Need help with iOS 4.1 ramdisk
Wall of text incoming:
I've got a few questions regarding the installation of a new hand-built ramdisk for data retrieval from my phone.
I'm trying something like the Zdziarski method, where I create a working filesystem, overwrite the existing kernel and then extract using dd or some other imaging program. I'm familiar with *nix/BSD systems, so the concept is fairly straightforward to me, but the hardware is not.
Phone was jailbroken for unlocking purposes, so I don't have SSH or any interpreter onboard, just cydia. The problem is that the phone is stuck in a recovery loop. Previous to this, I've tried setting the env var auto-boot true, and it attempts to boot then fails and returns to recovery mode. I'm figuring some kind of kernel panic, hence why I want to try the ramdisk.
I can't mount or seem to access the phone's fs at all due to the recovery mode, and I've tried a lot, including iRecovery to get it to boot just once to get the stuff off.
Anyways, using a custom ipsw from pwnagetool, I've mounted the restore ramdisk, and all the info at this point on the web regarding the ram disk is either incomplete or way dated.
All I need is the kernel, I don't need a payload per se, and I sure as hell don't want to run the restore daemons built in, as it would nuke my data.
I've noticed that the Zdziarski method calls on editing a property list, and this doesn't exist in the 4.x bundle as best I can tell. instead, everything is called from rc.boot, which Apple turned into a binary instead of script.
Does anyone know if I can just get rid of rc.boot, and *hopefully* just overwrite the existing install, leaving the old run control files in place?
Also, once I've got a finished disk, I suppose it has to be reencrypted using the same keys?