OTApack Errors

Used for discussing the various tools in the book as well as encouraging members to share tools

OTApack Errors

Postby darkknight » Thu May 26, 2016 3:14 pm

So on an iPhone 5S(6,1), running
Code: Select all
$ ./applyota.sh sbin/launchd
Retrieving launchd from your device...
launchd                                                                        100%  284KB 283.6KB/s   00:00   
Patching sbin/launchd with patch from ~/OTA/AssetData/payloadv2/patches/sbin/launchd
bxpatch(871,0x7fff73a2c000) malloc: *** mach_vm_map(size=18446744073709273088) failed (error code=3)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
error: 7


This is from 9.0.2 -> 9.3.2
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm

Re: OTApack Errors

Postby morpheus » Thu May 26, 2016 4:53 pm

This looks like a bug I had in an older version; Are you using the latest and greatest (from the OTA3 article?)

BTW, you only need the OTA packaging tool nowadays. Someone at AAPL must have been reading my articles and realized their differential updates are unencrypted, so they gave up and now offer a full filesystem image as an OTA - simply run otaa and you get the full filesystem :-)
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTApack Errors

Postby darkknight » Thu May 26, 2016 6:09 pm

Ok kewl. And for the shared library cache, it's all in Xcode yeah?
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm

Re: OTApack Errors

Postby morpheus » Thu May 26, 2016 7:07 pm

Yep. You can get a copy of the full cache in Symbols/System/Library/Caches/com...dyld, and that copy is "better" with respect to jtool in-cache disassembly. You can also use a simple script to symbolicate off the split files.
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTApack Errors

Postby darkknight » Thu May 26, 2016 7:56 pm

So yet another question,

from the payloadv2 directory
- pbzx payload.xxx > pb.xz
- xz --decompress pb.xz
- otaa -e '*' pb

That doesn't seem right....

drwxr-xr-x 3 neo staff 102 May 26 14:45 System
-rw-r--r--@ 1 neo staff 16399 May 4 14:34 links.txt
drwxr-xr-x@ 8 neo staff 272 May 4 14:35 patches
-rw-r--r--@ 1 neo staff 59969444 May 4 14:36 payload.000
-rw-r--r--@ 1 neo staff 18036252 May 4 14:36 payload.001
-rw-r--r--@ 1 neo staff 25 May 4 14:36 payload_chunks.txt
-rw-r--r-- 1 neo staff 47341471 May 26 14:45 pb
drwxr-xr-x@ 3 neo staff 102 May 4 14:35 prepare_patches
-rw-r--r--@ 1 neo staff 258561 May 4 14:36 prepare_payload
drwxr-xr-x 3 neo staff 102 May 26 14:45 private
-rw-r--r--@ 1 neo staff 1509655 May 4 14:34 removed.txt
drwxr-xr-x 4 neo staff 136 May 26 14:45 sbin
drwxr-xr-x 5 neo staff 170 May 26 14:45 usr

DarkKnight:payloadv2 neo$ cd usr/

DarkKnight:usr neo$ ls -l
total 0
drwxr-xr-x 4 neo staff 136 May 26 14:45 lib
drwxr-xr-x 11 neo staff 374 May 26 14:45 libexec
drwxr-xr-x 4 neo staff 136 May 26 14:45 share

DarkKnight:usr neo$ cd libexec/
DarkKnight:libexec neo$ ls -l
total 9680
-rw-r--r-- 1 staff 73584 May 26 14:45 bubbled
-rw-r--r-- 1 staff 94752 May 26 14:45 companionETD
-rw-r--r-- 1 staff 1004848 May 26 14:45 findmydeviced-nano-support
-rw-r--r-- 1 staff 109776 May 26 14:45 hangreporter
-rw-r--r-- 1 staff 1057968 May 26 14:45 ifccd
-rw-r--r-- 1 staff 128048 May 26 14:45 mailq
-rw-r--r-- 1 staff 1429424 May 26 14:45 mobileactivationd
-rw-r--r-- 1 staff 1000752 May 26 14:45 nanoregistryd
-rw-r--r-- 1 staff 36960 May 26 14:45 symptomsd
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm

Re: OTApack Errors

Postby morpheus » Thu May 26, 2016 8:03 pm

You only have two payload files - 000 and 001, which are 59M and 18M. your 'pb' decompressed appears to be only 40something MB - less than the largest. So it's unclear. you might be using pbzx wrong or only on one of them?
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTApack Errors

Postby darkknight » Thu May 26, 2016 9:38 pm

Right so I ran pbzx on both files but just included the output for 001. Ran pbzx like so
Code: Select all
pbzx payload.xxx > pb.xz


And I ran that for 000 and 001 and then ran otaa on each resulting file. But yeah something doesn't look right. usr/libexec should have way more files no? In other words shouldnt usr/libexec have all the goodies? At least based on OTA2.html....
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm

Re: OTApack Errors

Postby morpheus » Thu May 26, 2016 10:42 pm

Yes, though OTA3 is the final in that trilogy so make sure you have it from there. Also since your .00x files are so small it could be that this is a differential update after all - in which case .00x files have only those binaries which are either new or changed so much it's easier to put a full binary than a diff.
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: OTApack Errors

Postby Siguza » Fri May 27, 2016 11:17 am

Not sure if this holds true for all bundles, but all full (as in non-differential) bundles I've seen so far only had one single payload file, while the differential ones usually had .001, .002 etc. Might at least be an indicator, if not actually true for all.

