{"id":2448,"date":"2024-05-14T03:09:09","date_gmt":"2024-05-13T18:09:09","guid":{"rendered":"https:\/\/h4ck.kr\/?p=2448"},"modified":"2024-05-14T03:09:21","modified_gmt":"2024-05-13T18:09:21","slug":"ktrw-%ec%95%84%ec%9d%b4%ed%8f%b0-%ec%bb%a4%eb%84%90-%eb%94%94%eb%b2%84%ea%b1%b0-%ed%99%98%ea%b2%bd%ea%b5%ac%ec%b6%95","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=2448","title":{"rendered":"KTRW \uc544\uc774\ud3f0 \ucee4\ub110 \ub514\ubc84\uac70 \ud658\uacbd\uad6c\ucd95 (iPhone 8\/14.4.2)"},"content":{"rendered":"\n

https:\/\/github.com\/jsherman212\/ktrw<\/a><\/p>\n\n\n\n

1. KTRW git clone \/ make all<\/p>\n\n\n\n

\n
$ git clone --recursive https:\/\/github.com\/jsherman212\/ktrw<\/pre>\n<\/div><\/div>\n\n\n\n
2. \ucef4\ud30c\uc77c \ube4c\ub4dc\uc5d0\ub7ec \uc218\uc815 \ubc0f gdb-remote\uc2dc \ud328\ub2c9 \uc218\uc815<\/p>\n\n\n\n
deprecated \uad00\ub828 \uc624\ub958 \ubc1c\uc0dd\uc2dc \ud574\ub2f9 \uc18c\uc2a4\ucf54\ub4dc \ud30c\uc77c \ub9e8 \uc0c1\ub2e8\uc5d0 \ub2e4\uc74c \ucf54\ub4dc\ub97c \ucd94\uac00<\/p>\n\n\n\n
\n
\n
#pragma clang diagnostic push\n#pragma clang diagnostic ignored \"-Wdeprecated-declarations\"<\/pre>\n<\/div>\n<\/div>\n\n\n\n
https:\/\/github.com\/jsherman212\/ktrw\/issues\/2<\/a><\/p>\n\n\n\n
pongo_kextload\/source\/pongo_kextload.c \ucf54\ub4dc \uc911 
static void command_ktrwpf(const char *cmd, char *args) \ud568\uc218\uc5d0\uc11c \ub9c8\uc9c0\ub9c9 \ub2e4\uc74c \ucf54\ub4dc\ub97c \ucd94\uac00<\/p>\n\n\n\n
\n
\n
g_mhaddr = va_for_sa(g_mhaddr);<\/pre>\n<\/div>\n<\/div>\n\n\n\n
3. checkra1n\uc5d0\uc11c pongoOS \ubaa8\ub4dc\ub85c \ubd80\ud305 \/ \ubaa8\ub4c8 \uc5c5\ub85c\ub4dc \/ LLDB USB \ud3ec\ud2b8 \uad6c\ucd95<\/p>\n\n\n\n
\n
$ \/Applications\/checkra1n.app\/Contents\/MacOS\/checkra1n -c -p\n\n$ pongo_kext_loader\/pongo_kext_loader \\\n    -l pongo_kextload\/kextload.pongo-module \\\n    -k ktrw_gdb_stub\/ktrw_gdb_stub.ikext\n\n$ ktrw_usb_proxy\/ktrw_usb_proxy 39399<\/pre>\n<\/div><\/div>\n\n\n\n
4. ipsw\ub85c\ubd80\ud130 \ucee4\ub110 \ub2e4\uc6b4\ubc1b\uc544 \uc555\ucd95\ud480\uae30 (jtool2 2.1 \uad6c\ubc84\uc804 \uc774\uc6a9)<\/p>\n\n\n\n
\n
\n
$ brew tap stek29\/homebrew-idevice\n\n$ brew install partialzipbrowser\n\n$ pzb -d -g kernelcache.release.iphone10 https:\/\/updates.cdn-apple.com\/2021WinterFCS\/fullrestores\/071-23198\/C10D1954-77D2-4340-B0B3-17EFD3ED957B\/iPhone_4.7_P3_14.4.2_18D70_Restore.ipsw\n\n$ .\/jtool2_old -dec kernelcache.release.iphone10\n\n$ mv \/tmp\/kernel .<\/pre>\n<\/div>\n<\/div>\n\n\n\n
5. lldb \ub514\ubc84\uac70 \uc2e4\ud589<\/p>\n\n\n\n
\n
\n
$ ktrw_usb_proxy\/ktrw_usb_proxy 39399\n\n(\ub2e4\ub978 \ud130\ubbf8\ub110 \ucc3d\uc5d0\uc11c)\n$ lldb kernel\n\n(lldb) target create \"kernel\"\n(lldb) settings set plugin.dynamic-loader.darwin-kernel.load-kexts false\n(lldb) gdb-remote 39399<\/pre>\n<\/div>\n<\/div>\n\n\n\n
\uc544\uc774\ud3f0 \ucee4\ub110 \ub514\ubc84\uae45 attach \uc131\uacf5\ud55c \ubaa8\uc2b5<\/p>\n\n\n\n
\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
https:\/\/github.com\/jsherman212\/ktrw 1. KTRW git clone \/ make all 2. \ucef4\ud30c\uc77c \ube4c\ub4dc\uc5d0\ub7ec \uc218\uc815 \ubc0f gdb-remote\uc2dc \ud328\ub2c9 \uc218\uc815 deprecated \uad00\ub828 \uc624\ub958 \ubc1c\uc0dd\uc2dc \ud574\ub2f9 \uc18c\uc2a4\ucf54\ub4dc \ud30c\uc77c \ub9e8 \uc0c1\ub2e8\uc5d0 \ub2e4\uc74c \ucf54\ub4dc\ub97c \ucd94\uac00 https:\/\/github.com\/jsherman212\/ktrw\/issues\/2 pongo_kextload\/source\/pongo_kextload.c \ucf54\ub4dc \uc911 static void command_ktrwpf(const char *cmd, char *args) \ud568\uc218\uc5d0\uc11c \ub9c8\uc9c0\ub9c9 \ub2e4\uc74c \ucf54\ub4dc\ub97c \ucd94\uac00 3. checkra1n\uc5d0\uc11c pongoOS \ubaa8\ub4dc\ub85c \ubd80\ud305 \/ \ubaa8\ub4c8 \uc5c5\ub85c\ub4dc \/ LLDB USB… \ub354 \ubcf4\uae30 »KTRW \uc544\uc774\ud3f0 \ucee4\ub110 \ub514\ubc84\uac70 \ud658\uacbd\uad6c\ucd95 (iPhone 8\/14.4.2)<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[11],"class_list":["post-2448","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-ios"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2448"}],"version-history":[{"count":2,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2448\/revisions"}],"predecessor-version":[{"id":2451,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/2448\/revisions\/2451"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}