Difference between revisions of "Kirkwood 7A341 (iPod2,1)"

From The iPhone Wiki
Jump to: navigation, search
Line 34: Line 34:
 
* '''IV''': 395f0ec18c19f302298c0fd49b75c6e6
 
* '''IV''': 395f0ec18c19f302298c0fd49b75c6e6
 
* '''Key''': 8f4a88ab8acf4bed06a5f641ba804c50
 
* '''Key''': 8f4a88ab8acf4bed06a5f641ba804c50
  +
  +
==Patches==
  +
Putting this here for developers that would like to to utilize "extras" like /dev/kmem access, tfp0, etc.
  +
  +
===Kernel===
  +
<pre>
  +
// thumb patches
  +
0x08DE72: 8D 43 => 00 00 // w^x patch #1
  +
0x090B6E: A2 43 => 00 00 // w^x patch #2
  +
0x19B8BC: 0C D1 => 0C E0 // allow tfp0
  +
0x381E22: FA 23 DB 00 => 01 23 5B 42 // allow aes uid key usage
  +
0x381E34: FA 23 9B 00 => 01 23 5B 42 // allow aes gid key usage
  +
0x3DEF8E: 40 42 => 00 20 // img3 signature check
  +
  +
// flag patches
  +
0x213638: 00 00 00 00 => 01 00 00 00 // setup_kmem flag
  +
  +
// arm patches
  +
0x3F908C: 00 40 A0 E3 => 01 40 A0 E3 // codesign check actual code patch
  +
0x3FCB40: FF 40 A0 E3 => 00 40 A0 E3 // ??? (was in posix's patcher)
  +
</pre>

Revision as of 20:37, 17 June 2009

Decryption Keys

Root Filesystem

  • VFDecrypt: 415225778e1bebf8eeff2a9050b04ce429de9680e4acba50820a3fa453897bc4a4b307e2

LLB

  • IV: 6a362817b3dfaf5932f13a747e0181a6
  • Key: fd285252b62192710f6f8c902ef96aaf

iBoot

  • IV: c71876986992913eeb8b12b072e00293
  • Key: e0476a04b7dfba9531e1c0263f8b0143

DeviceTree

  • IV: 58a4993608ddfbd3c7be970c7656f54a
  • Key: b11cafdbacf7ccc0a73a500dffe48c81

kernelcache

  • IV: 308dd79438f44a9b9f2d465dbc850f3d
  • Key: d1dd8688b1845fd4c58628e701a1e0a2

iBEC

  • IV: cb811d7b738e930fdf21660dd261e937
  • Key: 592b94ddb22d797f5bfe0b6529223233

iBSS

  • IV: 562681289ebe33a82a810a6463b95dde
  • Key: d42a45e83880d70807fef01f2fed29ac

018-5309-002.dmg

  • IV: b7ae396e8e8ea533b1593802b1d59678
  • Key: 4672f8b511586e795ec7d6aa9ad1b1c3

018-5310-002.dmg

  • IV: 395f0ec18c19f302298c0fd49b75c6e6
  • Key: 8f4a88ab8acf4bed06a5f641ba804c50

Patches

Putting this here for developers that would like to to utilize "extras" like /dev/kmem access, tfp0, etc.

Kernel

// thumb patches
0x08DE72: 8D 43 => 00 00               // w^x patch #1
0x090B6E: A2 43 => 00 00               // w^x patch #2
0x19B8BC: 0C D1 => 0C E0               // allow tfp0
0x381E22: FA 23 DB 00 => 01 23 5B 42   // allow aes uid key usage
0x381E34: FA 23 9B 00 => 01 23 5B 42   // allow aes gid key usage
0x3DEF8E: 40 42 => 00 20               // img3 signature check

// flag patches
0x213638: 00 00 00 00 => 01 00 00 00   // setup_kmem flag

// arm patches
0x3F908C: 00 40 A0 E3 => 01 40 A0 E3   // codesign check actual code patch
0x3FCB40: FF 40 A0 E3 => 00 40 A0 E3   // ??? (was in posix's patcher)