mirror of
https://github.com/Lakr233/vphone-cli.git
synced 2026-04-05 04:59:05 +08:00
03cb2a8389
The original selector24 patches (NOP ldr + NOP bl) broke the hash flags extraction, causing the consistency check to fail. The second attempt (return 0x130A1) also failed because the return code semantics were inverted — byte 1 != 0 means FAIL, not success. Correct approach: insert `mov w0, #0xa1; b <epilogue>` after the prologue. 0xA1 has byte 1 = 0 which the caller checks via `tst w0, #0xff00` as PASS. Update AGENTS.md move selector24 bypass from txm_jb.py to txm_dev.py, delete TXMJBPatcher Selector24 CS validation bypass now applies to both dev and JB variants via txm_dev.py. The separate txm_jb.py patcher is removed since it had no other patches. Dev boot chain: 47→49 patches. Create txm_fullchain_analysis.md