sitay1
sitay1
found one mistake in that offsets HEAP_WRITE_HASH is 0x10000F364 and not as mentioned on A10. but still have problems when running HEAP_CHECK_ALL
> You have correct values for the things you can reasonably find statically now. > Try dumping some memory to get the last ones. I have a mem-dump for the...
> Also, even when you get it working, it will take about ~10 tries each boot to get it working, seems very unreliable for the t8010. why is that? after...
> > why is that? after you fix the heap it should be reliable no? > > Not sure, I've been able to consistently pass heap_check_all, but still panic later....
BOOTSTRAP_TASK_LR 0x1800a9f68
HEAP_BASE = 0x1801B4000 # HEAP BASE can be advised from load_address in main() HEAP_WRITE_OFFSET = 0x5180 # The base offset in the HEAP that checkm8 curropted HEAP_WRITE_HASH = 0x10000F364 #...
No, never managed to see the verbose boot working even once. don't know what's the problem. trying to go over https://github.com/akayn/ipwndfu fork. and see what i can do from there.
WriteValue is the opcode you want to patch. WriteAddress is where you want to do the patch. If you look in the iBoot code for iPhone X You see that...
It does boot "normally" not sure if it's because something is failing...and the device boots..or "by design" and just not printing the verbose logs - can you verify the offset...
https://9to5mac.com/2020/04/29/ios-13-5-beta-covid-19-contact-tracing/