Page 1 of 2 12 LastLast
Results 1 to 10 of 18
Discuss About binary difference of 2g/3g and 3gs at the iOS 3.x (iPhone OS 3.x) - Hackint0sh.org; As you all know, 3gs has new cpu. the main difference for us is that ...
  1. #1
    Engineer Array netkas's Avatar

    Join Date
    Oct 2006
    Posts
    235
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default About binary difference of 2g/3g and 3gs

    As you all know, 3gs has new cpu.
    the main difference for us is that new cpu support thumb2 instructions set, and 2g/3g cpu doesnt support it

    binaries for 2g/3g has cpu subtype = 6, 3gs - cpu subtype = 9

    3gs can run both binaries, 2g/3g only with subtype=6, you can edit cpu subtype with this app - hte.sf.net , then fix signature with ldid, for example compass app runs, but crashes trying to access compass

    3 important instructions from thumb2 which are used in 3gs binaries is - CBZ, CBNZ, IT


    that's why no need expect voice control on 2g/3g anytime soon.
    Last edited by netkas; 06-29-2009 at 01:18 PM.



  2. #2
    Senior Professional Array

    Join Date
    Jul 2006
    Posts
    222
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    20

    Default

    So the old 3G has no If/Then assembly instruction, and no Compare and Branch if Zero/Non-Zero.. fun.

    I haven't played with disassembling much, but is it possible? (disassemble, replace missing instructions with ones supported on both architectures...)

  3. #3
    Senior Professional Array

    Join Date
    Jul 2006
    Posts
    222
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    20

    Default

    Just thinking outloud... we can replace CBZ and CBNZ with code that compares to zero (cmp) and then branches if equal/not equal (bne, beq)... One caveat is that doing this will change the condition flags, and CBZ/CBNZ do not. Maybe need to push cond flags to the stack and pop off after branching?

    IT can be similarly replicated with cmps and standard conditional branch commands.

    This is all hypothetical though; we'd still need to be able to disassemble for this to be at all useful... And the only thing it really helps us get without serious re-coding would be voice control, which probably wouldn't run very well due to memory constraints on the 3G anyways. Boo!

  4. #4
    Engineer Array netkas's Avatar

    Join Date
    Oct 2006
    Posts
    235
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    cmp then branch is two instructions, 4 bytes in thumb mode
    cb/cbnz is just 2 bytes

    u cant fit it

    Turbo made an userspace sse3 emu for osx86(cathing unknown opcode interrupt and etc), i think it can be ported to iphone to emulate those instr
    Last edited by netkas; 06-30-2009 at 08:06 AM.

  5. #5
    Senior Professional Array

    Join Date
    Jul 2006
    Posts
    222
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    20

    Default

    Quote Originally Posted by netkas View Post
    cmp then branch is two instructions, 4 bytes in thumb mode
    cb/cbnz is just 2 bytes

    u cant fit it

    Turbo made an userspace sse3 emu for osx86(cathing unknown opcode interrupt and etc), i think it can be ported to iphone to emulate those instr
    Interesting Don't suppose the source is anywhere to play with? Also, is it really a userspace app? I'd have thought you'd need to run in kernel mode to intercept/handle opcodes/instructions directly...


  6. #6
    Newbie Array

    Join Date
    Jun 2009
    Posts
    7
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Except that the Voice Control was developed originally on a 2G iPhone so it's not necessarily likely they compiled to use any 3GS specific instructions.

    Kermit Woodall
    Managing Editor
    GadgetNutz.com

  7. #7
    Senior Professional Array

    Join Date
    Jul 2006
    Posts
    222
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    20

    Default

    Quote Originally Posted by kwoodall View Post
    Except that the Voice Control was developed originally on a 2G iPhone so it's not necessarily likely they compiled to use any 3GS specific instructions.

    Kermit Woodall
    Managing Editor
    GadgetNutz.com
    You're comment doesn't make much sense; apple doesn't do much coding in assembly; most of it is objective C and c++...In this case, they did indeed target the 3gs's subtype 9 arm processor when they compiled. It is up to the compiler to decide what machine language to translate it into, and as such if there's a block of code that translates best into a cbz or an IT the compiler will (should) choose it over less efficient legacy code to accomplish the same thing.

    Your comment could be re-written for macs to read something like "Except that Calculator.app was developed originally on a PPC mac so it's not necessarily likely they compiled to use any Intel specific instructions."

    In my analogy, the "Calculator.app" in question would have been written on a PPC mac, but compiled with x86 as the build target. (IE, not a universal binary). Such an app would indeed only run on an intel mac

  8. #8
    IRC Netadmin
    Team of Hackint0sh
    Array f41qu3's Avatar

    Join Date
    Nov 2006
    Posts
    1,572
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Theorically, to run Voice Control (for example) in 2G, needs a source code for it, and recompiling using build instructions for 2G/3G arch (and including a instructions emulator like old SSE3 emus for SSE2 processors).

    Time to haz a reunion of dev-team and osx86 hackers?
    If you just want to support hackint0sh.org with a donation click here.

    Twitter: @f41qu3 @hackint0sh @hmbt_org @iphone_dev

  9. #9
    Newbie Array

    Join Date
    Jun 2009
    Posts
    7
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by appleguru View Post
    You're comment doesn't make much sense; apple doesn't do much coding in assembly; most of it is objective C and c++ (edit)
    That's precisely my point. They would have to deliberately compile for the 3GS. Has anyone actually checked Voice Control and Video Recording to see if they're using the 3GS specific instructions? That would end this discussion. However it wouldn't change the fact that Voice Control and Video Recording were not originally developed for or on the 3GS processor and could be offered on all iPhones if Apple wasn't artificially restricting them to the 3GS.

    Kermit Woodall
    Managing Editor
    GadgetNutz.com

  10. #10
    Newbie Array

    Join Date
    Jun 2009
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by netkas View Post
    cmp then branch is two instructions, 4 bytes in thumb mode
    cb/cbnz is just 2 bytes

    u cant fit it

    Turbo made an userspace sse3 emu for osx86(cathing unknown opcode interrupt and etc), i think it can be ported to iphone to emulate those instr
    I did a tiny bit of programming on game trainers in the past. "We" had this method called "code injection".

    basicly what you do is take an instruction you want to replace with more code.
    replace it with a JMP to a memory location with your injection code. Then JMP back to the original flow. But you'd have to find some "code caves" (locations that are filled with NOPs) that are big enough to place your injection code. if you push the memory location you came from to the stack, you can re-use the code to replace all CBZ/CBNZ by POP'ing the memory location off the stack again, and JMP'ing back.

    Not sure if this is at all possible, but just thought I'd share.


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. uploaded my binary... but ....
    By unjosnav in forum iPhone Developer Exchange
    Replies: 0
    Last Post: 10-21-2008, 09:39 PM
  2. icon 75x75 (binary)
    By unjosnav in forum iPhone Developer Exchange
    Replies: 1
    Last Post: 10-15-2008, 11:56 PM
  3. Setting execute bit on iphone binary on iphone binary on phone?
    By mdfreeman in forum iPhone "2G" (Rev. 1)
    Replies: 1
    Last Post: 10-02-2007, 08:41 PM
  4. iPHUC binary?
    By jriff in forum Tools
    Replies: 6
    Last Post: 08-16-2007, 07:01 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 01:31 PM.
twitter, follow us!