The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Bootx (iBoot command)"
Posixninja (talk | contribs) (added something a little more understandable (IMHO)) |
m (Updating) |
||
(5 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
+ | == Description == |
||
− | == iPhone 3GS 8920x from iBoot-636.66 == |
||
+ | A command found in [[iBEC]], [[iBoot]], and [[iBSS]] that verifies and boots a [[kernelcache]] image which has been uploaded. |
||
− | |||
− | ==Disassembly== |
||
− | <pre> |
||
− | N88AP_iBoot:4FF007E8 n88ap__iBoot__bootx_function ; DATA XREF: N88AP_iBoot:n88ap__iBoot__bootx�o |
||
− | N88AP_iBoot:4FF007E8 |
||
− | N88AP_iBoot:4FF007E8 kernelcache_prepped_memory_pos= -0x10 |
||
− | N88AP_iBoot:4FF007E8 oldR4 = -0xC |
||
− | N88AP_iBoot:4FF007E8 oldR7 = -8 |
||
− | N88AP_iBoot:4FF007E8 oldLR = -4 |
||
− | N88AP_iBoot:4FF007E8 |
||
− | N88AP_iBoot:4FF007E8 000 PUSH {R4,R7,LR} ; Push registers |
||
− | N88AP_iBoot:4FF007EA 00C ADD R7, SP, #4 ; Rd = Op1 + Op2 |
||
− | N88AP_iBoot:4FF007EC 00C SUB SP, SP, #4 ; Rd = Op1 - Op2 |
||
− | N88AP_iBoot:4FF007EE 010 CMP R0, #1 ; Set cond. codes on Op1 - Op2 |
||
− | N88AP_iBoot:4FF007F0 010 MOV R4, R1 ; Rd = Op2 |
||
− | N88AP_iBoot:4FF007F2 010 BLE loc_4FF00808 ; Branch |
||
− | N88AP_iBoot:4FF007F4 010 LDR R1, [R1,#0x24] ; argv[1] |
||
− | N88AP_iBoot:4FF007F6 010 LDR R0, =aHelp ; "help" |
||
− | N88AP_iBoot:4FF007F8 010 BL strcmp ; Branch with Link |
||
− | N88AP_iBoot:4FF007FC 010 CBNZ R0, loc_4FF00808 ; Compare and Branch on Non-Zero |
||
− | N88AP_iBoot:4FF007FE 010 LDR R1, [R4,#0x10] ; param_R1 |
||
− | N88AP_iBoot:4FF00800 010 LDR R0, =aUsageSAddress ; "usage:\n\t%s [<address>]\n" |
||
− | N88AP_iBoot:4FF00802 010 BL N88AP__iBOOT__console_printf ; Branch with Link |
||
− | N88AP_iBoot:4FF00806 010 B loc_4FF0081C ; Branch |
||
− | N88AP_iBoot:4FF00808 ; --------------------------------------------------------------------------- |
||
− | N88AP_iBoot:4FF00808 |
||
− | N88AP_iBoot:4FF00808 loc_4FF00808 ; CODE XREF: n88ap__iBoot__bootx_function+A�j |
||
− | N88AP_iBoot:4FF00808 ; n88ap__iBoot__bootx_function+14�j |
||
− | N88AP_iBoot:4FF00808 010 MOV.W R0, #n88ap_ramdisk ; addr |
||
− | N88AP_iBoot:4FF0080C 010 MOV.W R1, #0xF00000 ; size |
||
− | N88AP_iBoot:4FF00810 010 BL check_range ; Branch with Link |
||
− | N88AP_iBoot:4FF00814 010 CBNZ R0, loc_4FF00822 ; Compare and Branch on Non-Zero |
||
− | N88AP_iBoot:4FF00816 010 LDR R0, =aPermissionDenied ; "Permission Denied\n" |
||
− | N88AP_iBoot:4FF00818 010 BL N88AP__iBOOT__console_printf ; Branch with Link |
||
− | N88AP_iBoot:4FF0081C |
||
− | N88AP_iBoot:4FF0081C loc_4FF0081C ; CODE XREF: n88ap__iBoot__bootx_function+1E�j |
||
− | N88AP_iBoot:4FF0081C 010 MOV.W R4, #0xFFFFFFFF ; fail |
||
− | N88AP_iBoot:4FF00820 010 B loc_4FF0085C ; Branch |
||
− | N88AP_iBoot:4FF00822 ; --------------------------------------------------------------------------- |
||
− | N88AP_iBoot:4FF00822 |
||
− | N88AP_iBoot:4FF00822 loc_4FF00822 ; CODE XREF: n88ap__iBoot__bootx_function+2C�j |
||
− | N88AP_iBoot:4FF00822 010 MOV.W R1, #n88ap_ramdisk ; param_R1 |
||
− | N88AP_iBoot:4FF00826 010 LDR R0, =aAttemptingToValidateKernelcache0x08x ; "Attempting to validate kernelcache @ 0x"... |
||
− | N88AP_iBoot:4FF00828 010 BL N88AP__iBOOT__console_printf ; Branch with Link |
||
− | N88AP_iBoot:4FF0082C 010 MOV.W R0, #n88ap_ramdisk ; memoery_pos |
||
− | N88AP_iBoot:4FF00830 010 MOV.W R1, #0xF00000 ; memory_size |
||
− | N88AP_iBoot:4FF00834 010 MOV R2, SP ; Rd = Op2 |
||
− | N88AP_iBoot:4FF00836 010 BL LoadImage_kernelcache_img3 ; Branch with Link |
||
− | N88AP_iBoot:4FF0083A 010 CMP R0, #0 ; Set cond. codes on Op1 - Op2 |
||
− | N88AP_iBoot:4FF0083C 010 MOV R4, R0 ; Rd = Op2 |
||
− | N88AP_iBoot:4FF0083E 010 BGE loc_4FF00848 ; Branch |
||
− | N88AP_iBoot:4FF00840 010 LDR R0, =aErrorLoadingKernelcache ; "error loading kernelcache\n" |
||
− | N88AP_iBoot:4FF00842 010 BL N88AP__iBOOT__console_printf ; Branch with Link |
||
− | N88AP_iBoot:4FF00846 010 B loc_4FF0085C ; Branch |
||
− | N88AP_iBoot:4FF00848 ; --------------------------------------------------------------------------- |
||
− | N88AP_iBoot:4FF00848 |
||
− | N88AP_iBoot:4FF00848 loc_4FF00848 ; CODE XREF: n88ap__iBoot__bootx_function+56�j |
||
− | N88AP_iBoot:4FF00848 010 LDR R1, [SP,#0x10+kernelcache_prepped_memory_pos] ; param_R1 |
||
− | N88AP_iBoot:4FF0084A 010 LDR R0, =aKernelcachePreppedAtAddress0x08x ; "kernelcache prepped at address 0x%08x\n" |
||
− | N88AP_iBoot:4FF0084C 010 BL N88AP__iBOOT__console_printf ; Branch with Link |
||
− | N88AP_iBoot:4FF00850 010 LDR R2, =dword_4FF2DC40 ; Load from Memory |
||
− | N88AP_iBoot:4FF00852 010 MOVS R0, #3 ; Rd = Op2 |
||
− | N88AP_iBoot:4FF00854 010 LDR R1, [SP,#0x10+kernelcache_prepped_memory_pos] ; Load from Memory |
||
− | N88AP_iBoot:4FF00856 010 LDR R2, [R2] ; Load from Memory |
||
− | N88AP_iBoot:4FF00858 010 BL jump_to_addr ; Branch with Link |
||
− | N88AP_iBoot:4FF0085C |
||
− | N88AP_iBoot:4FF0085C loc_4FF0085C ; CODE XREF: n88ap__iBoot__bootx_function+38�j |
||
− | N88AP_iBoot:4FF0085C ; n88ap__iBoot__bootx_function+5E�j |
||
− | N88AP_iBoot:4FF0085C 010 MOV R0, R4 ; Rd = Op2 |
||
− | N88AP_iBoot:4FF0085E 010 SUB.W SP, R7, #4 ; Rd = Op1 - Op2 |
||
− | N88AP_iBoot:4FF00862 010 POP {R4,R7,PC} ; Pop registers |
||
− | N88AP_iBoot:4FF00862 ; End of function n88ap__iBoot__bootx_function |
||
− | N88AP_iBoot:4FF00862 |
||
− | N88AP_iBoot:4FF00862 ; --------------------------------------------------------------------------- |
||
− | N88AP_iBoot:4FF00864 off_4FF00864 DCD aHelp ; DATA XREF: n88ap__iBoot__bootx_function+E�r |
||
− | N88AP_iBoot:4FF00864 ; "help" |
||
− | N88AP_iBoot:4FF00868 ; int off_4FF00868 |
||
