semthex
03-28-2007, 10:12 PM
Many people have asked me what the AppleTV OS really is and some other questions qutie often reapting, here are the answers. In this short article I wanted to shed a bit ligth on the AppleTV. Warning this text includes many thing I wrote about before in short form and more intended for newcomer to AppleTV hacking.
What is the AppleTV OS?
Basicly the Apple TV is a stripped down version of OSX 10.4.8 with two additional frameworks (Backrow and iPhotoAccess). The Applications have been stripped out as well as most of the driver. Further the kernel, launchd and serveral other binaries of the OS have been packed to a file called mach_kernel.permlink. This file is packaged with complzss packer. Other than the on-screen version number, the kernel clearly unamed as v. 8.8.2 which is equal to a previous released SSE3 version of a security update to 10.4.8, but it was not the latest version which was 8.8.3.
Also the Finder of the OS has been replaced by some kind of remotecontrollable iTunes and Finder merge, this is the interface we all know from the AppleTV in common. This handy finder integrates everythign the AppleTV is or can do. There is no other controll component on a retail AppleTV like "dock" or anything.
The OS itself has hardly any other applicational content than the tool needed for the OS or basic tasks. But suprisingly the AppleTV seems to contain a full featured install of perl 5.8. as well as some other normaly for a TV settop box unneeded applications.
How does it work to get AppleTV OS Finder work on a mac or hack?
The Finder of AppleTV is encrypthed with Apples common binary "protection" which has been proven not protective before. This protection is based upon AES and discribed in the additional chapters of Amit Singhs "OSX internals" book, he published on his website www.osxbook.com. Sadly his discription is lacking something important (maybe for legal reasons?) which does not give it 100% useful status than it comes to decrypth a binary for example on the fly but it shoudl enable someone technical on the rigth level to figure out how to make a decrypth. Please DON'T bother me for the process, thanks.
Back to the topic of finder. After decrypthing the application it shows started on a common OSX 2 log entrys, one is saying that the IR is not found the other one is a hardware check for embended devices. These have to be disabled both. Why the IR check? Because other Mac IR hardware, even if it is working seems not to comply with the hardware checks of the ATV Finder.
Removing these to checks only (by best nopping them out) will enable you to run it on a common mac. Hackint0shs are quite a bit harder. From the nature of most of them not having EFI, Finder will exit on startup or catch itself into a endless loop of video. This happens because the Finder trys to access the nvram and will fail and exit on this. This is not really a hardware check for itself, more a incompatibility to none EFI hardware.
After the finder is patched and repalced with the original OSX Finder and both frameworks are in the rigth palce with all permissions and ownerships set correctly (important!) your homebewn AppleTV is ready to go.
Will OSX run AppleTV?
Yes it is fairly possible. Even with 256mb ram it should be working, not really cool but it would. Because of the Arch of the processor used in the ATV, it is required to have a kernel including the same SSE3 emulation like I included in my SSE2 kernel for OSx86. For the question if I will do such a baby I can for sure, but I would first need some new people able to test the kernel with their AppleTV's. Well this is something for the future, but with my emu inside a kernel it could be done, no problem.
Does it harm Apple as they will not sell them now anymore?
This hack is more of a kind proof of concept and a way to preview the new AppleTV. The backrow framework is not finding the "Media" partition without patching for any machine specificly nor is it really cool to have your computer hooked up the TV as you could have done with this iTunes before. Under this circumances it's hard to belive it will do anything to AppleTV sales. Anyways we recommend anyone who can affort the few bucks for this really cool living room mac to buy one, even more as we will have proberly the opportiunity soon to run a full featured OSX on it, fully legal, even for DMCA, as it is real Apple hardware ;).
(Sitenote: because of the proof of conceptness, the patch should never been release public but seems that some tester leaked it, well use it responsiv and do not pirate you know :) )
What is the AppleTV OS?
Basicly the Apple TV is a stripped down version of OSX 10.4.8 with two additional frameworks (Backrow and iPhotoAccess). The Applications have been stripped out as well as most of the driver. Further the kernel, launchd and serveral other binaries of the OS have been packed to a file called mach_kernel.permlink. This file is packaged with complzss packer. Other than the on-screen version number, the kernel clearly unamed as v. 8.8.2 which is equal to a previous released SSE3 version of a security update to 10.4.8, but it was not the latest version which was 8.8.3.
Also the Finder of the OS has been replaced by some kind of remotecontrollable iTunes and Finder merge, this is the interface we all know from the AppleTV in common. This handy finder integrates everythign the AppleTV is or can do. There is no other controll component on a retail AppleTV like "dock" or anything.
The OS itself has hardly any other applicational content than the tool needed for the OS or basic tasks. But suprisingly the AppleTV seems to contain a full featured install of perl 5.8. as well as some other normaly for a TV settop box unneeded applications.
How does it work to get AppleTV OS Finder work on a mac or hack?
The Finder of AppleTV is encrypthed with Apples common binary "protection" which has been proven not protective before. This protection is based upon AES and discribed in the additional chapters of Amit Singhs "OSX internals" book, he published on his website www.osxbook.com. Sadly his discription is lacking something important (maybe for legal reasons?) which does not give it 100% useful status than it comes to decrypth a binary for example on the fly but it shoudl enable someone technical on the rigth level to figure out how to make a decrypth. Please DON'T bother me for the process, thanks.
Back to the topic of finder. After decrypthing the application it shows started on a common OSX 2 log entrys, one is saying that the IR is not found the other one is a hardware check for embended devices. These have to be disabled both. Why the IR check? Because other Mac IR hardware, even if it is working seems not to comply with the hardware checks of the ATV Finder.
Removing these to checks only (by best nopping them out) will enable you to run it on a common mac. Hackint0shs are quite a bit harder. From the nature of most of them not having EFI, Finder will exit on startup or catch itself into a endless loop of video. This happens because the Finder trys to access the nvram and will fail and exit on this. This is not really a hardware check for itself, more a incompatibility to none EFI hardware.
After the finder is patched and repalced with the original OSX Finder and both frameworks are in the rigth palce with all permissions and ownerships set correctly (important!) your homebewn AppleTV is ready to go.
Will OSX run AppleTV?
Yes it is fairly possible. Even with 256mb ram it should be working, not really cool but it would. Because of the Arch of the processor used in the ATV, it is required to have a kernel including the same SSE3 emulation like I included in my SSE2 kernel for OSx86. For the question if I will do such a baby I can for sure, but I would first need some new people able to test the kernel with their AppleTV's. Well this is something for the future, but with my emu inside a kernel it could be done, no problem.
Does it harm Apple as they will not sell them now anymore?
This hack is more of a kind proof of concept and a way to preview the new AppleTV. The backrow framework is not finding the "Media" partition without patching for any machine specificly nor is it really cool to have your computer hooked up the TV as you could have done with this iTunes before. Under this circumances it's hard to belive it will do anything to AppleTV sales. Anyways we recommend anyone who can affort the few bucks for this really cool living room mac to buy one, even more as we will have proberly the opportiunity soon to run a full featured OSX on it, fully legal, even for DMCA, as it is real Apple hardware ;).
(Sitenote: because of the proof of conceptness, the patch should never been release public but seems that some tester leaked it, well use it responsiv and do not pirate you know :) )