Also, some time ago I started writing a script supposed to rebuild the FS from an OTA as complete as possible, but then drifted off to other things.
Code: Select all
#!/bin/bash

# Fail fast
set -e;

# Look for tools
pbzx='pbzx';
otaa='otaa';
if ! hash "$pbzx"; then
    pbzx="$(dirname "$0")/pbzx";
    if ! [ -x "$pbzx" ]; then
        echo "Couldn't find pbzx executable in PATH or $(dirname "$0")";
        exit 1;
    fi;
fi;
if ! hash "$otaa"; then
    otaa="$(dirname "$0")/otaa";
    if ! [ -x "$otaa" ]; then
        echo "Couldn't find otaa executable in PATH or $(dirname "$0")";
        exit 1;
    fi;
fi;

# Check arguments
if [ "$1" == '' ] || [ "${1:${#1}-4}" != '.zip' ]; then
    echo "Usage:";
    echo "    $(basename "$0") ota.zip";
    exit 1;
fi;

# Extract zip
dir="$(basename "$1")";
dir="$PWD/${dir:0:${#dir}-4}";
if [ -e "$dir" ]; then
    echo "Directory $dir already exists";
    exit 1;
fi;
unzip -q -d "$dir" "$1";

# Parse version info
plist="$(cat "$dir/AssetData/Info.plist" | tr -d '\n\t')";
device="$(sed -E 's/^.*<key>ProductType<\/key>[[:space:]]*<string>([^<]*)<\/string>.*$/\1/' <<<"$plist")";
version="$(sed -E 's/^.*<key>ProductVersion<\/key>[[:space:]]*<string>([^<]*)<\/string>.*$/\1/' <<<"$plist")";
build="$(sed -E 's/^.*<key>TargetUpdate<\/key>[[:space:]]*<string>([^<]*)<\/string>.*$/\1/' <<<"$plist")";
name="${device}_${version}_${build}";

# Check for incremental update
if fgrep -q '<key>BaseUpdate</key>' <<<"$plist"; then
    plist2="$(cat "$dir/Info.plist" | tr -d '\n\t')";
    oldversion="$(sed -E 's/^.*<key>PrerequisiteOSVersion<\/key>[[:space:]]*<string>([^<]*)<\/string>.*$/\1/' <<<"$plist2")";
    oldbuild="$(sed -E 's/^.*<key>PrerequisiteBuild<\/key>[[:space:]]*<string>([^<]*)<\/string>.*$/\1/' <<<"$plist2")";
    name="${name}_${oldversion}_${oldbuild}";
fi;

# If name is longer than 100 chars, one of the replacements didn't match and the entire $plist was returned
if [ "${#name}" -gt 100 ]; then
    echo 'Failed to parse device, version or build string';
    exit 1;
fi;

# This is where the fs gets rebuilt
name="$PWD/$name";
if [ -e "$name" ]; then
    echo "Directory $name already exists";
    exit 1;
fi;
mkdir -p "$name";
cd "$name";
for pb in "$dir/AssetData/payloadv2/payload" "$dir/AssetData/payloadv2/payload."*; do
    if [ -e "$pb" ]; then
        "$pbzx" < "$pb" | unxz > "$pb.ota";
        "$otaa" -e '*' "$pb.ota";
    fi;
done;

# Clean up
#rm -r "$dir";


Works pretty well already, although anything besides the payload files are currently ignored (like kernelcache and /usr/standalone/update/all_flash and stuff like that).
Also the rm at the end is commented out because I still needed that directory.

I'll probably finish this and push it to GitHub, together with a fork of J's otaa if I manage to add symlink support there.
Last edited by Siguza on Fri May 27, 2016 1:36 pm, edited 3 times in total.
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: OTApack Errors

Postby darkknight » Fri May 27, 2016 12:44 pm

Just an update....seems like it was indeed a differential update. The file I grabbed was approx. 380MB. I grabbed a bigger file this time 1.8GB and the results were more inline with what you would expect.
darkknight
 
Posts: 65
Joined: Mon Apr 18, 2016 10:49 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests