Closed GoogleCodeExporter closed 8 years ago
I think I got passed the bad instruction errors by changing the default
compiler in the Makefile: arm-elf-gcc (which was 4.1.0) to arm-elf-gcc-4.6.0.
Original comment by jsvankerkwijk@gmail.com
on 24 Jun 2011 at 11:44
perfect, thx a bunch!
Original comment by volksp...@gmail.com
on 24 Jun 2011 at 1:50
do you still have the issue with tetherboot ? does the device screen turns
white ?
Also, can you post the errors for the ramdisk tools that do not compile ? thanks
Original comment by jean.sig...@gmail.com
on 25 Jun 2011 at 9:53
>>do you still have the issue with tetherboot ? does the device screen turns
white ?
When using the "old" payload binary you provided I don't get to the white
screen, that's where it exits.
I have still been not able to build the new payload. In Makefile I have been
editing
CC = $(CROSS)gcc
to
CC = $(CROSS)gcc-4.6.0
and got passed the bad instruction errors. But the final step failed with:
arm-elf-gcc-4.6.0 -c entry.S -o entry.o -I././include -nostdlib
-mlittle-endian
arm-elf-gcc-4.6.0 -c main.c -o main.o -I././include -nostdlib -mlittle-endian
main.c: In function ‘find_string’:
main.c:34:12: warning: assignment makes integer from pointer without a cast
[enabled by default]
main.c: In function ‘find_kernel_bootargs’:
main.c:42:2: warning: passing argument 1 of ‘find_string’ makes pointer
from integer without a cast [enabled by default]
main.c:28:14: note: expected ‘unsigned char *’ but argument is of type
‘unsigned int’
main.c:42:2: warning: return makes pointer from integer without a cast [enabled
by default]
arm-elf-gcc-4.6.0 -c commands.c -o commands.o -I././include -nostdlib
-mlittle-endian
commands.c: In function ‘find_jump_to’:
commands.c:36:3: warning: passing argument 1 of ‘patch_find’ makes pointer
from integer without a cast [enabled by default]
././include/patch.h:24:16: note: expected ‘unsigned char *’ but argument is
of type ‘unsigned int’
commands.c:39:3: warning: passing argument 1 of ‘patch_find’ makes pointer
from integer without a cast [enabled by default]
././include/patch.h:24:16: note: expected ‘unsigned char *’ but argument is
of type ‘unsigned int’
commands.c: In function ‘cmd_rdboot’:
commands.c:48:55: warning: initialization from incompatible pointer type
[enabled by default]
commands.c:52:3: warning: passing argument 1 of ‘patch_find’ makes pointer
from integer without a cast [enabled by default]
././include/patch.h:24:16: note: expected ‘unsigned char *’ but argument is
of type ‘unsigned int’
commands.c:52:11: warning: assignment from incompatible pointer type [enabled
by default]
commands.c:55:3: warning: passing argument 1 of ‘patch_find’ makes pointer
from integer without a cast [enabled by default]
././include/patch.h:24:16: note: expected ‘unsigned char *’ but argument is
of type ‘unsigned int’
commands.c:55:11: warning: assignment from incompatible pointer type [enabled
by default]
arm-elf-gcc-4.6.0 -c patch.c -o patch.o -I././include -nostdlib
-mlittle-endian
arm-elf-gcc-4.6.0 -o payload.elf entry.o main.o commands.o patch.o -Ttext
0x42F00000 -nostdlib -lc -lm -lgcc
arm-elf-objcopy -O binary payload.elf payload
arm-elf-objcopy: payload.elf: File format not recognized
make: *** [payload.elf] Error 1
error on compiling ramdisk tools following
Original comment by volksp...@gmail.com
on 25 Jun 2011 at 10:23
>>> Also, can you post the errors for the ramdisk tools that do not compile
iPhoneOS4.3.sdk is set in Makefile
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.0.1 -Wall -arch armv6 -isysroot
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/
-I/usr/local/include -framework IOKit -framework CoreFoundation -framework
Security -O3
-F/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/System/L
ibrary/PrivateFrameworks/ -framework IOMobileFramebuffer -framework
CoreGraphics -framework CoreSurface -framework ImageIO -o data_partition
data_partition.c device_info.c IOAESAccelerator.c AppleEffaceableStorage.c
AppleKeyStore.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c bsdcrypto/key_wrap.c
bsdcrypto/rijndael.c util.c IOKit.c registry.c
data_partition.c: In function ‘main’:
data_partition.c:9: warning: initialization discards qualifiers from pointer
target type
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -S data_partition
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.0.1 -Wall -arch armv6 -isysroot
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/
-I/usr/local/include -framework IOKit -framework CoreFoundation -framework
Security -O3
-F/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/System/L
ibrary/PrivateFrameworks/ -framework IOMobileFramebuffer -framework
CoreGraphics -framework CoreSurface -framework ImageIO -o restored_external
restored_external.c device_info.c remote_functions.c plist_server.c
AppleKeyStore.c AppleEffaceableStorage.c IOKit.c IOAESAccelerator.c util.c
registry.c AppleKeyStore_kdf.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c
bsdcrypto/rijndael.c bsdcrypto/key_wrap.c
restored_external.c: In function ‘init_usb’:
restored_external.c:34: warning: implicit declaration of function
‘IOUSBDeviceDescriptionCopyInterfaces’
restored_external.c:34: warning: initialization makes pointer from integer
without a cast
remote_functions.c: In function ‘keybag_get_passcode_key’:
remote_functions.c:148: warning: pointer targets in passing argument 2 of
‘AppleKeyStore_getPasscodeKey’ differ in signedness
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
