Jump to content

i am oz

  • Content Count

  • Joined

  • Last visited

Everything posted by i am oz

  1. RT @gtvhacker: This is the most expensive @_defcon_ CFP entry we've submitted. There will be a lot of vendors mad at us for this one. #Hack

  2. i am oz

    Star Wars Boot

    http://oz.freqlabs.c...tarWarsBoot.zip Boot with -v to see. ^C skips to GUI. Includes uninstall script. Credits for the original animation go to Simon Jansen at www.asciimation.co.nz If there is a demand, I will modify the player to output to stdout when run from a shell instead of launchd. As it is now it will always write to /dev/console. Any other feedback is welcome as well PS This is totally a gimmick!
  3. It is normal for bless to fail AFAIK. If you want, you can replace /usr/sbin/bless on the installer with something that returns 0, like this: #! /bin/bash # /usr/sbin/bless # Make the installer succeed! exit 0 It should not affect the installation in any way, all the files are copied over already and bless is run as a final step that sets the boot drive on a normal Mac. This is not necessary for Chameleon, not sure about Clover. I have a sample script replacement for bless that does some post-install type modifications of an installation, buried somewhere inside this: oz.freqlabs.com/osx86/mlusb.zip
  4. Mountain Lion USB Installer Creator Creates a USB installer for OS X Mountain Lion. Must be run as root. User is required to supply the path to InstallESD.dmg or have Install OS X Mountain Lion.app sitting in /Applications. Default kernel is vanilla, use '-c amd' to install AnV RC4 amd_kernel as mach_kernel. You can modify the kit or use '-k <path>' to customize the installer: - Chameleon can be updated by replacing the files in Chameleon/i386. - /Extra is copied over from Chameleon/Extra, so files added or changed there will be copied to the new system for you. - Extensions get copied to /System/Library/Extensions from the Extensions folder. - Launch daemons are installed from LaunchDaemons to /Library/LaunchDaemons. - Custom actions can be executed at the end of the installation by modifying the bash script postinstall.sh. The script is sourced by bless, so the environment includes the log function and various useful variables. See the script for more information. - If you use the option to install an AMD kernel, you can replace amd_kernel in the kit and it will get installed as mach_kernel on the installer and the installed system. That way you can use some other legacy kernel instead of the stock default. - usr gets copied to /usr on the installer, but not the installed system. This can still be useful if you want to use a utility in Terminal that isn't available on the installer by default. - The whole kit gets copied to /opt/kit on the installer. Again, probably only useful to advanced users. The '-y' option is great when you don't want to sit around watching for any prompts that might pop up (also for scripts) The '-v' option gives lots of nice progress reporting while copying files, for those that get paranoid when a utility sits with no output for a while. Give your USB volume a fancy custom label with the '-l' option. Ozlog is some ridiculous display of jumping through hoops to monitor the bless hijack on the installer, and probably doesn't deserve to be included with this utility. It may be useful to someone, but consider these options seriously advanced. It should be harmless, but is generally useless. If you want to use it, run `netcat -l 1234' on the host specified by '-a' to see the log. It is only used when bless is called, at the very end of the install process. Check out the log function at the top of usr/sbin/bless for an example of how to use the installer side. So, why would you want to monitor bless? Bless is what screws up some other installer utilities and causes them to say "Installation Failed" at the end, even though the system is still installed successfully. If you look in the kit at usr/sbin/, you'll see that there is a bash script there called bless. This script is the bless hijack, and it tricks the installer into succeeding! It also installs Chameleon, /Extra, ensures the amd_kernel replaces mach_kernel, copies over kexts, etc. This script replaces the stock bless and therefore gets called at the end of the installation. If you had something special you wanted your installer to do, you could put it in kit/ and modify bless to call your script or whatever else you can imagine would be neat. Bonus tip: You can use the following command to create a blank dmg. hdiutil create -size 5g -format UDWR -attach installer.dmg The output will list a device (like /dev/disk1) that you can use as the argument to this utility. Then you'll have a .dmg you can keep, and restore to a USB drive whenever you need it, instead of having to rebuild it with this program. hack:~ oz$ sudo ./mlusbcreator Usage: mlusbcreator [-h] mlusbcreator [-vy] [-k KIT] [-e ESD] [-l LABEL] [-c amd|intel] [-o -a ADDRESS [-p PORT]] target Options: -h, --help show this help message and exit -v, --verbose display more info when copying files -y, --yes automatically answer yes to all questions (useful for scripting) -k KIT, --kit=KIT custom path to the hack kit (default: ./kit) -e ESD, --esd=ESD custom path to InstallESD.dmg (default: /Applications/Install OS X Mountain Lion.app/SharedSupport/InstallESD.dmg) -l LABEL, --label=LABEL custom label for the USB volume (default: Mountain Lion USB Installer) -o, --ozlogd enable remote logging of bless hijack, requires -a and -p -a ADDRESS, --address=ADDRESS ip address to send log messages to -p PORT, --port=PORT custom port to sent log messages to (default: 1234) -c CPU, --cpu=CPU explicitly set cpu type of target system (default: intel) Brought to you by oz and SS01 Example usage: hack:~ oz$ sudo ./mlusbcreator -y --verbose --esd=InstallESD.dmg --cpu=amd /dev/disk1 Get the latest version at http://oz.freqlabs.com/osx86/mlusb.zip
  5. I'd like to quickly mention a few more things about this software: The mlusbcreater Python script, as well as the bless and ozlogd bash scripts, are open source under the Apache License, Version 2. See http://www.apache.or...ICENSE-2.0.html for the full license. Secondly, I want to highlight some of the possible ways to use this. You can easily build a kit for a specific hardware configuration by simply copying the kexts to kit/Extensions/, then run the script, or zip it back up and share with others. Or you could go even further and use it as the backend to your own application. I wish I could edit the topic title, I would make it less rhetorcal and a bit more descriptive Figured out how to do that.
  6. Sorry. The first one has SSSE3 emulation disabled. The second one has SSE3 emulation disabled and SSSE3 emulation disabled. The third has neither emulators disabled, but is for 10.8 instead of 10.8.2. It took me 3 or 4 days to write the whole thing in by hand. Roughly 12 hours each day? There are two huge binary blobs in hex arrays that I processed through sed instead of writing out 30,000 lines of "0x23, 0x44, 0x0D..." I also made a few modifications, like I unrolled the loops in opemu.c, reformatting for clarity and ease of typing out (I used emacs, BTW), fixing error messages (like inserting missing newlines, and "no support for Lion" now reads "Mountain Lion"). I tried not to change too much though. Gils on the IRC asked for the versions without emulation, for testing nvidia problems. At least I think that's what he was asking for... Google translate can only get you so far...
  7. Hey, here's a version with all the op emulation bypassed. Hot off the compiler and totally untested. Let's see if nVidia works on those FX's with this... Note: This is only for CPUs with SSSE3! http://oz.freqlabs.c..._sans_opemu.zip (for 10.8.2, no ssse3 emu) Add: Here's one with SSE3 removed too. http://oz.freqlabs.c...ernel_noemu.zip (for 10.8.2, no sse3 emu, no ssse3 emu) Add: This one's for ML 10.8.0 from AnV's patches. I applied the whole patch by hand (without even copy paste) as a study method. SSSE3 and SSE3 emulators intact. http://oz.freqlabs.c...0.7.9-oz-b1.zip (for 10.8.0)
  8. changed vm_page_(un)lock_queues() to vm_pagequeue_(un)lock(&vm_pagequeues[PQ_ACTIVE]) in fuse_module/fuse_vnops.c and VOILA #freebsd current