Talk:Blackra1n

Why no AFC2?
Is there any reason why even RC3 doesn't add afc2 to services.plist? --Redart 13:40, 4 November 2009 (UTC)

Payload
I notice pages like the one for ultrasn0w contain the payload. Is there any chance that the payload for blackra1n or an old jailbreak like purplera1n will be published? MaybachMan 08:25, 1 August 2010 (UTC)
 * That would be really awesome to see. Anyone able to negotiate communicate with geohot? Iemit737 09:07, 1 August 2010 (UTC)
 * I don't know what will get published by him. But why don't you just disassemble it and publish it here? I assume this won't be a problem, as the same happened for Spirit. -- http 09:51, 1 August 2010 (UTC)
 * I have blackra1n open in IDA right now, here's what it gave me (I hope I did this right).

UPX1:004E9A40 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ UPX1:004E9A40 UPX1:004E9A40 UPX1:004E9A40                public start UPX1:004E9A40 start          proc near UPX1:004E9A40 UPX1:004E9A40 var_AC         = dword ptr -0ACh UPX1:004E9A40 UPX1:004E9A40                pusha UPX1:004E9A41                mov     esi, offset byte_455015 UPX1:004E9A46                lea     edi, [esi-54015h] UPX1:004E9A4C                push    edi UPX1:004E9A4D                jmp     short loc_4E9A5A UPX1:004E9A4D ; --- UPX1:004E9A4F                align 10h UPX1:004E9A50 UPX1:004E9A50 loc_4E9A50:                            ; CODE XREF: start:loc_4E9A61�j UPX1:004E9A50                mov     al, [esi] UPX1:004E9A52                inc     esi UPX1:004E9A53                mov     [edi], al UPX1:004E9A55                 inc     edi UPX1:004E9A56 UPX1:004E9A56 loc_4E9A56:                            ; CODE XREF: start+CF�j UPX1:004E9A56                                        ; start+E5�j UPX1:004E9A56                add     ebx, ebx UPX1:004E9A58                jnz     short loc_4E9A61 UPX1:004E9A5A UPX1:004E9A5A loc_4E9A5A:                            ; CODE XREF: start+D�j UPX1:004E9A5A                mov     ebx, [esi] UPX1:004E9A5C                sub     esi, 0FFFFFFFCh UPX1:004E9A5F                adc     ebx, ebx UPX1:004E9A61 UPX1:004E9A61 loc_4E9A61:                            ; CODE XREF: start+18�j UPX1:004E9A61                jb      short loc_4E9A50 UPX1:004E9A63                mov     eax, 1 UPX1:004E9A68 UPX1:004E9A68 loc_4E9A68:                            ; CODE XREF: start+52�j UPX1:004E9A68                add     ebx, ebx UPX1:004E9A6A                jnz     short loc_4E9A73 UPX1:004E9A6C                mov     ebx, [esi] UPX1:004E9A6E                sub     esi, 0FFFFFFFCh UPX1:004E9A71                adc     ebx, ebx UPX1:004E9A73 UPX1:004E9A73 loc_4E9A73:                            ; CODE XREF: start+2A�j UPX1:004E9A73                adc     eax, eax UPX1:004E9A75                add     ebx, ebx UPX1:004E9A77                jnb     short loc_4E9A84 UPX1:004E9A79                jnz     short loc_4E9AA3 UPX1:004E9A7B                mov     ebx, [esi] UPX1:004E9A7D                sub     esi, 0FFFFFFFCh UPX1:004E9A80                adc     ebx, ebx UPX1:004E9A82                jb      short loc_4E9AA3 UPX1:004E9A84 UPX1:004E9A84 loc_4E9A84:                            ; CODE XREF: start+37�j UPX1:004E9A84                dec     eax UPX1:004E9A85                