />
[[Modes]]<br />
[[Firmware]]</div>68.59.238.111