The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Talk:Northstar 7D11 (iPhone1,1)
Decryption of Kernelcache
Has anyone had any success decrypting the kernelcache of any of the 3.1.2 or 3.1 firmwares? Using the newest build of xpwntool, I still get thrown an error. Seems it may have to do with the compression of the kernelcache...
~/iPhone1,1_3.1.2_7D11_Restore$ xpwntool kernelcache.release.s5l8900x kernel.bin -iv 25B7F586D184C329D3D05953A6516A36 -k DD03B5B52A53D3582B18A0052EF84038 /home/admin/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:613: 9de439b226a7982d45bb64afc9c4f9b1cf955bdcf0f4675e95be7784b3169a4a /home/admin/xpwn/ipsw-patch/lzssfile.c:createAbstractFileFromComp:112: mismatch: 4073636 7933935 7933952 ba 8a error: cannot open infile
--Cool name 14:28, 10 October 2009 (UTC)
until 7a341, the last block of the DATA section was not encrypted, since 7c144, it -is- encrypted, this may cause problems in xpwntool. i wrote my own tools for extracting img3 files, see this page these don't have problems extracting recent updater files Itsme 21:01, 10 October 2009 (UTC)
ahh very nice, thank you Itsme. I succeeded in using decodeimg3.pl along with lzssdec to decrypt and unpack the kernel. however, say i have patched the kernel to my liking and want to re-pack and re-encrypt it, do you have any idea how to do this? thanks. --Cool name 00:48, 11 October 2009 (UTC)
in the latest xpwntool you can add the -decrypt flag to only decrypt and not decompress the lzss part. and from there you can probably modify the lzss header to match up with what xpwntool expects. in that example the header claims there's 7933935 bytes of data once decrypted, but the lzss_decompress function is returning with 7933952 byte of data. --posixninja 17:15, 11 October 2009 (UTC)
alright, i've looked into this, and while i can just decrypt the file and see where the lzss portion starts (where it says complzss), i cannot figure out where the header claims there's 7933935 bytes of data once decrypted/uncompressed. i've googled the lzss header and tried looking in a hex editor, but nothing stands out as the value. do you know where it is exactly? --Cool name 00:46, 12 October 2009 (UTC)