PongoOS Flash-NOR / SPI driver #9
Comments
|
Sounds like an interesting idea. Off the bat, I can think of two ways of implementing this. Either passing an iBoot and extracting the fragments of the driver and reconstructing and sending it to pongoOS, or having to rewrite the driver completely similar to what Brandon Azad did for KTRW (now reimplemented in pongoOS I believe.) What do you think? |
|
Best option is a net new implantation as who knows what the side effects of iBoot code can be. If I had time I’d be starting with the SPI first, and later moving to the NAND block layer... I think it works by making requests to ANS2 to drop a block into DRAM via DART
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Tarek Joumaa <notifications@github.com>
Sent: Friday, October 30, 2020 11:58:31 AM
To: checkra1n/pongoOS <pongoOS@noreply.github.com>
Cc: Rick Mark <rickmark@outlook.com>; Author <author@noreply.github.com>
Subject: Re: [checkra1n/pongoOS] PongoOS Flash-NOR / SPI driver (#9)
Sounds like an interesting idea. Off the bat, I can think of two ways of implementing this. Either passing an iBoot and extracting the fragments of the driver and reconstructing and sending it to pongoOS, or having to rewrite the driver completely similar to what Brandon Azad did for KTRW (now reimplemented in pongoOS I believe.) What do you think?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#9 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAA6TW73BFZO6JXKDYBINNLSNMEFPANCNFSM4LUODPBQ>.
|
Sounds like a worthwhile invest in time as the idea of pongoOS is to overtime turn into an iOS version of Clover afaik. |
|
For reasons of forensics / investigation of my devices that seem to have some form of malware persistence, I've started to undertake a read-only version of this work. (I have iDevices that are hiding data in alternate NVMe namespaces). Feel free to follow along to this: https://github.com/t8012/pongo-flash |
|
That’s a bit unfortunate. I currently only have a t8015 for testing purposes. Is reversing there a good idea or should I try to focus on the t8012 chip even though I don’t have it.
… On Nov 5, 2020, at 2:52 AM, Rick Mark ***@***.***> wrote:
For reasons of forensics / investigation of my devices that seem to have some form of malware persistence, I've started to undertake a read-only version of this work. (I have iDevices that are hiding data in alternate NVMe namespaces).
Feel free to follow along to this: https://github.com/t8012/pongo-flash
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
@rickmark I have forked the repo and I'm gonna try to add some reversing/research notes related to the development of the driver there. It's under the same name. |
|
The ipwndfu for t8012 probably works on other chips (for booting without the NAND). @h0m3us3r, @aunali1 and @mrmacarm? As for storage - since there is no device or driver concept I had to start the work on the internal version of Pongo, and it will probably need some API / design revisions by the team before we want to expose it for dependencies. Rev0 will probably just be SPI/NOR (so just SCfg, effaceable, iBoot and the like) |
|
@rickmark I'd be happy to help out with the driver in any way I can! My current objective is to get a working PoC functional enough to at least read bytes from NOR |
When booted to pongoOS over iBoot we lose read/write access to persistent storage.
Pongo ought to provide access to these methods, as they are key to the setup of the next phase boot loader
The text was updated successfully, but these errors were encountered: