Difference between revisions of "Kirkwood 7A341 (iPod2,1)"

Decryption Keys

Root Filesystem

• VFDecrypt: 415225778e1bebf8eeff2a9050b04ce429de9680e4acba50820a3fa453897bc4a4b307e2

LLB

• IV: 6a362817b3dfaf5932f13a747e0181a6
• Key: fd285252b62192710f6f8c902ef96aaf

iBoot

• IV: c71876986992913eeb8b12b072e00293
• Key: e0476a04b7dfba9531e1c0263f8b0143

DeviceTree

• IV: 58a4993608ddfbd3c7be970c7656f54a
• Key: b11cafdbacf7ccc0a73a500dffe48c81

kernelcache

• IV: 308dd79438f44a9b9f2d465dbc850f3d
• Key: d1dd8688b1845fd4c58628e701a1e0a2

iBEC

• IV: cb811d7b738e930fdf21660dd261e937
• Key: 592b94ddb22d797f5bfe0b6529223233

iBSS

• IV: 562681289ebe33a82a810a6463b95dde
• Key: d42a45e83880d70807fef01f2fed29ac

018-5309-002.dmg

• IV: b7ae396e8e8ea533b1593802b1d59678
• Key: 4672f8b511586e795ec7d6aa9ad1b1c3

018-5310-002.dmg

• IV: 395f0ec18c19f302298c0fd49b75c6e6
• Key: 8f4a88ab8acf4bed06a5f641ba804c50

Patches

Putting this here for developers that would like to to utilize "extras" like /dev/kmem access, tfp0, etc.

Kernel

// thumb patches
0x08DE72: 8D 43 => 00 00               // w^x patch #1
0x090B6E: A2 43 => 00 00               // w^x patch #2
0x19B8BC: 0C D1 => 0C E0               // allow tfp0
0x381E22: FA 23 DB 00 => 01 23 5B 42   // allow aes uid key usage
0x381E34: FA 23 9B 00 => 01 23 5B 42   // allow aes gid key usage
0x3DEF8E: 40 42 => 00 20               // img3 signature check

// flag patches
0x213638: 00 00 00 00 => 01 00 00 00   // setup_kmem flag

// arm patches
0x3F908C: 00 40 A0 E3 => 01 40 A0 E3   // codesign check actual code patch
0x3FCB40: FF 40 A0 E3 => 00 40 A0 E3