Pwnage

Good news — no pwnage found! No breached accounts and no pastes (subscribe to search sensitive breaches) 3 Steps to better security. Start using 1Password.com. Step 1 Protect yourself using 1Password to generate and save strong passwords for each website. (General Sporting Terms) (tr) slang (esp in online gaming) to defeat (an opponent) in conclusive and humiliating fashion C21: altered from own Collins English Dictionary – Complete and Unabridged, 12th Edition 2014 © HarperCollins Publishers 1991, 1994, 1998, 2000, 2003, 2006, 2007, 2009, 2011, 2014. Pwnage is focused on delivering innovative products, services & experiences for the gaming community. Life's a Game, Pwn it!

  1. Pwnage Ultra Custom Symmetrical
  2. Pwnagetty

This exploit is in the S5L8900 bootrom, thus available in the iPhone, iPod touch, and iPhone 3G. The exploit is that the bootrom doesn't signature check LLB.

  • 2Exploit

Credit

Exploit

S5L8900

Pwnage exploits a bad chain of trust in the boot sequence of the S5L8900 device. The boot sequence includes LLB and iBoot modules which are stored in the device's NOR flash and are typically encrypted (as of 1.1.*). However, they are not signed with RSA signature at that point, because the 8900 container is dropped away before the file is written to NOR. Pwnage exploits this vulnerability.

First, Apple assumes that if something is in NOR, it had necessarily passed through an RSA signature verification, and is therefore authentic Apple code. This is incorrect, because the only mechanism preventing the writing of unauthorized code to the NOR flash is the kernel. The iPhone/iPod touch kernel contains an extension designed specifically to write to NOR, called AppleImage2NORAccess. This extension performs an RSA signature verification on any data it tries to write. The verification itself is performed by the FairPlay extension, which is heavily obfuscated, but neutering the check is very simple. After the check is patched out, anything can be written to the NOR flash.

Second, Apple assumes that disabling the encryption keys in “normal” environment will prevent from writing firmware files to the NOR flash. Luckily, we have found a way to run our code in “secure” environment and use AppleImage2NORAccess extension the same way as Apple does it on restore.

Before iOS 2.0, the NOR was set up in a way that when the firmware images were flashed there, the RSA signatures were dropped along with the rest of the firmware container. So although iBoot signature checked the kernel, LLB did not signature check iBoot, and the VROM did not signature check LLB.

Pwnage starts by booting from a memory device (ramdisk) in “secure” environment to prevent the kernel from disabling encryption keys. Also, we add another memory device, pointed at the kernel's address space, to allow live kernel patching. After booting up, we patch out signature check from AppleImage2NorAccess extention and proceed with flashing our custom firmware files (iBoot, LLB, DeviceTree, and pictures). Because the signature check has been patched out, and encryption keys are available, AppleImage2NORAccess happily writes them to the suitable location in NOR flash. After that, the device can be restarted, and will accept any unsigned 8900 file without complaint.

One specific aspect of the attack that is worth examining more closely is the iBoot patch. iBoot is the last and most complicated bootloader on the devices, and is what actually loads up the kernel with DeviceTree. However, Apple made the decision to keep all the PKE (Public Key Encryption) logic out of iBoot, instead putting it in the secure bootloader. Thus, iBoot actually jumps into the secure bootloader when it wants to verify the authenticity of an 8900 file. This makes it hard to directly patch out the RSA signature verification from iBoot, as it actually occurs in the secure bootloader. Simply killing the jump into the secure bootloader is impossible, as it also fills in other information iBoot needs to proceed.

Because of the tight coupling between the secure bootloader and the higher-level bootloaders, Apple gave us a solution: the secure bootloader often needs to call functions in the higher-level bootloaders, but it has the problem of knowing where to jump, as functions move around in different revisions. To get around this, Apple made thunks out of the function calls, and makes the higher-level bootloaders patch the secure bootloader on the fly (in RAM) with the relevant jump addresses. They just copy the secure bootloader into RAM and blindly apply a list of patches to it. We exploited this pre-existing patching mechanism to patch out the RSA signature verification from secure bootloader.

Post-2.0, images are now written to NOR in a way that one can verify the other, like LLB verifying iBoot, the bootrom cannot be written to, so it still defaults to just reading LLB normally, un-signature checked.

