IPod crash seen with FreeBSD only

Garrett Cooper yanegomi at gmail.com
Wed Jul 18 22:03:59 UTC 2012


On Wed, Jul 18, 2012 at 2:22 PM, Hans Petter Selasky <hselasky at c2i.net> wrote:
> Hi,
>
> I have one of those locked down silvery IPod's, and wanted to try out gnupod
> to get some MP3's transferred to the device. I made it once, but then my luck
> ended :-) Anyway I found what looks like a remote crash vulnerability in the
> IPod firmware. How to make it crash:
>
> 1) Plug USB cable and wait for /dev/daX device to appear.
> 2) mount -t msdosfs /dev/daX /mnt
> 3) rm -rf /mnt/*
> 4) umount /mnt
> 5) Now unplug the USB cable and wait for the device to boot into menu mode.
> Don't press any keys.
> 6) Then plug the USB cable again into the PC/Lapop running FreeBSD 8/9.
>
> 7) Observation: The device goes into an infinite reboot loop until the USB
> cable is unplugged.
>
> 8) How to recover your device:
> 9) Add this quirk:
>
> usbconfig add_dev_quirk_vplh 0x05ac 0x1262 0 65535 UQ_MSC_NO_SYNC_CACHE
>                              ^^ vendor ^^ product
>
> Please write down the iProduct and iVendor before testing this, else you will
> have to plug your device into a Linux/Mac box to get it back. You can do this
> by running the following command before executing any of the steps above:
>
> usbconfig -d X.Y dump_device_desc
>
> 10) Plug your device.
> 11) /dev/daX should appear again :-) Puuuuhhh :-)
>
> This is the dmesg you see when the device is crashing.
>
> usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
> usbd_req_re_enumerate: addr=3, set address failed! (USB_ERR_STALLED, ignored)
> usb_alloc_device: Failure selecting configuration index 0:USB_ERR_STALLED,
> port 2, addr 3 (ignored)
> ugen7.3: <Apple Inc.> at usbus7
> ugen7.3: <Apple Inc.> at usbus7 (disconnected)
>
> If Apple could explain this, would be great! I believe some Apple people are
> hanging around on these lists :-)

    Been meaning to mention this... I run into this regularly as of a
couple months ago with my iPod classic as well (I used to use my
FreeBSD workstation as a "charger" for my iPod).
    I'll provide more details if I get a chance.
Thanks,
-Garrett


More information about the freebsd-current mailing list