#!/bin/bash set -eux QEMUDIR=/home/ios/git/qemu-t8030.swsep4/build/ cd "${QEMUDIR}" #make -j16 all install make -j16 all OPTS="$*" cd /home/ios/satamnt_3/qemu_t8030_swsep_nosep_0/ DEVNAME=n104ap RELTYPE=research #RELTYPE=release RDPATH=$(get_entries_from_plist.py BuildManifest.plist RestoreRamDisk "$DEVNAME" "$RELTYPE") KERNELCACHE=$(get_entries_from_plist.py BuildManifest.plist KernelCache "$DEVNAME" "$RELTYPE") KERNELCACHE=/home/ios/.../kernelcache.research.iphone12b.decompressed__patched_output #echo $KERNELCACHE #echo $RDPATH INITRD=${RDPATH} #INITRD=${RDPATH}.out #TRUSTCACHE=Firmware/${RDPATH}.trustcache TRUSTCACHE=Firmware/${RDPATH}.trustcache.custom #TRUSTCACHE=$(get_entries_from_plist.py BuildManifest.plist StaticTrustCache "$DEVNAME" "$RELTYPE") #TRUSTCACHE=$(get_entries_from_plist.py BuildManifest.plist RestoreTrustCache "$DEVNAME" "$RELTYPE") #TRUSTCACHE=${TRUSTCACHE}.custom #DTB=/home/ios/satamnt_1/qemu_t8030_data_0/ios_0/iphone/Firmware/all_flash/DeviceTree.n104ap.im4p.out.dts.dtb DTB=$(get_entries_from_plist.py BuildManifest.plist DeviceTree "$DEVNAME" "$RELTYPE") #DTB=$(get_entries_from_plist.py BuildManifest.plist DeviceTree "$DEVNAME" "$RELTYPE").out.dts.dtb custom_trustcache() { RDISK="Firmware/038-44135-124" #cat tc_hashes strap_cdhashes_unsorted custom0_cdhashes_unsorted | sort > tc_hashes_complete cat full_tc_hashes_0 tc_hashes strap_cdhashes_unsorted custom0_cdhashes_unsorted custom1_cdhashes_unsorted | sort > tc_hashes_complete python3 /home/ios/ios_workdir_s8003_v14beta5_0/create_trustcache_uuid.py tc_hashes_complete "${RDISK}.dmg.raw_trustcache" '0f1a7ccce14a48f98ebfdf7d82278ea8' img4tool -t rtsc -d 1 -c "${RDISK}.dmg.trustcache.custom" "${RDISK}.dmg.raw_trustcache" } custom_trustcache #CORES=5 CORES=4 #CORES=3 #CORES=2 #CORES=1 MMSIZE=4G ###MMSIZE=1G GDB= GDB="gdb --args" #GDB="valgrind" #GDB="prlimit --as=$((11*1024*1024*1024))" #QEMU="qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardorig/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod0/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod1/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod2/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod3/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod4/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod5/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod6/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030.springboardmod7/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemu-t8030-ChefKissInc-SpringBoard.test1/build/qemu-system-aarch64" #QEMU="/home/ios/git/origs/qemu-t8030_1/build/qemu-system-aarch64" #QEMU="/home/ios/git/qemutest00/build/qemu-system-aarch64" #QEMU="qemu-system-aarch64" QEMU="${QEMUDIR}/qemu-system-aarch64" #QEMU="${QEMUDIR}/aarch64-softmmu/qemu-system-aarch64" #/home/ios/ios_dtc.py $(echo $DTB | sed 's/\.dtb$//g') NVME1=nvme.1 #NVME1=nvme.1.bak0 #NVME1=nvme.1.onlybash #NVME1=nvme.bak0/nvme.1.onlybash #NVME1=nvme.1.mod0_ARGB #NVME1=nvme.1.mod1 $GDB $QEMU -s -M "t8030,trustcache=$TRUSTCACHE,ticket=/home/ios/satamnt_1/qemu_t8030_data_0/ios_0/iphone/root_ticket.der,kaslr-off=on,boot-mode=auto" \ -kernel "$KERNELCACHE" \ -dtb $DTB \ -append "-v debug=-1 kextlog=-1 serial=3 wdt=-1 launchd_unsecure_cache=1 -disable_aslr slide=0 sep_tracing=1 sep-trace-size=0x10000 ioasm_behavior=0 -vm_compressor_wk_sw -vm_compressor_wk_barriers agm-genuine=1 agm-authentic=1 agm-trusted=1 vm_compressor_codec=1 cs_debug=1 vm_shared_region_reslide_aslr=0 -aes_spew" \ -initrd "$INITRD" \ -cpu max -smp $CORES \ -d unimp,guest_errors,cpu_reset,mmu \ -m $MMSIZE -serial mon:stdio \ -net none \ --trace '*aes*' --trace '*sep*' --trace '*gpio*' --trace '*i2c*' \ -drive file="$NVME1",format=raw,if=none,id=drive.1 \ -device nvme-ns,drive=drive.1,bus=nvme-bus.0,nsid=1,nstype=1,logical_block_size=4096,physical_block_size=4096 \ -drive file=nvme.2,format=raw,if=none,id=drive.2 \ -device nvme-ns,drive=drive.2,bus=nvme-bus.0,nsid=2,nstype=2,logical_block_size=4096,physical_block_size=4096 \ -drive file=nvme.3,format=raw,if=none,id=drive.3 \ -device nvme-ns,drive=drive.3,bus=nvme-bus.0,nsid=3,nstype=3,logical_block_size=4096,physical_block_size=4096 \ -drive file=nvme.4,format=raw,if=none,id=drive.4 \ -device nvme-ns,drive=drive.4,bus=nvme-bus.0,nsid=4,nstype=4,logical_block_size=4096,physical_block_size=4096 \ -drive file=nvram,if=none,format=raw,id=nvram \ -device apple-nvram,drive=nvram,bus=nvme-bus.0,nsid=5,nstype=5,id=nvram,logical_block_size=4096,physical_block_size=4096 \ -drive file=nvme.6,format=raw,if=none,id=drive.6 \ -device nvme-ns,drive=drive.6,bus=nvme-bus.0,nsid=6,nstype=6,logical_block_size=4096,physical_block_size=4096 \ -drive file=nvme.7,format=raw,if=none,id=drive.7 \ -device nvme-ns,drive=drive.7,bus=nvme-bus.0,nsid=7,nstype=8,logical_block_size=4096,physical_block_size=4096 \ -monitor telnet:127.0.0.1:1235,server,nowait $OPTS #\