Closed alibasta closed 14 years ago
You gotta dump it from /dev/kmem on a jailbroken iPhone 4.
Thank you for your answer, but if I make a "dd if=/dev/kmem" on the device I receive the following error:
dd: reading `/dev/kmem': Bad address 0+0 records in 0+0 records out 0 bytes (0 B) copied, 0.000595 s, 0.0 kB/s
Can you send me the correct dd-call?
Tank you!
chpwn: no, iPhone2,1 is a 3GS.
On the 3GS we have keys, so the best way is probably to decrypt it:
Download the ipsw from http://www.felixbruns.de/iPod/firmware/; extract the encrypted kernelcache from it; google for the appropriate keys; and use xpwntool to decrypt it. ("xpwntool kernelcache-whatever kern -iv whatever -k whatever")
However, if you do want to use a kmem dump, note that the first byte (c0000000 or 80000000) is inaccessible for whatever reason.
comex: oops :(
Just use the included config/ipsw.py :)
Or that, I forgot about it. :p
ok i got ipsw.py to work wonderfully..... now after i do configure.py and make i get loads of errors, where am i suppose to copy headers from and too?
read the description
Hi,
I'm trying to run the configure script and already copied the cache and launchd-files to the bs/iPhone2,1_4.0.1 folder. But where can I find the decrypted kernel to copy it to this folder?
Can you please help me?
Thanks!