Page 1 of 1

joker feedface

PostPosted: Fri Sep 09, 2016 5:29 pm
by matteyeux
Hi J.

Anyway to update joker to find kcache feedface and lzssdec it ?

BTW, could you push the updated source of Joker please ?

Re: joker feedface

PostPosted: Fri Sep 09, 2016 9:29 pm
by morpheus
Yep. Done. And wasn't that hard, either. Also I'm now adding a joker ARM64 binary compiled, since this is now useful to run on the device itself as of iOS 10.

(Check the joker page).

New version also has preliminary support for Sandbox profile decompilation when encountering the sandbox.kext either standalone or kextracting from kernelcache.

Re: joker feedface

PostPosted: Sun Sep 11, 2016 5:52 pm
by matteyeux
Thanks again for your work sir.

OTA firmware of iPhone 7 is available, it seems It cannot find magic to lzssdec it.

I've tried to manage to do it manually, unfortunately I did not spot the feedfacf (or whatever) offset
Here is the output of joker.

I guess it's very different than older kernel's devices

Something fun, everytime I run joker, magic value changes

Code: Select all
$ joker kernelcache.release.d111
I have no idea how to handle a file with a magic of 07fed

Re: joker feedface

PostPosted: Sun Sep 11, 2016 9:27 pm
by morpheus
Could be a bug; probably is. Can you post the kernelcache, in its raw (compressed) form over a link please?

Re: joker feedface

PostPosted: Sun Sep 11, 2016 10:14 pm
by matteyeux

Re: joker feedface

PostPosted: Sun Sep 11, 2016 11:19 pm
by Siguza
Well that's definitely encrypted. But then again, it's advertised as "9.9.10.0.1" for updating...

Re: joker feedface

PostPosted: Mon Sep 12, 2016 12:11 pm
by matteyeux
Ah. Sad

I guess "9.9.10.0.1" is a just a bug in the ipsw.me API.