grp
commented
14 years ago You gotta dump it from /dev/kmem on a jailbroken iPhone 4.
Closed alibasta closed 14 years ago
grp
commented
14 years ago You gotta dump it from /dev/kmem on a jailbroken iPhone 4.
alibasta
commented
14 years ago Thank you for your answer, but if I make a "dd if=/dev/kmem" on the device I receive the following error:
dd: reading `/dev/kmem': Bad address 0+0 records in 0+0 records out 0 bytes (0 B) copied, 0.000595 s, 0.0 kB/s
Can you send me the correct dd-call?
Tank you!
comex
commented
14 years ago chpwn: no, iPhone2,1 is a 3GS.
On the 3GS we have keys, so the best way is probably to decrypt it:
Download the ipsw from http://www.felixbruns.de/iPod/firmware/; extract the encrypted kernelcache from it; google for the appropriate keys; and use xpwntool to decrypt it. ("xpwntool kernelcache-whatever kern -iv whatever -k whatever")
However, if you do want to use a kmem dump, note that the first byte (c0000000 or 80000000) is inaccessible for whatever reason.
grp
commented
14 years ago comex: oops :(
fmauNeko
commented
14 years ago Just use the included config/ipsw.py :)
comex
commented
14 years ago Or that, I forgot about it. :p
truehybridx
commented
14 years ago ok i got ipsw.py to work wonderfully..... now after i do configure.py and make i get loads of errors, where am i suppose to copy headers from and too?
grp
commented
14 years ago read the description
Hi,
I'm trying to run the configure script and already copied the cache and launchd-files to the bs/iPhone2,1_4.0.1 folder. But where can I find the decrypted kernel to copy it to this folder?
Can you please help me?
Thanks!