A modern Music Player Daemon based on Rockbox open source high quality audio player
tsiry-sandratraina.com
libadwaita
audio
rust
zig
deno
mpris
rockbox
mpd
1bin2note
2--------
3
4bin2note implements the buffer overflow exploit documented here:
5
6http://l4n.clustur.com/index.php/Nano2G_getting_exec
7
8
9It is used to turn a blob of ARM code into an iPod notes file. This
10ARM code will then be executed on the iPod.
11
12It is known to work on the 2nd generation Nano.
13
14
15The Makefile contains rules for compiling an ARM assembler file
16"test.S" into a notes file "test.htm". Just put test.S in this
17directory and type "make test.htm".
18
19
20How it works
21------------
22
23When the Apple firmware boots, it scans the Notes folder and loads
24each note in turn in order to check its content.
25
26When it reaches our specially crafted note, a buffer overflows onto
27the stack, writing the entry point of our code over the top of an
28existing return address.
29
30This entry point was determined by "stooo1" as part of the
31"linux4nano" investigations into the Nano 2G. He managed to attach a
32JTAG debugger to his Nano 2G and dump the RAM after a notes file was
33loaded.
34
35Only certain return addresses can be used, as it is converted
36internally to utf-8. Hence we are currently using the address of the
37last instruction in the buffer, which is a branch back to our real
38entry point.
39
40You also need to ensure that there are no more than 64KB of notes in
41your Notes folder.