add     ebx, ebx UPX1:004E9A87                jnz     short loc_4E9A90 UPX1:004E9A89                mov     ebx, [esi] UPX1:004E9A8B                sub     esi, 0FFFFFFFCh UPX1:004E9A8E                adc     ebx, ebx UPX1:004E9A90 UPX1:004E9A90 loc_4E9A90:                            ; CODE XREF: start+47�j UPX1:004E9A90                adc     eax, eax UPX1:004E9A92                jmp     short loc_4E9A68 UPX1:004E9A94 ; --- UPX1:004E9A94 UPX1:004E9A94 loc_4E9A94:                            ; CODE XREF: start:loc_4E9AC6�j UPX1:004E9A94                                        ; start:loc_4E9AD4�j UPX1:004E9A94                add     ebx, ebx UPX1:004E9A96                jnz     short loc_4E9A9F UPX1:004E9A98                mov     ebx, [esi] UPX1:004E9A9A                sub     esi, 0FFFFFFFCh UPX1:004E9A9D                adc     ebx, ebx UPX1:004E9A9F UPX1:004E9A9F loc_4E9A9F:                            ; CODE XREF: start+56�j UPX1:004E9A9F                adc     ecx, ecx UPX1:004E9AA1                jmp     short loc_4E9AF5 UPX1:004E9AA3 ; --- UPX1:004E9AA3 UPX1:004E9AA3 loc_4E9AA3:                            ; CODE XREF: start+39�j UPX1:004E9AA3                                        ; start+42�j UPX1:004E9AA3                xor     ecx, ecx UPX1:004E9AA5                sub     eax, 3 UPX1:004E9AA8                jb      short loc_4E9ABB UPX1:004E9AAA                shl     eax, 8 UPX1:004E9AAD                mov     al, [esi] UPX1:004E9AAF                inc     esi UPX1:004E9AB0                xor     eax, 0FFFFFFFFh UPX1:004E9AB3                jz      short loc_4E9B2A UPX1:004E9AB5                sar     eax, 1 UPX1:004E9AB7                mov     ebp, eax UPX1:004E9AB9                jmp     short loc_4E9AC6 UPX1:004E9ABB ; --- UPX1:004E9ABB UPX1:004E9ABB loc_4E9ABB:                            ; CODE XREF: start+68�j UPX1:004E9ABB                add     ebx, ebx UPX1:004E9ABD                jnz     short loc_4E9AC6 UPX1:004E9ABF                mov     ebx, [esi] UPX1:004E9AC1                sub     esi, 0FFFFFFFCh UPX1:004E9AC4                adc     ebx, ebx UPX1:004E9AC6 UPX1:004E9AC6 loc_4E9AC6:                            ; CODE XREF: start+79�j UPX1:004E9AC6                                        ; start+7D�j UPX1:004E9AC6                jb      short loc_4E9A94 UPX1:004E9AC8                inc     ecx UPX1:004E9AC9                add     ebx, ebx UPX1:004E9ACB                jnz     short loc_4E9AD4 UPX1:004E9ACD                mov     ebx, [esi] UPX1:004E9ACF                sub     esi, 0FFFFFFFCh UPX1:004E9AD2                adc     ebx, ebx UPX1:004E9AD4 UPX1:004E9AD4 loc_4E9AD4:                            ; CODE XREF: start+8B�j UPX1:004E9AD4                jb      short loc_4E9A94 UPX1:004E9AD6 UPX1:004E9AD6 loc_4E9AD6:                            ; CODE XREF: start+A5�j UPX1:004E9AD6                                        ; start+B0�j UPX1:004E9AD6                add     ebx, ebx UPX1:004E9AD8                jnz     short loc_4E9AE1 UPX1:004E9ADA                mov     ebx, [esi] UPX1:004E9ADC                sub     esi, 0FFFFFFFCh UPX1:004E9ADF                adc     ebx, ebx UPX1:004E9AE1 UPX1:004E9AE1 loc_4E9AE1:                            ; CODE XREF: start+98�j UPX1:004E9AE1                