Jump to content
149 posts in this topic

Recommended Posts

is it possible to specify boot flags on boot? -v, -f, -s?

 

also, has anybody tried installling any kexts such as natit? (according to wikipedia, apple tv has a 7300 chip inside)

 

i personally think that the reason its not booting is due to the graphics card. it seems to be more heavily reliant on quartz. if there are any graphics card kexts in the package(s), try adding your device IDs to them.

 

sorry if ive hijacked the post with {censored}.

 

jordn

Ok, i've found the problem.

 

/System/Library/CoreServices/Setup Assistant.app

/System/Library/CoreServices/Finder.app

 

Both apps are checking the hardware name and won't start until we found a hack.

 

I've been able to boot the AppleTV OSX system on my Mac mini with a 10.4.8 Finder.

 

XianLi posted this on the green demon

So what do you all think the best route to take would be?

Sticking a hackintosh kernel + kexts into a native aTV image and then trying to boot.

OR

Making a full OSx86 install and trying to bring in all the aTV stuff.

 

I better get OSx86 working first before I can even try anything off the image....

Mar 26 10:59:15 chaos FrontRow[445]: ******** Application Startup ********
Mar 26 10:59:15 chaos FrontRow[445]: No matching IR micro server found.
Mar 26 10:59:15 chaos FrontRow[445]: VERS: failed to get ImageVersion for display
Mar 26 10:59:15 chaos FrontRow[445]: VERS: failed to get BootImageVersion for display
Mar 26 10:59:15 chaos FrontRow[445]: *** OS 8L2127, IR F.F.F, EFI (null), SI F.F.F/F.F.F, Software 175 ***
Mar 26 10:59:15 chaos FrontRow[445]: Unsupported hardware - Exiting

 

Just to clarify, "chaos" is the name of my computer.

When starting Finder.app this is the log entry. This error is cause by by watchdog, i think.

Disable Launch?

 

checking if having watchdog(patched) makes any difference.

 

kernel extension AppleTCOWatchdog.kext/ has problems:
Missing dependencies:
{
"com.apple.kpi.unsupported" = 
	"A valid compatible version of this dependency cannot be found"
}

something of interest in finder.app :

post-14143-1174926929_thumb.png

 

and did anyone find the fake finder? ;)

post-14143-1174927833_thumb.png

 

thers also a fake system in there also.

 

The fake Finder is in all Mac OS X systems, Ive seen it on my iMac G5 and my MacBook Pro. I think its probably for Classic compatibility or something. If you do show hidden files and folders, its there Under /System/Library/CoreServices

Come on, this system isn't that difficult to get working. It's really simple when it all comes down to it.

 

@Artisan: You won't get it working unless you start digging a little bit deeper and increase your knowledge of Mach-O files.

 

lets see some results from you, seeing how you say its so simple.....

He does have a point...you're going to have to do some dissasembling to remove some of those checks, in addition to who knows what else we haven't found yet. Also...Stoth (sp?) on IRC said he had a kext to disable watchdog he was testing...that might be of some help as well.

 

EDIT: spoke too soon...it's on the AkwardTV site. A patch to "sedate" it.

Come on, this system isn't that difficult to get working. It's really simple when it all comes down to it.

 

@Artisan: You won't get it working unless you start digging a little bit deeper and increase your knowledge of Mach-O files.

 

I'm pretty sure that WatchDog will be no significance trying to get this working on the full OS. Ofcourse this is just and assumption.

 

But I'm digging the further to figure out anything how this hardware check is working.

 

My impression so far, and this has no solid proof but "Finder.app" seems to be a modified or even actually FrontRow 2.0.

So in theory it must be performing something similar to what the "FrontRowPass.kext" is bypassing.

Except it seems that it check it at EFI level.

 

Injection might be the answer?

What would happen if you tried to install OSX on the AppleTV thing?

 

Maybe that could get some answers?

 

Won't work. Apple TV only has SSE2 and a full OSX requires SSE3 for certain component.

The appleTV OS is a special version of 10.4.7 that runs on SSE2.

 

EDIT: Ok, I guess it's not impossible but, that not what where trying to do on this thread.

You'll get Finder.app working like this:

first, decrypt the code segment whichever way.

Then use otx to dump the code segment.

Find this part:

 
 +301	00005804  750a					jne		  0x00005810
 +303	00005806  c7442404a4d04500			movl		  $0x0045d0a4,0x04(%esp,1)	   No Remote Present - Exiting
 +311	0000580e  eb22					jmp		  0x00005832
 +313	00005810  a1f8fc6b00				movl		  0x006bfcf8,%eax			   isEmbeddedHardwareDevice
 +318	00005815  89442404				movl		  %eax,0x04(%esp,1)
 +322	00005819  a15c046c00				movl		  0x006c045c,%eax			   BRXHardwareUtility
 +327	0000581e  890424				movl		  %eax,(%esp,1)
 +330	00005821  e87b7c6b00				calll		  0x006bd4a1				   +[bRXHardwareUtility isEmbeddedHardwareDevice]
 +335	00005826  84c0					testb		  %al,%al
 +337	00005828  7519					jne		  0x00005843
 +339	0000582a  c7442404c0d04500			movl		  $0x0045d0c0,0x04(%esp,1)	   Unsupported hardware - Exiting

isEmbeddedHardwareDevice returns false, so the jne jumps out. Change it to 7419. Voilá, it runs on a normal Mac (not on AppleTV anymore, though :D )

Have fun!

You'll get Finder.app working like this:

first, decrypt the code segment whichever way.

Then use otx to dump the code segment.

Find this part:

[...]

isEmbeddedHardwareDevice returns false, so the jne jumps out. Change it to 7419. Voilá, it runs on a normal Mac (not on AppleTV anymore, though :D )

Have fun!

 

 

Could you describe how to do this?

Apple Binary Protection is described in http://osxbook.com/book/bonus/chapter7/binaryprotection/ . I'll leave it to you to find out how to reverse this. It's a fun excercise.

otx will crash on the encrypted binary since it cannot parse the encrypted data.

×
×
  • Create New...