Difference between revisions of "Tutorial:Booting XNU on A4 Devices"

From The iPhone Wiki
Jump to: navigation, search
(Booting the xnu kernel on Apple's A4 devices(+kernel panic))
 
 
(11 intermediate revisions by 7 users not shown)
Line 1: Line 1:
  +
These steps will let you boot XNU on all [[A4]] devices. The tutorial was written for Macs with an iPhone 4 running iOS 6.1.3.
Hello, I am 3x7R00Tripper and in this post I will present how can you boot xnu on all apple a4 devices. <br />
 
  +
I do it with my iPhone 4 iOS 6.1.3 <br />
 
  +
== Instructions ==
You find this post on my website also:
 
  +
First you must install CTF tools etc. Follow [http://shantonu.blogspot.de/2012/07/building-xnu-for-os-x-108-mountain-lion.html these instructions] for 10.8. For 10.9, run these commands in Terminal.
http://3x7r00tripper.com/bootingxnuona4.php
 
  +
$ curl -O http://opensource.apple.com/tarballs/dtrace/dtrace-118.tar.gz
<br />
 
  +
$ curl -O http://opensource.apple.com/tarballs/AvailabilityVersions/AvailabilityVersions-6.tar.gz
First you must install CTF tools etc. <br />
 
  +
$ git clone https://github.com/darwin-on-arm/xnu
I present it with Mavericks and Mounten Lion <br />
 
  +
$ tar zxf dtrace-118.tar.gz
<br />
 
  +
$ cd dtrace-118
Mavericks:
 
  +
$ mkdir -p obj sym dst
$ curl -O http://opensource.apple.com/tarballs/dtrace/dtrace-118.tar.gz <br />
 
  +
$ xcodebuild install -target ctfconvert -target ctfdump -target ctfmerge ARCHS="x86_64" SRCROOT=$PWD OBJROOT=$PWD/obj SYMROOT=$PWD/sym DSTROOT=$PWD/dst
$ curl -O http://opensource.apple.com/tarballs/AvailabilityVersions/AvailabilityVersions-6.tar.gz <br />
 
  +
$ sudo ditto $PWD/dst/usr/local /usr/local
$ curl -O http://opensource.apple.com/tarballs/AvailabilityVersions/AvailabilityVersions-6.tar.gz <br />
 
  +
$ cd ..
$ git clone https://github.com/3x7R00Tripper/xnu <br />
 
$ tar zxf dtrace-118.tar.gz <br />
+
$ tar zxf AvailabilityVersions-6.tar.gz
  +
$ cd AvailabilityVersions-6
$ cd dtrace-118 <br />
 
$ xcodebuild install -target ctfconvert -target ctfdump -target ctfmerge ARCHS="x86_64" SRCROOT=$PWD OBJROOT=$PWD/obj SYMROOT=$PWD/sym DSTROOT=$PWD/dst <br />
+
$ make install SRCROOT=$PWD DSTROOT=$PWD/dst
$ sudo ditto $PWD/dst/usr/local /usr/local <br />
+
$ sudo ditto $PWD/dst/usr/local `xcrun -sdk / -show-sdk-path`/usr/local
$ cd .. <br />
+
$ cd ..
  +
$ cd xnu
$ tar zxf AvailabilityVersions-6.tar.gz <br />
 
  +
$ cd AvailabilityVersions-6 <br />
 
  +
Now you are in the xnu folder. Know you must make it for the [[A4]].
$ mkdir -p dst <br />
 
  +
$ make TARGET_CONFIGS="debug arm S5L8930X"
$ make install SRCROOT=$PWD DSTROOT=$PWD/dst <br />
 
  +
$ sudo ditto $PWD/dst/usr/local `xcrun -sdk / -show-sdk-path`/usr/local <br />
 
  +
Navigate to BUILD/obj/DEBUG_ARM_S5L8930X. In this folder are many files. mach_kernel is the bootable image.
$ cd .. <br />
 
  +
$ cd xnu <br />
 
  +
Ok now you need the 4.x IPSW for your A4 device. If you have a newer iOS version, you need the [[Firmware|IPSW for iOS 4.1]] also.
<br />
 
  +
For Mounten Lion read [http://shantonu.blogspot.de/2012/07/building-xnu-for-os-x-108-mountain-lion.html this post]. <br />
 
  +
You need [[redsn0w]] in order to boot the kernel. Open Terminal and navigate to the redsn0w folder. Now you type the following commands:
<br />
 
  +
$ cd redsn0w.app/Contents/MacOS
Now you are in the xnu folder <br />
 
  +
$ ./redsn0w -i <'4.1 iPSW'> -k <'mach_kernel'>
Know you must make it for Apple A4: <br />
 
  +
<br />
 
  +
Here a example command:
$ make TARGET_CONFIGS="debug arm S5L8930X" <br />
 
  +
$ ./redsn0w -i /Users/username/Desktop/iOS\:Mac\ hack/XNU_Kernel_Panic_Apple_A4-Booting/iPhone3\,1_4.1_8B117_Restore.ipsw -k /Users/username/Desktop/xnu/BUILD/obj/DEBUG_ARM_S5L8930X/mach_kernel
<br />
 
  +
After the process navigate to BUILD/obj/DEBUG_ARM_S5L8930X <br />
 
  +
Boot-args:
In this folder are many files. <br />
 
  +
<pre>
mach_kernel is the bootable image. <br />
 
  +
-graphics-mode Enables video console graphics boot. Enables OS X style spinner and panic dialog.
<br />
 
  +
-no-cache Disable L1i and L1d data/instruction caching completely.
Ok now you need the 4.1 ipsw for your iDevice(A4) <br />
 
  +
silence_kprintf Remove kprintf serial output.
If you have a newer iOS version, you need the 4.1 ipsw also. <br />
 
  +
kprintf Send all kprintf output to the video console or serial console.
You can download the ipsw for example [http://www.felixbruns.de/iPod/firmware/ here] or [http://www.icj.me/ios here]. <br />
 
  +
symbolicate-panics Symbolicate all panic backtraces.
<br />
 
  +
kernel_read_only Enable/disable kernel R-X protection.
For booting the kernel you need [http://redsn0w.com redsn0w]. <br />
 
  +
dataconstro Override kernel const data section R-- protection.
Open terminal and navigate to the redsn0w folder. <br />
 
  +
npvhash Specify the internal PV hash value (used internally in pmap. Keep it at N^2-1.)
Now you write this commands:
 
  +
-panic-reboot Reboot on panics (only if the PE_halt_restart hook is installed)
<br />
 
  +
-early-fb-debug Early kprintf output is sent to framebuffer, use with kprintf=1.
$ cd redsn0w.app/Contents/MacOS <br />
 
  +
-avoid-uarts Avoid initializing UARTs entirely (only on S5L89xx)
$ ./redsn0w -i <'4.1 iPSW'> -k <'mach_kernel'> <br />
 
  +
-force-uarts Force initializing UARTs. (only on S5L89xx)
Here a example command: <br />
 
  +
omapfbres Specify OMAP3530 DSS display resolution size.
$ ./redsn0w -i /Users/Louis/Desktop/iOS\:Mac\ hack/XNU_Kernel_Panic_Apple_A4-Booting/iPhone3\,1_4.1_8B117_Restore.ipsw -k /Users/Louis/Desktop/xnu/BUILD/obj/DEBUG_ARM_S5L8930X/mach_kernel <br />
 
  +
</pre>
Now you must get your iDevice(A4) in the DFU mode.<br />
 
  +
Wait a few seconds and a white screen will flashes on your iDevice. Now you see the pineapple on your iDevice. <br />
 
  +
Now you must get your device into DFU Mode.
30 secounds - 1 minute later the kernel is booted on your iDevice. <br />
 
  +
A long time you see 'Still waiting for root device'. <br />
 
  +
Wait a few seconds and a white screen will flashes on your iDevice. Now you see the pineapple on your iDevice. 30-60 seconds later the kernel will be booted. You'll see 'Still waiting for root device' for a while, but a kernel panic will occur if you wait more than 10-30 minutes.
But If you wait more than 10 - 30 minutes, appears a kernel panic. <br />
 
  +
<br />
 
  +
And that's it.
Ok you are finish and have fun :) <br />
 
$ mkdir -p obj sym dst <br />
+
$ mkdir -p dst
  +
  +
== External Links ==
  +
  +
[[Category:Tutorials]]

Latest revision as of 11:11, 1 October 2014

These steps will let you boot XNU on all A4 devices. The tutorial was written for Macs with an iPhone 4 running iOS 6.1.3.

