joker feedface

Used for discussing the various tools in the book as well as encouraging members to share tools

joker feedface

Postby matteyeux » Fri Sep 09, 2016 5:29 pm

Hi J.

Anyway to update joker to find kcache feedface and lzssdec it ?

BTW, could you push the updated source of Joker please ?
matteyeux
 
Posts: 15
Joined: Tue Jan 05, 2016 7:59 pm

Re: joker feedface

Postby morpheus » Fri Sep 09, 2016 9:29 pm

Yep. Done. And wasn't that hard, either. Also I'm now adding a joker ARM64 binary compiled, since this is now useful to run on the device itself as of iOS 10.

(Check the joker page).

New version also has preliminary support for Sandbox profile decompilation when encountering the sandbox.kext either standalone or kextracting from kernelcache.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: joker feedface

Postby matteyeux » Sun Sep 11, 2016 5:52 pm

Thanks again for your work sir.

OTA firmware of iPhone 7 is available, it seems It cannot find magic to lzssdec it.

I've tried to manage to do it manually, unfortunately I did not spot the feedfacf (or whatever) offset
Here is the output of joker.

I guess it's very different than older kernel's devices

Something fun, everytime I run joker, magic value changes

Code: Select all
$ joker kernelcache.release.d111
I have no idea how to handle a file with a magic of 07fed
matteyeux
 
Posts: 15
Joined: Tue Jan 05, 2016 7:59 pm

Re: joker feedface

Postby morpheus » Sun Sep 11, 2016 9:27 pm

Could be a bug; probably is. Can you post the kernelcache, in its raw (compressed) form over a link please?
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm

Re: joker feedface

Postby matteyeux » Sun Sep 11, 2016 10:14 pm

matteyeux
 
Posts: 15
Joined: Tue Jan 05, 2016 7:59 pm

Re: joker feedface

Postby Siguza » Sun Sep 11, 2016 11:19 pm

Well that's definitely encrypted. But then again, it's advertised as "9.9.10.0.1" for updating...
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Re: joker feedface

Postby matteyeux » Mon Sep 12, 2016 12:11 pm

Ah. Sad

I guess "9.9.10.0.1" is a just a bug in the ipsw.me API.
matteyeux
 
Posts: 15
Joined: Tue Jan 05, 2016 7:59 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest