Supported version

[matteyeux]

Hi, what is the latest supported version for dumping iBoot with this tool ?

[0x7ff]

Hey matteyeux,
Thanks for your interest. Before iOS 9, iBoot loads itself into a memory address which is not mapped by the kernel. qwertyoruiopz created ttething to map iBoot into the EL0 (Also, you can't map anymore to EL0 with iOS 11.2 because of the Spectre/Meltdown mitigations as explained in here: https://siguza.github.io/KTRR/#meltdownspectre-mitigations-112). On iOS 9+ before A10, iBoot loads itself into the last 256 MiB section of DRAM which is already mapped by the kernel to gVirtbase. This tool's aim is dumping that from gVirtbase. The problem is this data gets overwritten by the kernel. But there is a small chance (device specific) to dump from there (Also, try dumping before memory intensive tasks using an untether as explained in here: https://twitter.com/msolnik/status/730223738625523712). So this is why I'm calling it iBoot "Maybe" Dumper. And on A10+, it's impossible to dump iBoot from DRAM because it's loaded into the SRAM (Gets overwritten quickly, as explained in here: https://embeddedideation.com/2016/03/10/exploring-the-physical-address-space-on-ios).

[matteyeux]

Ok I got it, thank you for taking from you time to make such a comprehensive reply, this is gold.