The bootrom has a vulnerability in DFU Mode when processesing iBoot certificates which are on a DER format. It copies all the certificate information onto the stack, but the signature itself is copied without any sort of bounds checking. So then you have classic stack buffer overflow and then you just make the signature checking function return true.

More info.

S5L8720 and on

This exploit has been fixed on the iPod touch (2nd generation) and all devices released after it. The bootrom sigchecks LLB before jumping to it now, and if the LLB is patched, it will default to DFU Mode. The 0x24000 Segment Overflow exploit was later found in the first revisions of the iPod touch (2nd generation) and iPhone 3GSbootroms, allowing the device to be fully jailbroken. It has since been fixed with new bootrom revisions for these devices. Newer devices were never susceptible to the 0x24000 Segment Overflow.

Implementation

Retrieved from 'https://www.theiphonewiki.com/w/index.php?title=Pwnage&oldid=56332'
Pure Pwnage
GenreMockumentary
Comedy
Created byJarett Cale
Geoff Lapaire
StarringJarett Cale
Geoff Lapaire
Joel Gardiner
Country of originCanada
Original languageEnglish
No. of seasons2 (web series)
1 (TV series)
No. of episodes18 (web series)
8 (TV series) (list of episodes)
Production
Executive producersDerek Harvie
Catherine Tait
Ron Mann
ProducersJarett Cale
Geoff Lapaire
Production locationsToronto, Ontario
Running time10–50 minutes (web series)
22 minutes (TV series)
Release
Original networkShowcase (TV series)
Original releaseWeb series: May 11, 2004 – August 23, 2008
Television series: March 12, 2010 – April 30, 2010
External links
Website

Pure Pwnage (pronounced 'pure ownage')[1]was a Canadian Internet-distributedmockumentary series from ROFLMAO Productions. The fictional series purports to chronicle the life and adventures of Jeremy (played by Jarett Cale), a Canadian and self-proclaimed 'pro gamer'. In 2010, an adaptation of the web series began airing on Showcase, a Canadiancable televisionchannel, but the series failed to be picked up for a second season.

Premise[edit]

Pure Pwnage focuses on Jeremy, a skilled e-gamer whose lack of experience at social interaction cause him to become narcissistic and lazy. His brother Kyle creates a documentary of Jeremy's interactions with the gaming and non-gaming world.

Cast[edit]

Episodes[edit]

There are currently eighteen web episodes available to the public and eight TV episodes.

SeasonEpisodesOriginally airedDVD release date
Season premiereSeason finale
Web series
112May 11, 2004November 6, 2006May 23, 2007[2]
26May 4, 2007August 23, 2008N/A
Television series
18March 12, 2010April 30, 2010March 3, 2011[3] (Region 4)
April 16, 2011[4] (Worldwide)

History[edit]

Pure Pwnage was created by Geoff Lapaire and Jarett Cale who also play the show's main protagonists. Originating in 2004, eighteen Internet-distributed episodes of the series have been released to date. In 2007, the series creators estimated their current viewer base to be over three million.[5] The series is filmed primarily in Toronto, Ontario, but has also included scenes filmed in Calgary, Alberta; Montreal, Quebec; Aurora, Ontario; Hamilton, Ontario; and the Netherlands.

During an interview, director Geoff Lapaire (although as 'Kyle'; Lapaire maintained his 'Kyle' identity among fans and media) insisted that all of the characters on the show are not acting.[6] He suggested that the personalities on Pure Pwnage display their true-to-life abilities and eccentricities, and the characters took great pains to maintain that the Pure Pwnage world is simply an extension of the real world. Lapaire has finally admitted that they are in fact actors. The sixth fanchat with the crew was out-of-character, where the fact that the characters within Pure Pwnage are exaggerated versions of the actors was confirmed.

