LLDB and TaiG 8.4

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

LLDB and TaiG 8.4

Postby amfid » Wed Apr 27, 2016 6:32 am

Hey Jonathan,

I think it still should be possible to attach LLDB and debug kernel on iOS < 9.
I assume we need to patch boot args in kernel memory first, to enable kdp and debugging. Could you please add more details on that ?

My target device is arm64 8.4 TaiG.
Posts: 5
Joined: Sun Feb 07, 2016 12:14 am

Re: LLDB and TaiG 8.4

Postby morpheus » Sun May 01, 2016 6:24 pm

Hello amfid,

Patching the boot-args would be too late at this point - the PE_parse_boot_argn is evaluated before you can jailbreak. So that won't work. What you need to do is emulate what the behavior of these boot args (notable, PE_I_can_haz_debugger and serial=3). Vince Cali has a nice writeup on that at http://embeddedideation.com/2016/04/06/ ... s-devices/.

You probably will need to inject kdp_* args. Looking over one of my 8.4 dumps I can't see kdp is supported (usually there're a few kdp boot-args for remote_ip, etc). But it should work over serial. You can easily find serial_init by using jtool

jtool -d ./TaiG8.3/kernel.8.4.iPhone6.dump | grep PE_parse | grep serial
Opened companion File: ./TaiG8.3/kernel.8.4.iPhone6.dump.ARM64.5682267E-8E60-3FB0-8F71-C58CE2DBCF4D
Loading symbols...
Disassembling from file offset 0x1000, Address 0xffffff8008003000
;; R0 = _PE_parse_boot_argn("serial",0xffffff8008533e60,4);

Once you have serial, starting a debugger can be had with host_reboot (...) and passing the debugger argument.

But if you want my take on it? Waste of your time. You have TFP0. That gives you easy access to peek into kernel memory, etc. (I use it with coreruption a lot). I've never been a fan of kernel debuggers - you end up losing interrupts, desyncing.. bad idea. Though the above, hopefully, should help you.
Site Admin
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: LLDB and TaiG 8.4

Postby amfid » Tue May 10, 2016 7:57 pm

Thanks J!
Posts: 5
Joined: Sun Feb 07, 2016 12:14 am

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 1 guest