adc     ecx, ecx UPX1:004E9AE3                add     ebx, ebx UPX1:004E9AE5                jnb     short loc_4E9AD6 UPX1:004E9AE7                jnz     short loc_4E9AF2 UPX1:004E9AE9                mov     ebx, [esi] UPX1:004E9AEB                sub     esi, 0FFFFFFFCh UPX1:004E9AEE                adc     ebx, ebx UPX1:004E9AF0                jnb     short loc_4E9AD6 UPX1:004E9AF2 UPX1:004E9AF2 loc_4E9AF2:                            ; CODE XREF: start+A7�j UPX1:004E9AF2                add     ecx, 2 UPX1:004E9AF5 UPX1:004E9AF5 loc_4E9AF5:                            ; CODE XREF: start+61�j UPX1:004E9AF5                cmp     ebp, 0FFFFFB00h UPX1:004E9AFB                adc     ecx, 2 UPX1:004E9AFE                lea     edx, [edi+ebp] UPX1:004E9B01                cmp     ebp, 0FFFFFFFCh UPX1:004E9B04                jbe     short loc_4E9B14 UPX1:004E9B06 UPX1:004E9B06 loc_4E9B06:                            ; CODE XREF: start+CD�j UPX1:004E9B06                mov     al, [edx] UPX1:004E9B08                inc     edx UPX1:004E9B09                mov     [edi], al UPX1:004E9B0B                 inc     edi UPX1:004E9B0C                dec     ecx UPX1:004E9B0D                jnz     short loc_4E9B06 UPX1:004E9B0F                jmp     loc_4E9A56 UPX1:004E9B14 ; --- UPX1:004E9B14 UPX1:004E9B14 loc_4E9B14:                            ; CODE XREF: start+C4�j UPX1:004E9B14                                        ; start+E1�j UPX1:004E9B14                mov     eax, [edx] UPX1:004E9B16                add     edx, 4 UPX1:004E9B19                mov     [edi], eax UPX1:004E9B1B                add     edi, 4 UPX1:004E9B1E                sub     ecx, 4 UPX1:004E9B21                ja      short loc_4E9B14 UPX1:004E9B23                add     edi, ecx UPX1:004E9B25                jmp     loc_4E9A56 UPX1:004E9B2A ; --- UPX1:004E9B2A UPX1:004E9B2A loc_4E9B2A:                            ; CODE XREF: start+73�j UPX1:004E9B2A                pop     esi UPX1:004E9B2B                mov     edi, esi UPX1:004E9B2D                mov     ecx, 0F1h UPX1:004E9B32 UPX1:004E9B32 loc_4E9B32:                            ; CODE XREF: start+F9�j UPX1:004E9B32                                        ; start+FE�j UPX1:004E9B32                mov     al, [edi] UPX1:004E9B34                inc     edi UPX1:004E9B35                sub     al, 0E8h UPX1:004E9B37 UPX1:004E9B37 loc_4E9B37:                            ; CODE XREF: start+11C�j UPX1:004E9B37                cmp     al, 1 UPX1:004E9B39                ja      short loc_4E9B32 UPX1:004E9B3B                cmp     byte ptr [edi], 1 UPX1:004E9B3E                jnz     short loc_4E9B32 UPX1:004E9B40                mov     eax, [edi] UPX1:004E9B42                mov     bl, [edi+4] UPX1:004E9B45                shr     ax, 8 UPX1:004E9B49                rol     eax, 10h UPX1:004E9B4C                xchg    al, ah UPX1:004E9B4E                 sub     eax, edi UPX1:004E9B50                sub     bl, 0E8h UPX1:004E9B53                add     eax, esi UPX1:004E9B55                mov     [edi], eax UPX1:004E9B57                add     edi, 5 UPX1:004E9B5A                mov     al, bl UPX1:004E9B5C                 loop    loc_4E9B37 UPX1:004E9B5E                lea     edi, [esi+0E7000h] UPX1:004E9B64 UPX1:004E9B64 loc_4E9B64:                            ; CODE XREF: start+146�j UPX1:004E9B64                mov     eax, [edi] UPX1:004E9B66                or      eax, eax UPX1:004E9B68                jz      short loc_4E9BA6 UPX1:004E9B6A                mov     ebx, [edi+4] UPX1:004E9B6D                lea     eax, [eax+esi+0EA164h] UPX1:004E9B74                add     ebx, esi UPX1:004E9B76                push    eax UPX1:004E9B77                add     edi, 8 UPX1:004E9B7A                call    dword ptr [esi+0EA1C8h] UPX1:004E9B80                xchg    eax, ebp UPX1:004E9B81 UPX1:004E9B81 loc_4E9B81:                            ; CODE XREF: start+15E�j UPX1:004E9B81                mov     al, [edi] UPX1:004E9B83                inc     edi UPX1:004E9B84                or      al, al UPX1:004E9B86                 jz      short loc_4E9B64 UPX1:004E9B88                mov     ecx, edi UPX1:004E9B8A                push    edi UPX1:004E9B8B                dec     eax UPX1:004E9B8C                repne scasb UPX1:004E9B8E                push    ebp UPX1:004E9B8F                call    dword ptr [esi+0EA1CCh] UPX1:004E9B95                or      eax, eax UPX1:004E9B97                jz      short loc_4E9BA0 UPX1:004E9B99                mov     [ebx], eax UPX1:004E9B9B                add     ebx, 4 UPX1:004E9B9E                jmp     short loc_4E9B81 UPX1:004E9BA0 ; --- UPX1:004E9BA0 UPX1:004E9BA0 loc_4E9BA0:                            ; CODE XREF: start+157�j UPX1:004E9BA0                call    dword ptr [esi+0EA1DCh] UPX1:004E9BA6 UPX1:004E9BA6 loc_4E9BA6:                            ; CODE XREF: start+128�j UPX1:004E9BA6                mov     ebp, [esi+0EA1D0h] UPX1:004E9BAC                lea     edi, [esi-1000h] UPX1:004E9BB2                mov     ebx, 1000h UPX1:004E9BB7                push    eax UPX1:004E9BB8                push    esp UPX1:004E9BB9                push    4 UPX1:004E9BBB                push    ebx UPX1:004E9BBC                push    edi UPX1:004E9BBD                call    ebp UPX1:004E9BBF                lea     eax, [edi+19Fh] UPX1:004E9BC5                and     byte ptr [eax], 7Fh UPX1:004E9BC8                and     byte ptr [eax+28h], 7Fh UPX1:004E9BCC                pop     eax UPX1:004E9BCD                push    eax UPX1:004E9BCE                push    esp UPX1:004E9BCF                push    eax UPX1:004E9BD0                push    ebx UPX1:004E9BD1                push    edi UPX1:004E9BD2                call    ebp UPX1:004E9BD4                pop     eax UPX1:004E9BD5                popa UPX1:004E9BD6                lea     eax, [esp+2Ch+var_AC] UPX1:004E9BDA UPX1:004E9BDA loc_4E9BDA:                            ; CODE XREF: start+19E�j UPX1:004E9BDA                push    0 UPX1:004E9BDC                cmp     esp, eax UPX1:004E9BDE                jnz     short loc_4E9BDA UPX1:004E9BE0                sub     esp, 0FFFFFF80h UPX1:004E9BE3                jmp     near ptr dword_401240 UPX1:004E9BE3 start          endp UPX1:004E9BE3 UPX1:004E9BE3 ; --- UPX1:004E9BE8                dd 6 dup(0) UPX1:004E9C00                dd 100h dup(?) UPX1:004E9C00 UPX1           ends UPX1:004E9C00 UPX1:004E9C00 UPX1:004E9C00                end start
 * --MaybachMan 17:37, 3 August 2010 (UTC)