The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Device Nodes
Revision as of 00:46, 9 November 2008 by ChronicDev (talk | contribs) (→How to access /dev/mem and /dev/kmem)
The underlying unix OS that powers the iPhone has a number of device nodes. These nodes can be read from or written to by the OS or applications.
Contents
Overview
A iPhone 3G 2.0.2 contains:
crw-rw-rw- 1 root wheel 21, 0 Aug 28 15:35 aes_0 crw------- 1 root wheel 23, 0 Aug 28 18:56 bpf0 crw------- 1 root wheel 23, 1 Aug 28 18:56 bpf1 crw------- 1 root wheel 23, 2 Aug 28 15:35 bpf2 crw------- 1 root wheel 23, 3 Aug 28 15:35 bpf3 c------r-- 1 root wheel 11, 0 Aug 28 15:35 btreset crw--w--w- 1 root wheel 0, 0 Aug 28 15:35 console crw-rw-rw- 1 root wheel 1, 5 Aug 28 18:56 cu.bluetooth crw-rw-rw- 1 root wheel 1, 7 Aug 28 15:35 cu.debug crw-rw-rw- 1 root wheel 1, 1 Aug 28 15:35 cu.iap crw-rw-rw- 1 root wheel 1, 3 Aug 28 15:35 cu.umts brw-r----- 1 root operator 14, 0 Aug 28 15:35 disk0 brw-r----- 1 root operator 14, 1 Aug 28 15:35 disk0s1 brw-r----- 1 root operator 14, 2 Aug 28 15:35 disk0s2 crw------- 1 root wheel 9, 0 Aug 28 15:35 dlci.spi-baseband.0 crw------- 1 root wheel 9, 1 Aug 28 18:56 dlci.spi-baseband.1 crw------- 1 root wheel 9, 10 Aug 28 15:35 dlci.spi-baseband.10 crw------- 1 root wheel 9, 11 Aug 28 15:35 dlci.spi-baseband.11 crw------- 1 root wheel 9, 12 Aug 28 15:35 dlci.spi-baseband.12 crw------- 1 root wheel 9, 13 Aug 28 15:35 dlci.spi-baseband.13 crw------- 1 root wheel 9, 14 Aug 28 15:35 dlci.spi-baseband.14 crw------- 1 root wheel 9, 15 Aug 28 15:35 dlci.spi-baseband.15 crw------- 1 root wheel 9, 2 Aug 28 19:13 dlci.spi-baseband.2 crw------- 1 root wheel 9, 3 Aug 28 18:56 dlci.spi-baseband.3 crw------- 1 root wheel 9, 4 Aug 28 18:56 dlci.spi-baseband.4 crw------- 1 root wheel 9, 5 Aug 28 18:56 dlci.spi-baseband.5 crw------- 1 root wheel 9, 6 Aug 28 18:56 dlci.spi-baseband.6 crw------- 1 root wheel 9, 7 Aug 28 18:56 dlci.spi-baseband.7 crw------- 1 root wheel 9, 8 Aug 28 18:56 dlci.spi-baseband.8 crw------- 1 root wheel 9, 9 Aug 28 18:56 dlci.spi-baseband.9 crw------- 1 root wheel 6, 0 Aug 28 15:35 klog cr--r--r-- 1 root wheel 13, 3 Aug 28 15:35 mrvl868x0 crw------- 1 root wheel 9, 0 Aug 28 15:35 mux.spi-baseband crw-rw-rw- 1 root wheel 3, 2 Aug 28 18:56 null crw-rw-rw- 1 root tty 15, 1 Aug 28 19:13 ptmx crw-rw-rw- 1 root wheel 5, 0 Aug 28 15:35 ptyp0 crw-rw-rw- 1 root wheel 5, 1 Aug 28 15:35 ptyp1 crw-rw-rw- 1 root wheel 5, 2 Aug 28 15:35 ptyp2 crw-rw-rw- 1 root wheel 5, 3 Aug 28 15:35 ptyp3 crw-rw-rw- 1 root wheel 5, 4 Aug 28 15:35 ptyp4 crw-rw-rw- 1 root wheel 5, 5 Aug 28 15:35 ptyp5 crw-rw-rw- 1 root wheel 5, 6 Aug 28 15:35 ptyp6 crw-rw-rw- 1 root wheel 5, 7 Aug 28 15:35 ptyp7 crw-rw-rw- 1 root wheel 8, 0 Aug 28 15:35 random crw-r----- 1 root operator 14, 0 Aug 28 15:35 