Anton Krisanov
Anton Krisanov
@sitay1 Hi! Can you please explain how you got WRITE_ADDR and WRITE_VALUE in your shell code? Thanks.
I guess that it needs for patching iBoot in memory so it passes -v flag to kernelcache image?
@sitay1 Thanks! So you managed to just boot iPhone 7 by this script, but your shell payload not leading to make verbose boot? Or device not booting at all?
@sitay1 Looks like bootrom just crashes and we see just reboot, not boot "by design". I think so because I've tried .set JUMP_BACK, 0x1800AC000 to create infinite loop but device...
Tested on iPhone 7 iOS 13.0
I guess that we need to add thread.c and thread.h from common folder to usbmuxd.cxproj project.
Any update on this?
I should say that I have iPhone 7 iOS 12.1.2 and sign iBSS and logo by random Ap-Ticket to test signature checks bypass. I've chosen Ap-Ticket for iPhone 7 iOS...
@tihmstar Any idea?