I’m sure many other hackers and tinkerers like me are wondering how the iPhone 4 Jailbreak (released yesterday) was accomplished.  Furthermore, I feel that people are most interested in how this exploit could be maliciously used against NON-JAILBROKEN iPhone users.  I’m spreading this information with the hopes that the exploit will be promptly patched — as you will recall, with one of the original iOS jailbreaks (version 1.1.1, I believe), the jailbreakers actually took the liberty of patching the jailbreak exploit after the jailbreak was performed.  This jailbreak was also accomplished through Safari, and the way it handled .TIFF files.

Now, on to the dirty stuff…

@chpwn has explained that @comex uses the CFF font stack overflow to jailbreak, which is essentially a font file placed in a FlateDecode stream.

If you copy jailbreakme.com to a local server, you can dissect the small web-app and see how it works.  Essentially, the site checks for your device’s user-agent, and loads the correct PDF file for the exploit from http://www.jailbreakme.com/_/ through the Javascript function new Image()

One can then open the PDF files with a hex editor, and examine them more closely.  The jailbreak uses a FlateDecode stream (which allows any data, including plain-text, to be compressed with zlib and inserted into a PDF) to load a font file which in turn causes a stack overflow:

If you decode the FlateDecode stream with GhostView, you can see the actual code used to perform the jailbreak.  I’ve highlighted a line that should be familiar if you’ve visited jailbreakme.com on your iOS device recently.

Having recently upgraded to the iPhone 4 from last week’s now-obsolete model, the 3GS, I felt I should take some time to review it for my followers and others.

First, I’ll cover some of Apple’s touted features added to this new product, since Jobs himself claims, “iPhone 4 is the biggest leap since the original iPhone”.

• FaceTime: A much-desired feature, finally added!  Video chats…yes, they work.  Though not up to par with Skype, or even an AIM-based video chat, the quality and clarity of picture and sound is pretty darn good.  Unfortunately, the biggest downfall to this feature is currently the iPhone 4 to iPhone 4 only limitation.  Furthermore, Apple hasn’t allowed any App Store apps to take advantage of the feature, save for Fring.  To make matters even worse, you also have to be on a Wifi network to use FaceTime, so this begs the question: if you already have a video-chat enabled laptop or desktop in the home, what’s the sense in using the iPhone?  Of course, if and when AT&T allows FaceTime over their 3G network, these issues will get put to rest.
• Retina Display: This is perhaps the single best new feature on the iPhone 4.  This display is so sharp that it’s honestly difficult to describe without actually seeing it in person.  Holding it next to the 3GS iPhone makes the 3GS (excellent) screen look just abysmal.  With four times the pixel density of the previous iPhones, text and images are now infinitely easier on the eyes, and there is a whole new level of sharpness and brilliance to the display.  Please, if you haven’t seen this, check it out in person…
• Camera & Flash: Sporting a new, 5-megapixel camera that can record 720p HD video, the iPhone aims to consolidate more of your devices into one — this time the aim is your point-and-shoot camera.  For me, this new camera with LED flash is a much appreciated upgrade.  Photograph clarity is increased significantly — if you don’t believe me, just check out this thread.  The night-time quality isn’t great, but is definitely improved over the nonexistent flash of the past.  Also, the flash is EXTREMELY bright, and makes an excellent flashlight.

My personal experience with the phone has been good overall, but has been severely swayed by the obtrusive problem with the antenna design.  As you may know, the entire metal band around the outside of the phone is actually the antenna.  As reported by many others, the phone does indeed lose reception dramatically if gripped firmly with a hand around the lower section.  This is much more noticeable in low-signal areas, but I have seen it happen when the phone was reporting 5/5 bar signal strength.  Since Apple has offered free cases I plan to update my review when it arrives.  For now, I would recommend it based on the features, but be warned if you live in a low-signal area like me!

While the build quality of this device is unsurpassed, this may be a case where functionality was sacrificed for design.  I can’t rave enough about the slick UI, fast responsiveness to touch inputs, extremely fast browsing speeds, quick app-to-app switching, but simply not being able to place a call in my own office is very frustrating.  One other small note — this phone doesn’t feel as solid in the hand as the 2G and 3G/S models did…in fact, the glass is extremely slippery — if you set it on a curved surface it will slowly slide down it and crash to the floor.

I rate it a 3.5/5, until my bumper case arrives.

Hi all, and happy new year!

This guide will cover all of the basics you need to set up a WordPress Blog on your website. You can actually set up a WordPress account for free at the official WordPress Website, or, for more control, you can download XAMPP for Windows or MAMP for Mac OS X and perform all of these same steps locally. This is especially useful for creating sandbox environments when developing new sites and applications. For the purposes of this tutorial, I’ll be using screenshots of Mac OS X 10.6 and MAMP 1.8.3. (more…)

Charles Ying over at satine.org developed this amazing little web app using draft CSS3 code. Its modern, simplistic design mimics that of a flash-based gallery. The app is very simple at its core, allowing a programmer to easily define which photos to load using XML. The impending death of Flash seems to keep closing in — you will be astonished that this gallery only uses CSS and some Javascript.

Click here to see my implementation of SnowStack. I’ve modified his source code and used it to pull from our Flickr photostream. Mac OS X 10.5 or 10.6 and Safari 4 are required for the effects to work properly — iPhones and iPod Touches with OS 3.0 and newer also work!. Sorry Windows users and late OS X adopters!

Check out Charles’ blog post for more info!