On August 6, 2009, it was announced that a Pure Pwnage TV series had been commissioned by Showcase.[7] Upon the announcement, many members of the Pure Pwnage fan community raised concerns. The main complaints were that the series was only announced to be airing in Canada, and the assumption that it would be changed in order to appeal to viewers not familiar with internet culture. Jarett Cale, who writes the show and plays Jeremy, tried to quell the complaints on the Pure Pwnage forums, saying 'We're doing our best to get it broadcast in the USA, UK, Australia, etc., but it's really up to each country's respective broadcasters. [...] Geoff and I are still the main creative force – we're producers and writers. We've also brought on many new people with experience in traditional television to help us out both story-wise and production-wise. FPS Doug will still be there, and he will still be played by Joel Gardiner.'[8] In response to a user asking if the TV series meant there would be no more web episodes, he said 'Nope, it only means there's a new TV series.'[9]

Despite this, the future of the web series was uncertain. Geoff Lapaire, director of all previous episodes of Pure Pwnage, left the show in September 2008 to focus on the then-unannounced TV series, and Troy Dixon, who played T-Bag in the series, died in a car accident on December 6, 2008.[10] Jarett Cale announced in January 2009 that work on the next web episode had begun, with him as the director, however the episode has not been released.[11]

In a short Livestream cast on March 15, 2010, a user posted a comment regarding the web series and Jarett replied that the web series is back in production and is in progress. He has not given out an ETA.

Pwnage

On January 19, 2011, Jarett made an announcement on the Pure Pwnage forums that the TV series had not been picked up for a second season. Additionally, the web series has been put on indefinite hold. In his own words: 'My hope that Pure Pwnage will see a proper ending to its illustrious web series has nearly vanished. I've let Geoff know that should he be willing at any time to resume some of his traditional, critical roles on the web series I will fly home to Toronto in a heartbeat to help make it happen.'[12]

Pwnage

On September 18, 2012 The Pure Pwnage YouTube channel uploaded a video titled '010100100100010101010100010101010101001001001110' which is a binary encoding of the word 'Return', signalling the return of the Pure Pwnage.

Pure Pwnage Teh Movie[edit]

On September 19, 2012, an official crowd funding campaign was announced to aid in the funding of a Pure Pwnage movie.[13] The $75,000 goal was raised in just over 24 hours, due to overwhelming support from fans all over the world. At the end of the campaign, a total of $211,300 was raised.

On November 22, 2015, the official trailer was released. The movie premiered in Toronto on January 23, 2016 at the Bloor Cinema. Further screenings took place around the US and in the UK.

On May 7, 2016, Pure Pwnage Teh Movie was released for streaming and digital download via Vimeo.

Pwnage_brand

Reception and awards[edit]

Pure Pwnage Teh Movie received the Canadian Comedy Awards 2016 award for best feature film.[14] The film was well-received by general audiences.[15]

Spin-offs[edit]

TV series[edit]

On August 6, 2009, it was announced that a Pure Pwnage TV series had been commissioned by Showcase.[16] The announcement was made in the form of a mini-episode where Kyle tries to convince Jeremy to stop playing on his Nintendo DS Lite and make the announcement. The series had been teased for several months under the name 'Project X'. The TV series premiered on Showcase March 12, 2010, and premiered on Australia's ABC2 on October 4, 2010. According to creator Jarett Cale, the TV series itself takes place in a fictional world within the Pure Pwnage universe (webseries) where Kyle ironically got a TV series, thus explaining the lack of consistency between shows.[17]

Pwnage wireless mouse

Jeremy's Mail Sac[edit]

Pwnage Ultra Custom Symmetrical

Starting in March 2010, the Pure Pwnage website began letting fans send Jeremy questions via e-mail. Jeremy then answered the fan questions in video segments posted on the website titled Jeremy's Mail Sac.

Pro at Cooking[edit]

Starring Dave (Dawei) as himself, Pro at Cooking is a spin-off of Pure Pwnage. A cooking show for gamers with Dave hosting as the main chef. When his female assistants do not perform as expected, Dave constantly fires each one of them usually after every episode. Directed by Davin, it has only aired seven 5- to 10-minute episodes. No other characters from Pure Pwnage, excluding Dave, Davin, and Geoff, appear on the show.

Pure Pwnage: The Comic[edit]

From February 28, 2006 to March 7, 2007, the Pure Pwnage website featured a regularly issued comic, of which a new page was released once every two to three weeks. Apparently set in the 'real world' rather than in the fictional world of Pure Pwnage, the comic breaks most of the fourth wall of the show. For example, Dave said in the show that he was leaving it due to unfinished business in China, the comic claims that the real reason was that he had found a new job in Vancouver.

However, both the show and comic clearly contain elements that are either symbolic representations of reality (for example, pwning an opponent with 'micro balls' as a possible metaphor for pwning them in an actual video game) or are not based in reality whatsoever.

