ããæ é¢: ãååãå¦ä½è°è¯iOSå
æ ¸
ããä½ è
: zhuliang
ããæ¶ é´: 2012-10-23,11:38:56
ããioså
æ ¸è°è¯ä¸åwinålinuxå
æ ¸è°è¯é£ä¹ç®æï¼æä½èµ·æ¥æ¯è¾éº»ç¦ï¼æ¬æä»ç»å¦ä½è¿è¡ioså
æ ¸çè°è¯ï¼wordçå¦ä½è°è¯iOSå
æ ¸.rar.
ããå¦ä½è°è¯iOSå
æ ¸
ããä½è
ï¼zhuliang
ãã转载请ä¿è¯æç« å®æ´å¹¶æ³¨ææ¥æº
ããæ¬æ对å¦ä½è°è¯iOSï¼iPhone OSï¼å
æ ¸è¿è¡ç®åçä»ç»ï¼è®²è¿°iOSå
æ ¸è°è¯çç¯å¢æ建ï¼è°è¯æ¥éª¤çã
ããiOSæ¯ç¨XNUå
æ ¸ï¼XNU for macç代ç å¯ä»¥ä»è¹æå®æ¹ä¸è½½å°ï¼å½ç¶ä¸æ¯ææ°ççãXNUå
æ ¸ææ¢ç¸äºç¬ç«åç¸äºäº¤äºçä¸ä¸ªç»ä»¶ææï¼è¿ä¸ä¸ªç»ä»¶æ¯ï¼MachãBSDãIOKitã
ããé¦å
ï¼æ¯ç¡¬ä»¶ä¸è½¯ä»¶çåå¤ã
ãã硬件æ¹é¢ï¼ä¸å°è¶ç±ç设å¤æ¯å¿
éçï¼å»ºè®®ç¨iPhone4ï¼æ³¨iPad2æiPhone4Sç±äºéç¨çæ¯è¹æA5çcpuï¼å®çbootromç®åè¿æ²¡æå
¬å¼æ¼æ´ï¼ä¸è½ç¨çº¢éªè®¾ç½®å¼å¯¼åæ°ï¼ä¸è½ä½¿ç¨å®æ¥è°è¯ï¼ãå
æ ¸è°è¯æ°æ®çº¿ï¼è¯¥æ°æ®çº¿å«æUSB转串å£ççµè·¯ï¼å¯ä»¥åèæç®1æ¥èªå·±çæ¥ï¼æ¬äººå¶ä½å¥½çè°è¯çº¿å¦ä¸å¾ï¼éäºç¯å¹
è¿éä¸å¯¹å¦ä½å¶ä½è°è¯çº¿å±å¼è®¨è®ºãä¸å°çµèï¼å¯ä¸ºå°å¼æºæç¬è®°æ¬ï¼macæ´ä½³ã
ãã软件æ¹é¢ï¼èææºVMwareï¼macæä½ç³»ç»æ¯å¦Lionï¼XCodeçã
ããå
¶æ¬¡ï¼æ¯ç¯å¢çæ建ã
ããMacç¯å¢ï¼ç±äºiOSçå
æ ¸è°è¯è¦å¨macæä½ç³»ç»å¹³å°ä¸è¿è¡ï¼æ以é¦å
è¦æ建macç¯å¢ï¼æ好ç¨çå®çmacæºï¼ä¹å¯ç¨èææºï¼æ¬æ为æ¹ä¾¿æ²¡æmacçæåï¼ä»¥èææºä¸ºä¾è¿è¡è®²è¿°ï¼ç¨çå®macæºçæåå¯æ ¹æ®å
·ä½çæ
åµéæºåºåãå
·ä½æ¥éª¤å¦ä¸ï¼å
å¨çµèä¸è£
èææºï¼å¦VMwareï¼è½¯ä»¶ï¼ç¶åå¨èææºéé¢è£
macæä½ç³»ç»ï¼æ¯å¦Lionï¼ï¼è£
好macç³»ç»åä¸è½½XCode并è£
ä¸ãå¦æè§å¾è¿æ ·å¤ªéº»ç¦çè¯ï¼å¯ç´æ¥ä»çµé©´ä¸è½½è£
好Lionçèææºã
ããæäºmacç¯å¢åï¼å¨macæä½ç³»ç»éè£
好USB转串å£è¯çç驱å¨ç¨åºï¼å¯ä»
http://www.ftdichip.com/Drivers/VCP.htmä¸è½½ï¼ï¼è£