Instructions

First you must install CTF tools etc. Follow these instructions for 10.8. For 10.9, run these commands in Terminal.

$ curl -O http://opensource.apple.com/tarballs/dtrace/dtrace-118.tar.gz
$ curl -O http://opensource.apple.com/tarballs/AvailabilityVersions/AvailabilityVersions-6.tar.gz
$ git clone https://github.com/darwin-on-arm/xnu
$ tar zxf dtrace-118.tar.gz
$ cd dtrace-118
$ mkdir -p obj sym dst
$ xcodebuild install -target ctfconvert -target ctfdump -target ctfmerge ARCHS="x86_64" SRCROOT=$PWD OBJROOT=$PWD/obj SYMROOT=$PWD/sym DSTROOT=$PWD/dst
$ sudo ditto $PWD/dst/usr/local /usr/local
$ cd ..
$ tar zxf AvailabilityVersions-6.tar.gz
$ cd AvailabilityVersions-6
$ mkdir -p dst
$ make install SRCROOT=$PWD DSTROOT=$PWD/dst
$ sudo ditto $PWD/dst/usr/local `xcrun -sdk / -show-sdk-path`/usr/local
$ cd ..
$ cd xnu

Now you are in the xnu folder. Know you must make it for the A4.

$ make TARGET_CONFIGS="debug arm S5L8930X"

Navigate to BUILD/obj/DEBUG_ARM_S5L8930X. In this folder are many files. mach_kernel is the bootable image.

Ok now you need the 4.x IPSW for your A4 device. If you have a newer iOS version, you need the IPSW for iOS 4.1 also.

You need redsn0w in order to boot the kernel. Open Terminal and navigate to the redsn0w folder. Now you type the following commands:

$ cd redsn0w.app/Contents/MacOS
$ ./redsn0w -i <'4.1 iPSW'> -k <'mach_kernel'>

Here a example command:

$ ./redsn0w -i /Users/username/Desktop/iOS\:Mac\ hack/XNU_Kernel_Panic_Apple_A4-Booting/iPhone3\,1_4.1_8B117_Restore.ipsw -k /Users/username/Desktop/xnu/BUILD/obj/DEBUG_ARM_S5L8930X/mach_kernel

Boot-args:

-graphics-mode      Enables video console graphics boot. Enables OS X style spinner and panic dialog.
-no-cache           Disable L1i and L1d data/instruction caching completely.
silence_kprintf     Remove kprintf serial output.
kprintf             Send all kprintf output to the video console or serial console.
symbolicate-panics  Symbolicate all panic backtraces.
kernel_read_only    Enable/disable kernel R-X protection.
dataconstro         Override kernel const data section R-- protection.
npvhash             Specify the internal PV hash value (used internally in pmap. Keep it at N^2-1.)
-panic-reboot       Reboot on panics (only if the PE_halt_restart hook is installed)
-early-fb-debug     Early kprintf output is sent to framebuffer, use with kprintf=1.
-avoid-uarts        Avoid initializing UARTs entirely (only on S5L89xx) 
-force-uarts        Force initializing UARTs. (only on S5L89xx)
omapfbres           Specify OMAP3530 DSS display resolution size.

Now you must get your device into DFU Mode.

Wait a few seconds and a white screen will flashes on your iDevice. Now you see the pineapple on your iDevice. 30-60 seconds later the kernel will be booted. You'll see 'Still waiting for root device' for a while, but a kernel panic will occur if you wait more than 10-30 minutes.

And that's it.

External Links