inkhead
07-04-2007, 11:34 AM
I know we haven't cracked the entire .DMG image files yet, but for the ones we did crack, can't we just modify the /etc/hosts file so that :
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
Points to:
LOCALHOST:YourFolder/iPhone1,1_1.0_1A543a_Restore.ipsw
Then click restore in iTunes and it will think it's getting the modified restore.ipsw file from Apple's server's when really it's getting it from the local copy on our computer? I know we can't make tons of changes until we crack the final DMG, but wouldn't this give us a chance to at least customize it a little bit?
Then at least we copy into ramdisk > System > Library > Extensions:
Other frameworks besides the current "IOUSBDeviceFamily.kext"
Such as the frameworks in real Mac OS X for bluetooth, and several other things. I know that from the NSA securing Mac OS X guide, this is how they would disable USB, and bluetooth on Mac laptops by removing these .kext files for them. So logically if we copied them back into there wouldn't they work?
I mean worse case scenario we have to go into iTunes remove the /etc/hosts modification and hit restore to "fix" the phone back to normal
Am I way off base here? The only problem I can see is the ARM processors is not really an Intel x86 chip correct so it's probably special kernel extensions?
On my Mac OS X (MacBook Pro) in the same directory I have ( 19 ones related to bluetooth:
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothA2DPAudioDriver.kext/Contents/MacOS/IOBluetoothA2DPAudioDriver
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothA2DPAudioDriver.kext
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSCOAudioDriver.kext/Contents/MacOS/IOBluetoothSCOAudioDriver
/System/Library/Extensions/IOBluetoothFamily.kext
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/MacOS/IOBluetoothFamily
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSerialManager.kext/Contents/MacOS/IOBluetoothSerialManager
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSerialManager.kext
Or does the RAM disk portion just load USB ktext file first for USB charging, and then later load up any other kernel extensions for the iPhone?
Seems like with the Leopard Bluetooth extensions above placed into the RAMdisk and put back into the DMG file we could fool the iPhone into offering full bluetooth filebrowing.
Any thoughts?
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
Points to:
LOCALHOST:YourFolder/iPhone1,1_1.0_1A543a_Restore.ipsw
Then click restore in iTunes and it will think it's getting the modified restore.ipsw file from Apple's server's when really it's getting it from the local copy on our computer? I know we can't make tons of changes until we crack the final DMG, but wouldn't this give us a chance to at least customize it a little bit?
Then at least we copy into ramdisk > System > Library > Extensions:
Other frameworks besides the current "IOUSBDeviceFamily.kext"
Such as the frameworks in real Mac OS X for bluetooth, and several other things. I know that from the NSA securing Mac OS X guide, this is how they would disable USB, and bluetooth on Mac laptops by removing these .kext files for them. So logically if we copied them back into there wouldn't they work?
I mean worse case scenario we have to go into iTunes remove the /etc/hosts modification and hit restore to "fix" the phone back to normal
Am I way off base here? The only problem I can see is the ARM processors is not really an Intel x86 chip correct so it's probably special kernel extensions?
On my Mac OS X (MacBook Pro) in the same directory I have ( 19 ones related to bluetooth:
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothA2DPAudioDriver.kext/Contents/MacOS/IOBluetoothA2DPAudioDriver
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothA2DPAudioDriver.kext
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSCOAudioDriver.kext/Contents/MacOS/IOBluetoothSCOAudioDriver
/System/Library/Extensions/IOBluetoothFamily.kext
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/MacOS/IOBluetoothFamily
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSerialManager.kext/Contents/MacOS/IOBluetoothSerialManager
/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSerialManager.kext
Or does the RAM disk portion just load USB ktext file first for USB charging, and then later load up any other kernel extensions for the iPhone?
Seems like with the Leopard Bluetooth extensions above placed into the RAMdisk and put back into the DMG file we could fool the iPhone into offering full bluetooth filebrowing.
Any thoughts?