Kernel-cache issue for iPhone2G with 2.2 (can you help ?)

[GoogleCodeExporter]

     Hi,

     Two days ago I've 'accidentally' deleted the file 
from /System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x 
(note the additional 'x' as compared to the path from iBootCommands.wiki) 
and ended up with a 'iBrick' always booting in recovery mode. As I really 
did not want to loose all my data and customizations via an iTunes 
restore, I started (for a few good long hours) poking around with custom 
IPSWs with no main ramdisk (no result), iBooter (found in the end not to 
work for 2.x) and iPhUC (this was the most used for 'poking' around, 
including some failed restore command, some setenvs, reboots etc.).

     At some point I found out about iRecovery and compiled it on a MAC. 
You can imagine my joy when, after some more poking around, i did an "-f 
kernelcache.s5l8900x" (and yes, this is the kernel cache from the custom 
IPSW that was used in the first place to unlock / jailbreak the 2.2 FW on 
the same phone) and an "-s" with an "bootx" :)

     But ... altough I'm really gratefull for the current state of facts 
(as I have everything back), I am still left with an annoying issue: even 
tough I've SCPed the file back into its location, every poweroff / reboot 
would get me back into recovery mode. Oh, and I must mention that I also 
tried (for the fun of it, silly me) the "mw 0x2201c5e0 0xffffffff" stuff, 
which only worked once, and then I got "Permission Denied" (even when I 
tried to set it back to 0x2C0000). I also poked around printenv / setenv / 
saveenv, but everything 'seems' normal. My (un-educated) guess is that 
fsboot will give a "Permission Denied" at every boot (and I base this on 
the fact that it also gives me one when I try it and based on 
a "Permission Denied" output from iRecovery startup, just 
after "HFSInitPartition: 0x18035650").

     So, can you help me here ?

     Some more (little hints) (maybe not related):
        - for me it seems that the ENV variable '?' may have something to 
do with the permissions / boot flags, but it seems also 'dynamic' 
(changing value during a session)
        - BootNeuter 2.1 freezes after detecting current config (BL 4.6, 
neuter ON, fake blank OFF, unlock ON), but I can not say for sure that it 
did not freeze before my 'quest' also ...

Original issue reported on code.google.com by daniel.o...@gmail.com on 3 Jan 2009 at 11:26

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hi there!

It sounds like you failed at the range check patch. There is a location where 
you
patch it to 1, but you must have somehow patched something a few bytes ahead of 
it to
0. Was there an old wiki page that said to do this? Please let me know if there 
was,
so I can fix it. Anyway, is this a patched iBoot, or a patched iBEC / smthing 
that
you are using? it sounds odd that you are getting "Permission Denied" for fsboot
unless you have impoperly patched the range / permissions check. 

Original comment by will.chr...@gmail.com on 3 Jan 2009 at 6:11

[GoogleCodeExporter]

     Hi,

     Well, you'd probably be surprised about this, but I did not patch anything.
After I saw the problem I did read the wiki page for 22iBSSPatches, but did not 
know
what file needed patching (since I could not find those bytes in the
kernelcache.s5l8900x file, probably because it is either the wrong file to poke 
into
or probably because I did not yet get around the IMG3 format specs). Maybe I 
should
do the patch => what is the file needing the patch ?

     I do not know exactly what I am using, it is an IPSW that I created some time
ago from original iPhone1,1_2.2_5G77_Restore.ipsw by using some tool (probably 
WinPwn
or ZiPhone or something). If needed, I can probably upload some files from 
within it.

Original comment by daniel.o...@gmail.com on 3 Jan 2009 at 8:06

[GoogleCodeExporter]

Hmmm...I am not quite sure what is up with that. I see no reason for fsboot not 
being
allowed to run...

Original comment by will.chr...@gmail.com on 3 Jan 2009 at 10:41

[GoogleCodeExporter]

chat here about the jb
http://xat.com/JB_4_THE_2g_IPT

Original comment by homeygot...@aol.com on 25 Jan 2009 at 6:57

[GoogleCodeExporter]

Original comment by will.chr...@gmail.com on 5 Feb 2009 at 9:57

• Changed state: Invalid