0bj3ct1veC / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

rc.boot file?? #83

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hello Jean,
do the tools use the default rc.boot file that msftguy's tool use?
or do the protection tools generate their own?

The reason I ask is, if I look at the mounted dmg (myramdisk.dmg) the rc.boot 
file seems to be encrypted. So I am unable to determine what is contained in 
the file.

However, if I mount the dmg file that msftguy's tools generate 
(038-5512-003.dmg) I am able to view the rc.boot file as a plain text file.

Thank You!
frank

Original issue reported on code.google.com by frankmar...@gmail.com on 15 Nov 2012 at 8:06

GoogleCodeExporter commented 9 years ago
The ramdisk is built by replacing the restored_external daemon on a stock Apple 
ramdisk.
The regular boot process on Apple ramdisk is /sbin/launchd -> /etc/rc.boot -> 
/usr/local/bin/restored_external. The default /etc/rc.boot is actually a mach-o 
binary that tries to execute the following binaries until one of them is found:
"/usr/local/bin/restored_external"
"/usr/local/bin/restored_update"
"/usr/local/bin/restored"
"/usr/libexec/ramrod/ramrod"

msftguy ssh ramdisk uses a different approach, where it replaces rc.boot with a 
shell script that runs sshd, and then starts Apple restore daemon (see 
https://github.com/msftguy/ssh-rd/commit/3fcb8e44512f3a1dd76dbb75566a6b35fd95812
9)

You can see the source of our custom restored_external on the repository:
http://code.google.com/p/iphone-dataprotection/source/browse/ramdisk_tools/resto
red_external.c
It replicates functionalities from Apple restored (start usbmux, disable 
watchdog), starts sshd and then listens on port 1999 for commands from the 
python scripts.

Original comment by jean.sig...@gmail.com on 20 Nov 2012 at 9:22

GoogleCodeExporter commented 9 years ago

Original comment by jean.sig...@gmail.com on 26 Jan 2013 at 10:55