AppleKeyStore_kdf.c: In function ‘AppleKeyStore_getPasscodeKey’:
AppleKeyStore_kdf.c:31: warning: pointer targets in passing argument 3 of
‘pkcs5_pbkdf2’ differ in signedness
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -Skeystore_device.xml restored_external
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.0.1 -Wall -arch armv6 -isysroot
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/
-I/usr/local/include -framework IOKit -framework CoreFoundation -framework
Security -O3
-F/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/System/L
ibrary/PrivateFrameworks/ -framework IOMobileFramebuffer -framework
CoreGraphics -framework CoreSurface -framework ImageIO -o bruteforce
systemkb_bruteforce.c AppleKeyStore.c AppleEffaceableStorage.c IOKit.c
IOAESAccelerator.c util.c registry.c AppleKeyStore_kdf.c bsdcrypto/pbkdf2.c
bsdcrypto/sha1.c bsdcrypto/rijndael.c bsdcrypto/key_wrap.c image.c device_info.c
systemkb_bruteforce.c: In function ‘saveKeybagInfos’:
systemkb_bruteforce.c:28: warning: implicit declaration of function
‘device_info’
systemkb_bruteforce.c:28: warning: initialization makes pointer from integer
without a cast
systemkb_bruteforce.c: In function ‘main’:
systemkb_bruteforce.c:209: warning: implicit declaration of function
‘AppleKeyStore_getClassKeys’
systemkb_bruteforce.c:209: warning: initialization makes pointer from integer
without a cast
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
AppleKeyStore_kdf.c: In function ‘AppleKeyStore_getPasscodeKey’:
AppleKeyStore_kdf.c:31: warning: pointer targets in passing argument 3 of
‘pkcs5_pbkdf2’ differ in signedness
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of
‘rijndael_decrypt’ differ in signedness
image.c: In function ‘fb_open’:
image.c:10: warning: initialization makes integer from pointer without a cast
image.c:28: warning: implicit declaration of function
‘IOMobileFramebufferOpen’
image.c:29: warning: implicit declaration of function
‘IOMobileFramebufferGetLayerDefaultSurface’
image.c:31: warning: implicit declaration of function
‘CoreSurfaceBufferGetHeight’
image.c:32: warning: implicit declaration of function
‘CoreSurfaceBufferGetWidth’
image.c:33: warning: implicit declaration of function
‘CoreSurfaceBufferGetBytesPerRow’
image.c:35: warning: implicit declaration of function
‘CoreSurfaceBufferLock’
image.c:36: warning: implicit declaration of function
‘CoreSurfaceBufferGetBaseAddress’
image.c:36: warning: assignment makes pointer from integer without a cast
image.c:37: warning: implicit declaration of function
‘CoreSurfaceBufferUnlock’
image.c: In function ‘drawImage’:
image.c:58: warning: pointer targets in passing argument 2 of
‘CFURLCreateFromFileSystemRepresentation’ differ in signedness
image.c:59: warning: implicit declaration of function
‘CGImageSourceCreateWithURL’
image.c:59: warning: initialization makes pointer from integer without a cast
image.c:64: warning: implicit declaration of function
‘CGImageSourceCreateImageAtIndex’
image.c:64: warning: initialization makes pointer from integer without a cast
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -S bruteforce
ldid -Skeystore_device.xml bruteforce
Hope this helps, thanks
Original comment by volksp...@gmail.com
on 25 Jun 2011 at 10:27
i can't reproduce the error with arm-elf-objcopy, can you post the output of
the following commands :
file payload.elf
arm-elf-objcopy --version (mine is 2.21.51.0.9.20110507)
For the ramdisk tools, the warnings are not errors, from what you pasted the
compilation is ok, you should see the restored_external, bruteforce and
data_partition binaries in the source folder.
Also, the cyanide payload is not the cause for the tetherboot error since its
executed after iBSS is initialized (white screen). Can you try pressing the
power button once when you're at the "Waiting 10 seconds for the device to pop
up..." stage after ibss has been uploaded ? thanks
Original comment by jean.sig...@gmail.com
on 25 Jun 2011 at 1:30
>>i can't reproduce the error with arm-elf-objcopy, can you post the output of
the following commands :
file payload.elf
arm-elf-objcopy --version (mine is 2.21.51.0.9.20110507)
My fault, had an outdated arm-elf-objcopy, it's now at 2.21.52.0.2.20110610
payload is compiling - sorry for that.
For the ramdisk tools, the warnings are not errors, from what you pasted the
compilation is ok, you should see the restored_external, bruteforce and
data_partition binaries in the source folder.
They do compile and seem to work. I have been able to create a custom recovery
ramdisk and boot from it with my old crd tools, till I don't get your
tetheredboot/payload working. Ran the python scripts and got some keys/data
including the code lock.
Also, the cyanide payload is not the cause for the tetherboot error since its
executed after iBSS is initialized (white screen). Can you try pressing the
power button once when you're at the "Waiting 10 seconds for the device to pop
up..." stage after ibss has been uploaded ? thanks
Tried that one with the old payload and the new one I just compiled - no go.
Screen stays black, no way getting the white screen. Cause it is doing pretty
much the same my old crd does when booting from the ramdisk, I don't know why.
Anyway, I will play around a bit.
Thanks for your great work, I appreciate it very much.
Original comment by volksp...@gmail.com
on 26 Jun 2011 at 4:06
Original comment by jean.sig...@gmail.com
on 6 Oct 2011 at 6:54
Original issue reported on code.google.com by
volksp...@gmail.com
on 23 Jun 2011 at 8:59