You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to patch an macOS 12.3.1 iBoot for Apple Virtual Machine 1 (VirtualMac2,1). The -b option appears to be ignored.
nick@NickdeMacBook-Pro vm % ~/Documents/kairos/kairos iBEC.raw iBEC.patched -b '-v keepsyms=1 serial=3 debug=0xfffffffe launchd_unsecure_cache=1 launchd_missing_exec_no_panic=1 amfi=0xff amfi_allow_any_signature=1 amfi_get_out_of_my_way=1 amfi_allow_research=1 amfi_unrestrict_task_for_pid=1 amfi_unrestricted_local_signing=1 cs_enforcement_disable=1 pmap_cs_allow_modified_code_pages=1 pmap_cs_enforce_coretrust=0 pmap_cs_unrestrict_pmap_cs_disable=1 -unsafe_kernel_text dtrace_dof_mode=1 panic-wait-forever=1 -panic_notify cs_debug=1 PE_i_can_has_debugger=1 wdt=-1 nand-enable-reformat=1 rd=md0 -restore -progress' -n
[+] Patching iBEC.raw
[+] Base address: 0x7006c000
[!] PAC bootloader detected
[+] Patching out RSA signature check...
[+] Found IMG4 string at 0x4bfe1
[+] Found IMG4 xref at 0x3e7c
[+] Found beginning of _image4_get_partial at 0x3e08
[+] Found xref to _image4_get_partial at 0x4a20
[+] Found start of sub_7007093c
[+] Found ADR X2, 0x700cba1b at 0x48bf0
[+] Call to sub_700cba1b
[+] ret0 gadget at 0x4918
[+] Did MOV r0, #0 and RET
[+] Wrote patched image to iBEC.patched
nick@NickdeMacBook-Pro vm % strings iBEC.patched | grep restore
aborting autoboot due to tethered restore.
M = 0x4: restore mode image
restore-security-overrides0
restore-security-overrides1
restore-security-overrides2
restore-security-overrides3
-restore
The text was updated successfully, but these errors were encountered:
I am trying to patch an macOS 12.3.1 iBoot for Apple Virtual Machine 1 (VirtualMac2,1). The -b option appears to be ignored.
The text was updated successfully, but these errors were encountered: