qemu-ios
qemu-ios copied to clipboard
devos50
Lock Screen Support on iPod Touch 2G iOS 2.1.1
Hey there @devos50,
Recently I got your emulator to run on my system, and for the most part the functionality is great. One thing I noticed was when the power button is pressed to lock the device, the device says:
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
Kernel loadable modules in backtrace (with dependencies):
com.apple.iokit.IOHIDFamily(1.5.2)@0xc03b6000->0xc03d1fff
And then continuously prints ipod_touch_mipi_dsi_read: read from location 0x00000000.
After this I get a panic:
Debugger message: Fatal Exception
OS version: 5F138
Kernel version: Darwin Kernel Version 9.4.1: Sun Aug 10 21:25:25 PDT 2008; root:xnu-1228.7.27~12/RELEASE_ARM_S5L8720X
iBoot version: iBoot-385.22
secure boot?: NO
Paniclog version: 1
Task 0xc09d6ce8: 2007 pages, 63 threads: pid 0: kernel_task
thread 0xe02f7510
kernel backtrace: eb27bd98
lr: 0xc00670b5 fp: 0xeb27bdc8
lr: 0xc00687bc fp: 0xeb27bdd4
lr: 0xc0068cc8 fp: 0xeb27be68
lr: 0xc006539c fp: 0xeb27bec4
lr: 0xc04ff6b0 fp: 0xeb27bed4
lr: 0xc04ff734 fp: 0xeb27bee4
lr: 0xc016009b fp: 0xeb27bf08
lr: 0xc05009e0 fp: 0xeb27bf28
lr: 0xc0158fe9 fp: 0xeb27bf64
lr: 0xc01591e7 fp: 0xeb27bf80
lr: 0xc00296e7 fp: 0xeb27bfa8
lr: 0xc00659f8 fp: 0x00000000
Task 0xc09d6b10: 113 pages, 3 threads: pid 1: launchd
Task 0xc09d6938: 179 pages, 1 threads: pid 2: launchctl
Task 0xc09d6760: 360 pages, 3 threads: pid 8: lockdownd
Task 0xc09d6588: 448 pages, 4 threads: pid 9: configd
Task 0xc09d61d8: 2331 pages, 10 threads: pid 10: SpringBoard
Task 0xc09d6000: 95 pages, 2 threads: pid 11: notifyd
Task 0xc2772ce8: 185 pages, 2 threads: pid 14: SCHelper
Memory access exception (1,0,0)
Just was wondering, is this known to be an issue, or just on my machine?
Thanks!
That's not just on your machine. Happens to me as well. I don't get a kernel panic though, it just prints ipod_touch_mipi_dsi_read: read from location 0x00000000 over and over again until the end of time (or until I quit QEMU)
@LagLifeYT Hey, thanks for the reply,
I get a panic when trying to wake it again with 'p' or 'h' takes a bit though, but the "ipod_touch_mipi_dsi_read" is probably the bigger issue.
I get to the same point after the emulator goes to sleep and the screen goes blank
also when try to boot iboot without nand its always print ipod_touch_mipi_dsi_read: read from location 0x00000000 (i know what iboot without nand is brick but anyway)
Yes, going to the Lock Screen is still unstable, and I'm not even sure if there's a Lock Screen at all (since I believe the default option is to not have a Lock Screen). I'll try to look into this!
Yes, going to the Lock Screen is still unstable, and I'm not even sure if there's a Lock Screen at all (since I believe the default option is to not have a Lock Screen). I'll try to look into this!
Off topic but could be useful: Any iOS version above 2.1 or so doesn't seem to work at all, even after grabbing the files and generating a new NOR and NAND. I made an issue about the NOR in that repository, but it's possible fixing bugs like that might also help stabilize the emulator.
@LagLifeYT yeah that's not surprising as there is some stuff that is heavily tied to a particular kernel cache/root file system. Which iOS version have you tried exactly?
@LagLifeYT yeah that's not surprising as there is some stuff that is heavily tied to a particular kernel cache/root file system. Which iOS version have you tried exactly?
I tried iOS 3 and 4 for the iPod Touch 2G, generating the NOR for 3.x gives a black screen, probably because the NOR generator is decrypting using the wrong key. iOS 4.x removes the needservice image which means I have to shove a 3.x one in there for the generator to spit out a NOR. Probably the easiest way around the key problem is to allow specifying the key at runtime.
I tried iOS 3 and 4 for the iPod Touch 2G, generating the NOR for 3.x gives a black screen, probably because the NOR generator is decrypting using the wrong key.
Yes, that makes a lot of sense. I think we should extract these keys into a separate file and make it easy to add additional ones as well (or supply/override them at runtime). I'll try later to see if I can get this up and running. 👍
I tried iOS 3 and 4 for the iPod Touch 2G, generating the NOR for 3.x gives a black screen, probably because the NOR generator is decrypting using the wrong key.
Yes, that makes a lot of sense. I think we should extract these keys into a separate file and make it easy to add additional ones as well (or supply/override them at runtime). I'll try later to see if I can get this up and running. 👍
The Apple Wiki has a list of firmware keys for iOS versions that can be downloaded in JSON, maybe that would help?
The Apple Wiki has a list of firmware keys for iOS versions that can be downloaded in JSON, maybe that would help?
Yes indeed, these are the keys that I'm using 😀.
Indeed, but I'd be careful with licenses and key material. I have included some idapython scripts to work with the kernelcache but it requires cautiousness.
On Tue, Jan 2, 2024, 20:36 LagLife @.***> wrote:
I tried iOS 3 and 4 for the iPod Touch 2G, generating the NOR for 3.x gives a black screen, probably because the NOR generator is decrypting using the wrong key.
Yes, that makes a lot of sense. I think we should extract these keys into a separate file and make it easy to add additional ones as well (or supply/override them at runtime). I'll try later to see if I can get this up and running. 👍
The Apple Wiki https://theapplewiki.com/wiki/Firmware_Keys has a list of firmware keys for iOS versions that can be downloaded in JSON, maybe that would help?
— Reply to this email directly, view it on GitHub https://github.com/devos50/qemu-ios/issues/77#issuecomment-1874460030, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB325SXJDC5QQMLHI562GQLYMROSPAVCNFSM6AAAAAA7HU5UIGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZUGQ3DAMBTGA . You are receiving this because you commented.Message ID: @.***>