Targeting the iOS Kernel - Reverse Engineering Mac OS X
Targeting the iOS Kernel - Reverse Engineering Mac OS X
Targeting the iOS Kernel - Reverse Engineering Mac OS X
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Activating KDP on <strong>the</strong> iPhone<br />
• KDP is only activated if <strong>the</strong> boot-arg “debug“ is set<br />
• boot-args can be set with special version of redsn0w / syringe<br />
• or faked with a custom kernel<br />
• patch your kernel to get into KDP anytime (e.g. breakpoint in unused syscall)<br />
Name Value Meaning<br />
DB_HALT 0x01 Halt at boot-time and wait for debugger attach.<br />
DB_KPRT 0x08 Send kernel debugging kprintf output to serial port.<br />
... ... O<strong>the</strong>r values might work but might be complicated to use.<br />
Stefan Esser • <strong>Targeting</strong> <strong>the</strong> <strong>i<strong>OS</strong></strong> <strong>Kernel</strong> • April 2011 •<br />
64