this is what you have to do:
find SecKeyRawVerify after it, it will compare a register with some constant (i forgot) and you must change the proceeding
beq 0xwhatever
to
b 0xwhatever
that will kill nag msg forever.
the 90 sec thing is harder to kill.
go into gdb and type
info func CFRunLoopAddTimer
and note down on paper EVERY offset for CFRunLoopTimerAdd.
set a break at the first one, plug in cable and see if it goes more than 90 sec. if it dosent cross that one off and repeate if you do find one that is it, there could be more so check ALL of them
what CFRunLoopAddTimer does is adds the check timer, which fires every 90 secs or so and throws you back to te video screen.
you only have to nop them out, and if i remeber correctly an arm littel endian nop is 00 00 a0 e1
so, armed with that knowledge someone go forth and patch fw 2.1! or send me an autralian iphone so ican upgrade to 2.1 and patch it myself!
|