Pure Pwnage: Teh Movie[edit]

In September 2012, series creators Jarett Cale and Geoff Lapaire announced an indiegogo campaign to raise funds for a Pure Pwnage feature-length film. Within 24 hours of the campaign being launched, the project had received their goal of $75,000, and by the end of the campaign, they had reached a total of $211,300. Despite this being a relatively small film budget, Jarett Cale and Geoff Lapaire have said that with their experience of making the web series with an extremely limited amount of funds, they are confident that they would be able to make a quality film shot in countries across the world, mentioning hopes of filming in South Korea. Pre-production began in earnest in early 2013, with weekly twitch.tv livestreams in which Lapaire, Cale, and guests such as Joel Gardiner (fps_doug) and Miranda Plant (Tagi) discuss the film and interact with fans.

The film also featured Ajay Fry as himself, and actors Gwenlyn Cumyn, Thomas Finn, and Alberta Mayne[18]

The film premiered on January 23, 2016, in Toronto, Ontario. Following this, Cale and Lapaire took the film to the road, screening the project around the world in a touring limited release.

On May 7, 2016, Pure Pwnage Teh Movie was released for streaming and digital download on Vimeo.

Notes[edit]

Pwnagetty

  1. ^The word 'pwnage' can be pronounced several different ways. The show's creators pronounce it 'ownage'. Jeremy justifies this pronunciation with the following statements: 'When people say /ˈpoʊn/, they sound like a complete fag, and I'm not cool with being a fag, so I pronounce it /ˈoʊn/.' ''Pwn' was originally a typo of 'own', because the 'P' is near the 'O' on the keyboard. The person is still trying to say 'own'.' [TeamSpeak chat, December 13, 2005].
  2. ^OMFG DVD! – The OFFICIAL Pure Pwnage forumsArchived 2011-07-15 at the Wayback Machine
  3. ^'Archived copy'. Archived from the original on 2012-09-04. Retrieved 2011-05-10.CS1 maint: archived copy as title (link)
  4. ^'Archived copy'. Archived from the original on 2011-04-30. Retrieved 2011-05-09.CS1 maint: archived copy as title (link)
  5. ^Geoff Lapaire. 'The Infancy of Internet Television'. Pure Pwnage. Archived from the original on 2007-12-15. Retrieved 2007-11-17.
  6. ^Starting with Episode 8, the Pure Pwnage cast and crew hold a public TeamSpeak interview soon after the release of each episode, revealing many details about the show and the personalities involved in its creation. The recordings of each episode are linked in a postArchived 2007-09-27 at the Wayback Machine on the forums.
  7. ^https://www.youtube.com/watch?v=tV6cjKxZFOM
  8. ^Cale, Jarett (2009-08-06). 'Pure Pwnage forum post'. ROFLMAO Productions. Archived from the original on June 16, 2010. Retrieved 2009-08-16.
  9. ^Cale, Jarett (2008-08-10). 'Pure Pwnage forum post'. ROFLMAO Productions. Archived from the original on June 16, 2010. Retrieved 2009-08-16.
  10. ^'Pure Pwnage forum post'. ROFLMAO Productions. 2008-12-09. Archived from the original on June 16, 2010. Retrieved 2009-08-16.
  11. ^Cale, Jarett (2009-01-27). 'Pure Pwnage news post'. ROFLMAO Productions. Archived from the original on July 20, 2009. Retrieved 2009-08-16.
  12. ^Cale, Jarett (2011-01-19). 'Pure Pwnage forum post'. ROFLMAO Productions. Archived from the original on September 28, 2011. Retrieved 2020-08-14.
  13. ^http://www.indiegogo.com/purepwnage
  14. ^'Awards | Canadian Comedy Awards'. canadiancomedyawards.org. Archived from the original on 2016-11-04. Retrieved 2016-11-22.
  15. ^Lapaire, Geoff (2016-02-03), Pure Pwnage, retrieved 2016-11-22
  16. ^'Pure Pwnage announcement: 'Project X Revealed''. ROFLMAO Productions. Archived from the original on 2009-08-11. Retrieved 2009-08-16.
  17. ^'Pure Pwnage - Life Of A Pro Gamer'. Retrieved 2010-09-27.
  18. ^Pure Pwnage, retrieved 2020-05-13

External links[edit]

Wikiquote has quotations related to: Pure Pwnage
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Pure_Pwnage&oldid=1024508567'