最近在调研imagination gpu的时候,发现apple之前可以使用Android的的iPhone7刚好就是最后一代使用imagination ip的产品,后面的apple gpu虽然就是imagination只不过已经把某公司挖空了产品也改成自己的了。
前几天让群友在华强北搞了一台iPhone 7 Plus准备来试一下 到手的iOS版本是15.8 应该也是最后一个版本 这是一个伏笔,后面的翻车推测也和这个有关
运行Android的这个项目叫 projectsandcastle 已经停更多年
https://github.com/corellium/projectsandcastle
在操作之前需要越狱,这个很多工具都可以,这里就不说了、
接下来是分区往里面写入Android的相关文件。
下面就开始和设想不太一样了
首先需要把从官网下载到的内容解压,然后找到isetup文件,通过scp传输到手机的 /tmp 目录下(需要提前在iPhone上装好openssh)
下面就是这个文件的执行内容:
#!/binpack/bin/sh
/binpack/usr/local/bin/wget http://google.com -O /dev/null > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Please make sure you are connected to wifi and try again"
exit 1;
fi
DISK=0
DISKS=`ls /dev/disk0s1s*`
for i in ${DISKS}
do
LABEL=`/System/Library/Filesystems/apfs.fs/apfs.util -p $i`
if [ "${LABEL}" == "Android" ]; then
DISK=$i
break;
fi
done
if [ ! -b ${DISK} ]; then
newfs_apfs -A -v Android -e /dev/disk0s1
fi
DISK=
DISKS=`ls /dev/disk0s1s*`
for i in ${DISKS}
do
LABEL=`/System/Library/Filesystems/apfs.fs/apfs.util -p $i`
if [ "${LABEL}" == "Android" ]; then
DISK=$i
break;
fi
done
if [ -b ${DISK} ]; then
mkdir -p /tmp/mnt
echo "Mounting ${DISK}"
mount -t apfs ${DISK} /tmp/mnt
if [ $? -ne 0 ]; then
echo "failed to mount disk";
exit 1
fi
rm -rf /tmp/mnt/nand*
echo "Starting to download nand. This will take a few minutes"
/binpack/usr/local/bin/wget http://assets.checkra.in/downloads/sandcastle/88b1089d97fe72ab77af8253ab7c312f8e789d49209234239be2408c3ad89a34/nand.gz -O /tmp/mnt/nand.gz > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Failed to download nand. Are you connected to wifi?"
umount /tmp/mnt
exit 1;
fi
echo "Decompressing nand image"
/binpack/usr/bin/gunzip -d /tmp/mnt/nand.gz > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Failed to decompress nand. Wifi disconnected?"
umount /tmp/mnt
exit 1;
fi
sync
umount /tmp/mnt
else
echo "There was an error"
exit 1
fi
在我目前的环境下 /binpack/bin/sh 以及 /binpack/usr/bin/gunzip /binpack/usr/local/bin/wget 均无法执行
在初始阶段会访问Google来验证网络,所以需要搭个梯子
nand.gz这个文件是通过assets.checkra.in下载 比较慢
然后我就改出了下面这组脚本
#!/bin/bash
wget http://215.10.1.112 -O /dev/null > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Please make sure you are connected to wifi and try again"
exit 1;
fi
DISK=0
DISKS=`ls /dev/disk0s1s*`
for i in ${DISKS}
do
LABEL=`/System/Library/Filesystems/apfs.fs/apfs.util -p $i`
if [ "${LABEL}" == "Android" ]; then
DISK=$i
break;
fi
done
if [ ! -b ${DISK} ]; then
newfs_apfs -A -v Android -e /dev/disk0s1
fi
DISK=
DISKS=`ls /dev/disk0s1s*`
for i in ${DISKS}
do
LABEL=`/System/Library/Filesystems/apfs.fs/apfs.util -p $i`
if [ "${LABEL}" == "Android" ]; then
DISK=$i
break;
fi
done
if [ -b ${DISK} ]; then
mkdir -p /tmp/mnt
echo "Mounting ${DISK}"
mount -t apfs ${DISK} /tmp/mnt
if [ $? -ne 0 ]; then
echo "failed to mount disk";
exit 1
fi
rm -rf /tmp/mnt/nand*
echo "Starting to download nand. This will take a few minutes"
wget http://215.10.1.112/nand.gz -O /tmp/mnt/nand.gz > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Failed to download nand. Are you connected to wifi?"
umount /tmp/mnt
exit 1;
fi
echo "Decompressing nand image"
gzip -d /tmp/mnt/nand.gz > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Failed to decompress nand. Wifi disconnected?"
umount /tmp/mnt
exit 1;
fi
sync
umount /tmp/mnt
else
echo "There was an error"
exit 1
fi
将所有访问网络的部分放到了本地内网的服务器上,相关程序路径也进行了修改
修改之后出现了这样一个问题
mount_apfs: volume could not be mounted: Operation not permitted
mount: /private/var/tmp/mnt failed with 77
定位一下代码 发现实际命令是
mount -t apfs /dev/disk0s1s8 /tmp/mnt
权限以及文件夹权限也确认了没有问题,执行权限也是root,网上看上去也没有任何有关信息
[ 1643.673285]: System Policy: mount_apfs(1871) deny(1) file-mount /private/var/tmp/mnt
dmesg出现了上面这条消息
观察了下其他刷入成功的iOS版本感觉是不是我目前这个版本过高无法挂载分区了?
这个问题大概就先放着吧 有知道原因的朋友欢迎告诉我(小声
版权属于:Kiritake Kumi (Niconeiko) ,本文所引用的第三方材料版权归属为:第三方材料的所有者
本文链接:https://blog.yazawaniko.com/index.php/archives/279/
除特殊标注以及**影像内容**外,均使用署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)协议 ,影像内容请务必联系确认是否可以转载使用