好驱å¨åå°±å¯ç¨ls /dev/tty.usb*æ¥çä¸ä¸æ没ææ串å£è¯å«åºæ¥ãè¯å«åºæ¥åå¦ä¸é¢çå¾æ示ãç¶åä¸è½½æ¬æé带çSerialKDPProxyç¨åºæºä»£ç SerialKDPProxy_m.rarï¼è¯¥æºç æ¯ç±Albert_liuweiä»åèæç®1æä¾çSerialKDPProxyä¿®æ¹èæ¥ï¼ç¹æ¤å£°æï¼ï¼å¹¶makeä¸ä¸ï¼ä½ æçãå°å¾å°çSerialKDPProxyæ件cpå°/binä¸ï¼è¿æ ·ä¸ç¨æ¯æ¬¡é½è¦åæ¢å°è¿ä¸ªç®å½ä¸æè½æ§è¡ã
ããæåï¼æ建好äºç¯å¢åå°±å¯ä»¥è¿è¡è°è¯äºï¼ä¸»è¦æä¸ä¸ªæ¥éª¤ï¼
ããä¸æ¯è¿è¡ä¸²å£ä»£çç¨åºï¼ç¨ä¸é¢çå½ä»¤è¡ã
ããSerialKDPProxy /dev/tty.usbserial-A900c0xb
ããè¿éçtty.usbserial-A900c0xbè¦æ¿æ¢ä¸ºå¨ä½ çç³»ç»ä¸å
·ä½ç设å¤åï¼ä¸æls /dev/tty.usb*çç»æã
ããäºæ¯ç¨çº¢éªè®¾ç½®å¼å¯¼åæ°ã该æ¥éª¤å¯ä»¥å¨ç©ç主æºWindowsç³»ç»ä¸é¢è¿è¡ï¼å 为å½ä»¤è¡æ¶åå°ä¸ä¸ªå ç¾Mçæ件ï¼å¤å¶å°èææºéæ¯è¾éº»ç¦ãå¯ä»¥å¨Winä¸ç¨ä¸é¢çå½ä»¤è¡ã
ããredsn0w.exe -i "D:\Apple\iPhone3,1_4.3.3_8J2_Restore.ipsw" -j -a "-v debug=0x09"
ãã该å½ä»¤è¾å
¥å®æ¯å车åï¼çº¢éªä¼è®©ä½ æå®çæ示è¿å
¥dfu模å¼ãè¿å
¥dfuåç¨çä¸ä¸ï¼ä¼çå°å°è è人å¨ææºå±å¹ä¸ãçä¸å°çè¯ï¼å¯è½æ¯è¿å
¥dfu模å¼åºéã
ããæ¥ä¸æ¥åæ¢å°macç¯å¢å·¥ä½ï¼è¿å
¥èææºç¯å¢ä¹åè¦ç¡®è®¤USB转串å£ç设å¤åç¹çé©å·²é©ä¸ãå¦ä¸å¾ï¼
ããä¸æ¯ç¨gdbè°è¯ioså
æ ¸ãæç¨çå½ä»¤è¡åæ°å¦ä¸ï¼
ããgdb -arch armv7 (gdb) target remote-kdp (gdb) attach 127.0.0.1
ããå¨winä¸é¢ã串å£ä»è®¾å¤ç®¡çå¨éçåºæ¥æ¯COM8.代çç¨åºç¨è¿ä¸ªå½ä»¤è¡ï¼./SerialKDPProxy.exe /dev/com8
ããå¯å¨gdbçå½ä»¤æ¯ ./arm-apple-darwin-gdb.exe
ããå
¶å®çé½æ¯åseçpptåä¸æ ·ã
ããè³äºå
·ä½æä¹è°è¯ï¼çælinuxä¸ç¨gdbè¿è¡è°è¯çæåè½ç¸å½çç»å°è°è¯ï¼ä¹å¯ä»¥åèæ¬äººçå¦ä¸æç« ãiOSå¦ä½å©ç¨ARMçMMUè¿è¡å°åæ å°ãã