winpwn is released!
May 7, 2008
It can be downloaded from here
“winpwn quote”
” Winpwn
Winpwn is written in C# and C. The UI is done in C# and provides a wrapper for QEMU, which boots a stripped down Linux kernel and uses initramfs to store all the utils in memory.
Ipwner
When you click Ipwner, QEMU is started and iBoot is extracted from the IPSW file and passed to QEMU as a disk drive. A binary structure is passed and as well as a copy of the ramdisk that will boot and pwn your device. Once QEMU starts it loads the winpwn binary using initramfs and reads the binary structure for instructions on what to do. It then mounts the ramdisk and patches iBoot. Once this is done, it reboots and winpwn will boot the ramdisk.
IPSW Builder
By far the most complex (and pain in my ass part) is the IPSW builder. To understand why you first need to know that the file system format that Apple uses isn’t compatible with Windows. This is the main reason i used QEMU for the initial release (it will be replaced later on with real HFS support). Once a user has selected the apps they want and to unlock, QEMU is booted. This time QEMU is given the IPSW file, binary structure, a blank ext2 file system for storage. Once winpwn is launched it reads the binary structure and starts to patch the ipsw files depending on the options selected by the user.
Messages are passed to winpwn from QEMU via a serial connection. This enables me to update the process bar and also allows for messages about what’s happening inside the QEMU process.
I will post more detailed information about the process in the next few days. This will be released under GPL as soon as the final version has been released.”