rdisk0 crw-r----- 1 root operator 14, 1 Aug 28 15:35 rdisk0s1 crw-r----- 1 root operator 14, 2 Aug 28 15:35 rdisk0s2 crw-rw-rw- 1 root wheel 20, 0 Aug 28 15:35 sha1_0 crw-rw-rw- 1 root wheel 2, 0 Aug 28 15:35 tty crw-rw-rw- 1 root wheel 1, 4 Aug 28 15:35 tty.bluetooth crw-rw-rw- 1 root wheel 1, 6 Aug 28 15:35 tty.debug crw-rw-rw- 1 root wheel 1, 0 Aug 28 15:35 tty.iap crw-rw-rw- 1 root wheel 1, 2 Aug 28 15:35 tty.umts crw-rw-rw- 1 root wheel 4, 0 Aug 28 15:35 ttyp0 crw-rw-rw- 1 root wheel 4, 1 Aug 28 15:35 ttyp1 crw-rw-rw- 1 root wheel 4, 2 Aug 28 15:35 ttyp2 crw-rw-rw- 1 root wheel 4, 3 Aug 28 15:35 ttyp3 crw-rw-rw- 1 root wheel 4, 4 Aug 28 15:35 ttyp4 crw-rw-rw- 1 root wheel 4, 5 Aug 28 15:35 ttyp5 crw-rw-rw- 1 root wheel 4, 6 Aug 28 15:35 ttyp6 crw-rw-rw- 1 root wheel 4, 7 Aug 28 15:35 ttyp7 crw--w---- 1 root tty 16, 0 Aug 28 19:13 ttys000 crw-rw-rw- 1 root wheel 10, 2 Aug 28 15:35 uart.bluetooth crw-rw-rw- 1 root wheel 10, 3 Aug 28 15:35 uart.debug crw-rw-rw- 1 root wheel 10, 0 Aug 28 15:35 uart.iap crw-rw-rw- 1 root wheel 10, 1 Aug 28 15:35 uart.umts crw-rw-rw- 1 root wheel 8, 1 Aug 28 15:35 urandom brw------- 1 root operator 1, 0 Aug 28 15:35 vn0 brw------- 1 root operator 1, 1 Aug 28 15:35 vn1 crw-rw-rw- 1 root wheel 3, 3 Aug 28 15:35 zero
Block Devices
disk0 | iPhone flash memory (4, 8 or 16GB) |
disk0s1 | OS partition. Stores / root file system. |
disk0s2 | User space. Stores Music, Photos, Videos, Podcasts, Ringtones and Apps. Mounted as /private/var. |
vn0 | unknown |
vn1 | unknown |
Interesting Character Devices
Dev Node | Description | Children |
rdisk0 | RAW Disk; to access the Flash | rdisk0s1 (root) rdisk0s2 (data) |
dlci.spi-baseband | iPhone Baseband Radio | dlci.spi-baseband.0 - dlci.spi-baseband.15 |
tty.iap | serial connection (pins 12 and 13 of the Dock connector) | |
uart.umts | Serial connection to the Utms radio (?) | |
dlci.spi-baseband.9 | GPS device (read from by /usr/libexec/locationd82 for CoreLocation services) | |
mem | Raw access to RAM (has been blocked since 1.0.2) Memory devices can be re-enabled with single WORD change within kernel. | kmem, Raw access to Kernel Memory (also blocked since 1.0.2) |
aes_0 | Access to AES engine. Works via complicated ioctl handshake. Not known why it exists, as use of the IOKit interface is much simpler. |
How to access /dev/mem and /dev/kmem
All you need to do is patch the kernel. See here for up to date patches according to the firmware revision that you are on. Just a note, the last kernel patch is all that seems to be needed, as it patches the setup_keme flag to 7, making all of the checks pass. The first four are just there so that if anyone decides to look into them when a firmware is freshly released, and we do not have new patches, people will not mess up anything if Apple added extra checks.