OTAs revisited

Wherein links to *OS related articles will be posted (alongside the RSS), and you are welcome to ask any questions or post any comments.

OTAs revisited

Postby morpheus » Thu Sep 24, 2015 2:11 pm

... including a small script to pull files from your device and patch them automatically to the latest and greatest iOS

http://NewOSXBook.com/articles/OTA2.html
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTAs revisited

Postby backendbilly » Thu Sep 24, 2015 9:02 pm

This is all good but aren't there any dependencies on the kernelcache and/or the dyld cache? Moving from for example 8.3 to 9.0.1, I would assume that at least part of the dyld cache would also have to be taken into consideration during the software OTA update. Correct me if I'm wrong.
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: OTAs revisited

Postby morpheus » Thu Sep 24, 2015 11:35 pm

A) This is for reversing, in which case there are no dependencies - you want to get the binary as it would be on the filesystem, to then dissect and analyze, not actually run. I used this script quite a bit for launchd and friends , so I thought I'd share.

B) In theory, some of these binaries could be actively run on an older version. Likely not apps, but certainly some of the daemons, which have dependencies only on libSystem etc which don't change much in between releases.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTAs revisited

Postby backendbilly » Fri Sep 25, 2015 12:57 am

that makes more sense now, however you mentioned in the first part that it is possible to do the OTA update while maintaining the jailbreak provided that you don't mess with the kernelcache or the dyld which makes perfect sense but the confusion then came from how do we go ahead do the OTA from 8.4 to 9.0 while maintaining the jailbreak which now seems like a very risky and impossible process due to the limitations surrounding the kernelcache, dyld, etc. I wasn't so much concerned about performing the OTA update for the sole purpose of reverse engineering on 64-it thanks for the 32-bit keys. I'm more interested in the runtime :).

Someone posted a demo on YouTube (without mentioning handles) of him jailbreaking iOS 9. Looking forward to that.

Nonetheless, thank you for sharing the OTA script. I believe this will come in handy when APPL drops support for 32-bit completely and we're left with 64-bit without keys to work with.
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: OTAs revisited

Postby morpheus » Fri Sep 25, 2015 6:35 am

That demo is through an iBoot exploit.. So you might have to wait a bit longer than you think. Also I hope nothing comes out before 9.1, so it can be used on the iPad Pro and WatchOS 2.0.

The upgrading-while-maintaining-jailbreak is doable - the kernel doesn't seem to have changed that much. I'm researching it and working on it. theoretically, if you load an alternate dyld cache - that of 9 - side by side on the iOS 8 device, you should be able to run 9.0 apps. Details to follow when I figure this out..
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTAs revisited

Postby awesomebing1 » Thu Jun 23, 2016 6:01 pm

Is there an update to the bxpatch tool for the BXDIFF50 format? I've only seen a reference about it on Twitter from @npupyshev (https://twitter.com/npupyshev/status/728201453265952770) where he mentioned about the format being different.
awesomebing1
 
Posts: 1
Joined: Thu Jun 23, 2016 5:55 pm


Return to Articles and Feedback

Who is online

Users browsing this forum: No registered users and 0 guests