T2 ssh about pongoos HOT 9 OPEN

PongoOS cannot currently load a new kernelcache. In theory that's possible, but it requires careful handling of the physical address space, and neither that nor any of the rebasing logic has been written.

The payload binary holds a bunch of different code required by checkra1n at runtime. Using this in another context is unlikely to work, or be useful in any way.
The patch_dyld.* binaries exist to copy dyld to a new location and apply a patch to remove the same-platform restriction (so we can run binaries compiled against the iOS SDK on tvOS and bridgeOS). Without this, you'll have to patch the LC_BUILD_VERSION command of all Mach-Os to say bridgeOS.

Essentially what we do is boot off a ramdisk, have a custom binary in /usr/lib/dyld that can run without any libraries, and from there we either union mount the rootfs over / (on 14.x and below) or we mount it to /fs/orig and bind-mount all folders to places on / (15.0 and up, hasn't been publicly released). Then we invoke the dyld patcher, and after that we hand off to launchd, but we inject a dylib to run code at various stages. It's... quite a bit of work.

from pongoos.

The missing parts are ramdisk and overlay.

from pongoos.

Can you give a quick overview of how it works? I think I found the ramdisk image.

from pongoos.

If you have a ramdisk, you can pass it to checkra1n with -r. But the one from 0.12.4 won't work here, because basically everything changed.

from pongoos.

Can PongoOS load a normal downgrade ramdisk + devicetree + kernelcache?
I need to either somehow downgrade bridgeos, even temporary (in memory) so 0.12.4 works or make ssh work on 7.5 by other mears.

from pongoos.

Assuming there are no SEP incompatibilities, could I just create a ramdisk for bridgeos 5.x and put the checkra1n ramdisk and overlay files into the bridgeos ramdisk, would that work? I see there is a payload and patch_dylid.bridgeos, what do these do exactly?

from pongoos.

Thanks for the info. Looks like it would be easier use sshrd and put the right files (it seems all the executables there have LC_BUILD_VERSION for bridge os).

Did checkra1n do anything special to get ssh to work?
I see some launchdaemons like dropbear-bridgeos-ncm.plist and dropbear.plist, is it enough to place these files on the ramdisk? Does not seem to work for me. Also tried compiling https://github.com/verygenericname/sshrd_SSHRD_Script and replace MacEFIUtil with it so launchd calls it. And also used https://github.com/iSuns9/restored_external64patcher

from pongoos.

Hi, i have T2 jailbreak like checkra1n one that works on bridgeOS from 6.0 to 7.6+, also I have ssh ramdisk , lmk what you need these things for? Telegram @SDunlocks_91

from pongoos.