Device Nodes

From The iPhone Wiki
Revision as of 00:46, 9 November 2008 by ChronicDev (talk | contribs) (How to access /dev/mem and /dev/kmem)
Jump to: navigation, search

The underlying unix OS that powers the iPhone has a number of device nodes. These nodes can be read from or written to by the OS or applications.

Overview

A iPhone 3G 2.0.2 contains:

crw-rw-rw-  1 root wheel    21,  0 Aug 28 15:35 aes_0
crw-------  1 root wheel    23,  0 Aug 28 18:56 bpf0
crw-------  1 root wheel    23,  1 Aug 28 18:56 bpf1
crw-------  1 root wheel    23,  2 Aug 28 15:35 bpf2
crw-------  1 root wheel    23,  3 Aug 28 15:35 bpf3
c------r--  1 root wheel    11,  0 Aug 28 15:35 btreset
crw--w--w-  1 root wheel     0,  0 Aug 28 15:35 console
crw-rw-rw-  1 root wheel     1,  5 Aug 28 18:56 cu.bluetooth
crw-rw-rw-  1 root wheel     1,  7 Aug 28 15:35 cu.debug
crw-rw-rw-  1 root wheel     1,  1 Aug 28 15:35 cu.iap
crw-rw-rw-  1 root wheel     1,  3 Aug 28 15:35 cu.umts
brw-r-----  1 root operator 14,  0 Aug 28 15:35 disk0
brw-r-----  1 root operator 14,  1 Aug 28 15:35 disk0s1
brw-r-----  1 root operator 14,  2 Aug 28 15:35 disk0s2
crw-------  1 root wheel     9,  0 Aug 28 15:35 dlci.spi-baseband.0
crw-------  1 root wheel     9,  1 Aug 28 18:56 dlci.spi-baseband.1
crw-------  1 root wheel     9, 10 Aug 28 15:35 dlci.spi-baseband.10
crw-------  1 root wheel     9, 11 Aug 28 15:35 dlci.spi-baseband.11
crw-------  1 root wheel     9, 12 Aug 28 15:35 dlci.spi-baseband.12
crw-------  1 root wheel     9, 13 Aug 28 15:35 dlci.spi-baseband.13
crw-------  1 root wheel     9, 14 Aug 28 15:35 dlci.spi-baseband.14
crw-------  1 root wheel     9, 15 Aug 28 15:35 dlci.spi-baseband.15
crw-------  1 root wheel     9,  2 Aug 28 19:13 dlci.spi-baseband.2
crw-------  1 root wheel     9,  3 Aug 28 18:56 dlci.spi-baseband.3
crw-------  1 root wheel     9,  4 Aug 28 18:56 dlci.spi-baseband.4
crw-------  1 root wheel     9,  5 Aug 28 18:56 dlci.spi-baseband.5
crw-------  1 root wheel     9,  6 Aug 28 18:56 dlci.spi-baseband.6
crw-------  1 root wheel     9,  7 Aug 28 18:56 dlci.spi-baseband.7
crw-------  1 root wheel     9,  8 Aug 28 18:56 dlci.spi-baseband.8
crw-------  1 root wheel     9,  9 Aug 28 18:56 dlci.spi-baseband.9
crw-------  1 root wheel     6,  0 Aug 28 15:35 klog
cr--r--r--  1 root wheel    13,  3 Aug 28 15:35 mrvl868x0
crw-------  1 root wheel     9,  0 Aug 28 15:35 mux.spi-baseband
crw-rw-rw-  1 root wheel     3,  2 Aug 28 18:56 null
crw-rw-rw-  1 root tty      15,  1 Aug 28 19:13 ptmx
crw-rw-rw-  1 root wheel     5,  0 Aug 28 15:35 ptyp0
crw-rw-rw-  1 root wheel     5,  1 Aug 28 15:35 ptyp1
crw-rw-rw-  1 root wheel     5,  2 Aug 28 15:35 ptyp2
crw-rw-rw-  1 root wheel     5,  3 Aug 28 15:35 ptyp3
crw-rw-rw-  1 root wheel     5,  4 Aug 28 15:35 ptyp4
crw-rw-rw-  1 root wheel     5,  5 Aug 28 15:35 ptyp5
crw-rw-rw-  1 root wheel     5,  6 Aug 28 15:35 ptyp6
crw-rw-rw-  1 root wheel     5,  7 Aug 28 15:35 ptyp7
crw-rw-rw-  1 root wheel     8,  0 Aug 28 15:35 random
crw-r-----  1 root operator 14,  0 Aug 28 15:35 rdisk0
crw-r-----  1 root operator 14,  1 Aug 28 15:35 rdisk0s1
crw-r-----  1 root operator 14,  2 Aug 28 15:35 rdisk0s2
crw-rw-rw-  1 root wheel    20,  0 Aug 28 15:35 sha1_0
crw-rw-rw-  1 root wheel     2,  0 Aug 28 15:35 tty
crw-rw-rw-  1 root wheel     1,  4 Aug 28 15:35 tty.bluetooth
crw-rw-rw-  1 root wheel     1,  6 Aug 28 15:35 tty.debug
crw-rw-rw-  1 root wheel     1,  0 Aug 28 15:35 tty.iap
crw-rw-rw-  1 root wheel     1,  2 Aug 28 15:35 tty.umts
crw-rw-rw-  1 root wheel     4,  0 Aug 28 15:35 ttyp0
crw-rw-rw-  1 root wheel     4,  1 Aug 28 15:35 ttyp1
crw-rw-rw-  1 root wheel     4,  2 Aug 28 15:35 ttyp2
crw-rw-rw-  1 root wheel     4,  3 Aug 28 15:35 ttyp3
crw-rw-rw-  1 root wheel     4,  4 Aug 28 15:35 ttyp4
crw-rw-rw-  1 root wheel     4,  5 Aug 28 15:35 ttyp5
crw-rw-rw-  1 root wheel     4,  6 Aug 28 15:35 ttyp6
crw-rw-rw-  1 root wheel     4,  7 Aug 28 15:35 ttyp7
crw--w----  1 root tty      16,  0 Aug 28 19:13 ttys000
crw-rw-rw-  1 root wheel    10,  2 Aug 28 15:35 uart.bluetooth
crw-rw-rw-  1 root wheel    10,  3 Aug 28 15:35 uart.debug
crw-rw-rw-  1 root wheel    10,  0 Aug 28 15:35 uart.iap
crw-rw-rw-  1 root wheel    10,  1 Aug 28 15:35 uart.umts
crw-rw-rw-  1 root wheel     8,  1 Aug 28 15:35 urandom
brw-------  1 root operator  1,  0 Aug 28 15:35 vn0
brw-------  1 root operator  1,  1 Aug 28 15:35 vn1
crw-rw-rw-  1 root wheel     3,  3 Aug 28 15:35 zero

