Last active
December 19, 2017 18:03
-
-
Save stek29/e0c8324146b55ca89fe7a24c4164c628 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // unset MNT_ROOTFS flag, remount, set it back | |
| // based on xerub's extra_recipe code | |
| // | |
| int mountroot(void) { | |
| int ret; | |
| uint64_t kaslr_shift = find_kernel_base() - 0xFFFFFFF007004000; | |
| // iPod7,1 iOS 11.1.2 | |
| uint64_t _rootvnode = 0xfffffff007622088 + kaslr_shift; | |
| uint64_t rootfs_vnode = rk64(_rootvnode); | |
| // We read and write v_flag one byte shifted into v_kernel_flag | |
| // because lower byte is not needed to unset ROOTFS flag | |
| // and because it contains RDONLY and we don't want to write back | |
| // old value of RDONLY :) | |
| // read original flags | |
| uint64_t v_mount = rk64(rootfs_vnode + koffset(KSTRUCT_OFFSET_VNODE_V_UN)); | |
| uint32_t v_flag = rk32(v_mount + koffset(KSTRUCT_OFFSET_MOUNT_MNT_FLAG) + 1); | |
| // unset rootfs flag | |
| wk32(v_mount + koffset(KSTRUCT_OFFSET_MOUNT_MNT_FLAG) + 1, v_flag & ~(MNT_ROOTFS >> 8)); | |
| // remount | |
| char *nmz = strdup("/dev/disk0s1s1"); | |
| ret = mount("msdos", "/", MNT_UPDATE, (void *)&nmz); | |
| // set original flags back | |
| v_mount = rk64(rootfs_vnode + koffset(KSTRUCT_OFFSET_VNODE_V_UN)); | |
| wk32(v_mount + koffset(KSTRUCT_OFFSET_MOUNT_MNT_FLAG) + 1, v_flag); | |
| return ret; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment