checkra1n patches not applied after booting with KTRW

[Muirey03]

After booting with KTRW, checkra1n's kernel patches don't appear to have been applied meaning that you can't SSH into a device and you can't launch unsigned applications.

Is this expected behaviour? Would it be possible to enable checkra1n's patches? It would be extremely useful to be able to launch unsigned applications in order to debug kexts that are denied access by the app sandbox.

[bazad]

Unfortunately this is currently expected behavior: pongo_kextload disables the checkra1n kernel patches. If you'd like to try booting with checkra1n kernel patches enabled, then you'll need to make the following changes:

1. In pongo_kextload/source/pongo_kextload.c, set DISABLE_CHECKRA1N_KERNEL_PATCHES to 0.
2. In pongo_kext_loader/source/pongo_kext_loader.c, comment out the line pongo_usb_send_command(pongo, "xargs -v\n", 0).
3. You will probably want to build with ACTIVATION_DELAY=180 or some other large activation timeout to ensure that KTRW does not interfere with checkra1n initialization.

Note that I haven't tested this configuration yet; it's possible it may work, but it's also possible it will break in weird and unanticipated ways.

[Muirey03]

Thank you, I'll try it out and let you know how it goes.

[Muirey03]

Initial results is that unsigned code execution is working, as is KTRW (although SSH isn't). Thank you for your help :)

[bazad]

Excellent, I'll plan to incorporate more well-defined support for using KTRW with checkra1n kernel patches. Please do let me know if you encounter any issues in the meantime.

[Muirey03]

Thank you again, I'll let you know if I spot anything

[endercypher]

Initial results is that unsigned code execution is working, as is KTRW (although SSH isn't). Thank you for your help :)

Make sure you’re exposing the SSH port properly over USB by using iProxy to forward port 22 to port 44. & make sure you run it with sudo!