sitay1
commented
4 years ago Did it worked for you?
Open minacrissdev opened 4 years ago
sitay1
commented
4 years ago Did it worked for you?
ash1n2
commented
3 years ago Hello.
I have a question.
I cannot write memory at address 0x1000079DC.
I tried to using GDB and BONOBO cable.
(gdb) target remote :3333 Remote debugging using :3333 warning: No executable has been specified and target does not support determining executable automatically. Try using the "file" command. 0x0000000100000568 in ?? () (gdb) x/10x 0x1000079DC 0x1000079dc: 0x528000a8 0xb9000028 0xb900007f 0x320003e8 0x1000079ec: 0xaa0803e0 0xd65f03c0 0xffffffb8 0xffffffac 0x1000079fc: 0xffffffc0 0xffffffd0 (gdb) set 0x1000079DC=0x00000061 Cannot access memory at address 0x1000079dc (gdb) x/10x 0x1000079DC 0x1000079dc: 0x528000a8 0xb9000028 0xb900007f 0x320003e8 0x1000079ec: 0xaa0803e0 0xd65f03c0 0xffffffb8 0xffffffac 0x1000079fc: 0xffffffc0 0xffffffd0 (gdb) x/10x 0x180018000 0x180018000: 0xd5034fdf 0xaa0003fd 0xaa0103fc 0x58001820 0x180018010: 0x58001841 0xd50b7420 0x91010000 0xeb01001f 0x180018020: 0x54ffffa3 0x580017e0 (gdb) set 0x180018000=0x00000061 (gdb) x/10x 0x180018000 0x180018000: 0x00000061 0xaa0003fd 0xaa0103fc 0x58001820 0x180018010: 0x58001841 0xd50b7420 0x91010000 0xeb01001f 0x180018020: 0x54ffffa3 0x580017e0 (gdb)
so I tried another way. It was successful.
m.insert(pair<uint64_t, vector
}));
iphone.ecore0 arp_halt iphone.ecore0 cluster 0 core 0 multi core target halted in AArch64 state due to debug-request, current mode: EL1T cpsr: 0x800002c4 pc: 0x100000568 MMU: enabled, D-Cache: enabled, I-Cache: enabled iphone.ecore0 mdw 0x180000000 4 0x180000000: ffffff61 ffffffff 00000000 00000000
However, The iPhone X reboot occurred when the below code was executed.
m.insert(pair<uint64_t, vector
}));
How can I write patch-code on 8015 ?
try to create t8015 loader
return [ // Patch to boot iBoot 0x1000079DC: [ 0x68, 0x00, 0x80, 0x52 ], // movz w8, #0x3