Block Devices

disk0 iPhone flash memory (4, 8 or 16GB)
disk0s1 OS partition. Stores / root file system.
disk0s2 User space. Stores Music, Photos, Videos, Podcasts, Ringtones and Apps. Mounted as /private/var.
vn0 unknown
vn1 unknown

Interesting Character Devices

Dev Node Description Children
rdisk0 RAW Disk; to access the Flash rdisk0s1 (root) rdisk0s2 (data)
dlci.spi-baseband iPhone Baseband Radio dlci.spi-baseband.0 - dlci.spi-baseband.15
tty.iap serial connection (pins 12 and 13 of the Dock connector)
uart.umts Serial connection to the Utms radio (?)
dlci.spi-baseband.9 GPS device (read from by /usr/libexec/locationd82 for CoreLocation services)
mem Raw access to RAM (has been blocked since 1.0.2) Memory devices can be re-enabled with single WORD change within kernel. kmem, Raw access to Kernel Memory (also blocked since 1.0.2)
aes_0 Access to AES engine. Works via complicated ioctl handshake. Not known why it exists, as use of the IOKit interface is much simpler.

How to access /dev/mem and /dev/kmem

All you need to do is patch the kernel. See here for up to date patches according to the firmware revision that you are on. Just a note, the last kernel patch is all that seems to be needed, as it patches the setup_keme flag to 7, making all of the checks pass. The first four are just there so that if anyone decides to look into them when a firmware is freshly released, and we do not have new patches, people will not mess up anything if Apple added extra checks.