− | N88AP_iBoot:4FF00868 off_4FF00868 DCD aUsageSAddress ; DATA XREF: n88ap__iBoot__bootx_function+18�r |
||
− | N88AP_iBoot:4FF00868 ; "usage:\n\t%s [<address>]\n" |
||
− | N88AP_iBoot:4FF0086C ; int off_4FF0086C |
||
− | N88AP_iBoot:4FF0086C off_4FF0086C DCD aPermissionDenied ; DATA XREF: n88ap__iBoot__bootx_function+2E�r |
||
− | N88AP_iBoot:4FF0086C ; "Permission Denied\n" |
||
− | N88AP_iBoot:4FF00870 ; int off_4FF00870 |
||
− | N88AP_iBoot:4FF00870 off_4FF00870 DCD aAttemptingToValidateKernelcache0x08x |
||
− | N88AP_iBoot:4FF00870 ; DATA XREF: n88ap__iBoot__bootx_function+3E�r |
||
− | N88AP_iBoot:4FF00870 ; "Attempting to validate kernelcache @ 0x"... |
||
− | N88AP_iBoot:4FF00874 ; int off_4FF00874 |
||
− | N88AP_iBoot:4FF00874 off_4FF00874 DCD aErrorLoadingKernelcache |
||
− | N88AP_iBoot:4FF00874 ; DATA XREF: n88ap__iBoot__bootx_function+58�r |
||
− | N88AP_iBoot:4FF00874 ; "error loading kernelcache\n" |
||
− | N88AP_iBoot:4FF00878 ; int off_4FF00878 |
||
− | N88AP_iBoot:4FF00878 off_4FF00878 DCD aKernelcachePreppedAtAddress0x08x |
||
− | N88AP_iBoot:4FF00878 ; DATA XREF: n88ap__iBoot__bootx_function+62�r |
||
− | N88AP_iBoot:4FF00878 ; "kernelcache prepped at address 0x%08x\n" |
||
− | N88AP_iBoot:4FF0087C off_4FF0087C DCD dword_4FF2DC40 ; DATA XREF: n88ap__iBoot__bootx_function+68�r |
||
− | </pre> |
||
==Decompliation== |
==Decompliation== |
||
+ | ===[[N88AP|iPhone 3GS]] S5L8920x from [[iBoot-636.66]]=== |
||
− | <pre> |
||
− | #define kLoadAddress 0x41000000 |
+ | #define kLoadAddress 0x41000000 |
− | #define kKernelMaxSize 0xF00000 |
+ | #define kKernelMaxSize 0xF00000 |
+ | |||
− | |||
+ | char** gBootArgs; |
||
− | int cmd_bootx(int argv, CmdArg* argv) { |
||
+ | |||
+ | int cmd_bootx(int argc, [[CmdArg]]* argv) { |
||
void* address = NULL; |
void* address = NULL; |
||
if(argc > 1 && !strcmp("help", argv[1].string)) { |
if(argc > 1 && !strcmp("help", argv[1].string)) { |
||
Line 125: | Line 32: | ||
return err; |
return err; |
||
− | } |
+ | } |
− | </pre> |
Latest revision as of 08:37, 13 October 2015
Description
A command found in iBEC, iBoot, and iBSS that verifies and boots a kernelcache image which has been uploaded.
Decompliation
iPhone 3GS S5L8920x from iBoot-636.66
#define kLoadAddress 0x41000000 #define kKernelMaxSize 0xF00000 char** gBootArgs; int cmd_bootx(int argc, CmdArg* argv) { void* address = NULL; if(argc > 1 && !strcmp("help", argv[1].string)) { printf("usage:\n\t%s [<address>]\n", argv[0].string); return -1; } if(range_check(kLoadAddress, kKernelMaxSize) < 0) { printf("Permission Denied\n"); return -1; } printf("Attempting to validate kernelcache @ 0x%08x\n", kLoadAddress); int err = load_macho_image(kLoadAddress, kKernelMaxSize, &address) if(err >= 0) { printf("kernelcache prepped at address 0x%08x\n", address); jump_to(3, address, gBootArgs); } else { printf("error loading kernelcache\n"); } return err; }