Open GoogleCodeExporter opened 8 years ago
GoogleCodeExporter
commented
8 years ago OK, can you post the output of ios_examiner.py without parameters, and also the
first 0x600 bytes of the nand dump. This is most likely related to a bug in the
dumper which is not fixed yet (issue 72).Original comment by jean.sig...@gmail.com on 14 Jan 2013 at 3:16
GoogleCodeExporter
commented
8 years ago OK, the command without parameters:
python python_scripts/ios_examiner.py
generates the following output:
Connecting to device : **hidden**
Device model: iPhone 4 GSM
UDID: **hidden**
ECID: **hidden**
Serial number: **hidden**
key835: **hidden**
key89B: **hidden**
Chip id 0x3295ee98 banks per CE physical 2
NAND geometry : 32GB (4 CEs (2 physical banks/CE) of 8200 blocks of 128 pages
of 8192 bytes data, 12 bytes metdata)
Searching for special pages...
Found DEVICEUNIQUEINFO, NANDDRIVERSIGN, DEVICEINFOBBT special pages in CE 0
NAND signature 0x43313131 flags 0x10005 withening=1, epoch=1
Effaceable generation 22
Effaceable CRC OK
Found effaceable lockers in ce 1 block 1 page 96
Lockers : BAG1, DONE, Dkey, LwVM
Found DEVICEUNIQUEINFO, serial number=**hidden**
Using VSVFL
VSVFL context open OK
YaFTL context OK, version=CX01 maxIndexUsn=143945 context usn=143945
LwVM header CRC OK
cprotect version : 4 (iOS 5)
iOS version: 5.1.1
Keybag state: locked
(iPhone4-data) /
As for the nand dump, the first 0x600 bytes are these:
hexdump -C iphone4_nand.bin
00000000 6e 64 72 47 00 00 00 00 00 00 00 00 06 00 00 00 |ndrG............|
00000010 07 00 00 00 ff 5c 49 19 4a 94 e8 2a ec 58 55 62 |.....\I.J..*.XUb|
00000020 b6 18 00 00 3b 00 00 00 02 00 00 00 98 00 00 00 |....;...........|
00000030 02 00 00 00 78 02 00 00 01 00 00 00 b7 03 00 00 |....x...........|
00000040 03 00 00 00 fa 03 00 00 03 00 00 00 fc 03 00 00 |................|
00000050 03 00 00 00 fd 03 00 00 00 00 00 00 3c 04 00 00 |............<...|
00000060 00 00 00 00 3e 04 00 00 00 00 00 00 7f 04 00 00 |....>...........|
00000070 02 00 00 00 d4 05 00 00 03 00 00 00 7d 06 00 00 |............}...|
00000080 01 00 00 00 17 07 00 00 01 00 00 00 89 08 00 00 |................|
00000090 02 00 00 00 b5 08 00 00 02 00 00 00 b7 08 00 00 |................|
000000a0 02 00 00 00 0f 09 00 00 02 00 00 00 f3 09 00 00 |................|
000000b0 02 00 00 00 20 0b 00 00 01 00 00 00 24 0b 00 00 |.... .......$...|
000000c0 01 00 00 00 26 0b 00 00 02 00 00 00 fb 0b 00 00 |....&...........|
000000d0 02 00 00 00 ff 0b 00 00 01 00 00 00 9a 0c 00 00 |................|
000000e0 01 00 00 00 55 0d 00 00 01 00 00 00 57 0d 00 00 |....U.......W...|
000000f0 01 00 00 00 59 0d 00 00 01 00 00 00 5b 0d 00 00 |....Y.......[...|
00000100 01 00 00 00 5d 0d 00 00 01 00 00 00 6d 0d 00 00 |....].......m...|
00000110 01 00 00 00 78 0d 00 00 01 00 00 00 ac 0d 00 00 |....x...........|
00000120 02 00 00 00 45 0e 00 00 02 00 00 00 47 0e 00 00 |....E.......G...|
00000130 00 00 00 00 9a 0e 00 00 01 00 00 00 e0 0e 00 00 |................|
00000140 01 00 00 00 45 0f 00 00 03 00 00 00 63 0f 00 00 |....E.......c...|
00000150 03 00 00 00 21 10 00 00 01 00 00 00 c4 10 00 00 |....!...........|
00000160 01 00 00 00 c6 10 00 00 03 00 00 00 5b 11 00 00 |............[...|
00000170 00 00 00 00 ec 12 00 00 02 00 00 00 0a 13 00 00 |................|
00000180 03 00 00 00 17 13 00 00 01 00 00 00 65 13 00 00 |............e...|
00000190 01 00 00 00 67 13 00 00 01 00 00 00 86 13 00 00 |....g...........|
000001a0 00 00 00 00 8a 13 00 00 01 00 00 00 94 13 00 00 |................|
000001b0 01 00 00 00 96 13 00 00 00 00 00 00 87 14 00 00 |................|
000001c0 01 00 00 00 0b 15 00 00 00 00 00 00 3c 15 00 00 |............<...|
000001d0 01 00 00 00 43 16 00 00 00 00 00 00 b9 17 00 00 |....C...........|
000001e0 02 00 00 00 cb 17 00 00 02 00 00 00 d9 17 00 00 |................|
000001f0 01 00 00 00 8d 18 00 00 03 00 00 00 b6 18 00 00 |................|
00000200 00 00 00 00 00 00 00 00 01 00 00 00 04 00 00 00 |................|
00000210 08 20 00 00 80 00 00 00 10 00 00 00 c0 01 00 00 |. ..............|
00000220 00 00 00 00 fe ca ad de 00 00 00 00 00 00 00 00 |................|
00000230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 67 |..............Vg|
00000250 00 00 00 00 7b ee d3 7b 64 c5 d9 51 c5 fd 3e 61 |....{..{d..Q..>a|
00000260 14 2b f7 0b 73 7b 44 11 5a 3e 96 42 c5 82 03 0a |.+..s{D.Z>.B....|
00000270 5e b1 f2 08 4b 23 32 1a 79 d3 0f 3b 63 2f eb 68 |^...K#2.y..;c/.h|
00000280 3b 81 62 49 70 df b6 60 64 ee a5 06 24 06 33 14 |;.bIp..`d...$.3.|
00000290 11 ca ff 7f 9e 70 27 1a 09 11 ea 71 dc 59 0f 10 |.....p'....q.Y..|
000002a0 aa e0 b7 7f d4 5b eb 06 ac d9 6d 6f f2 11 42 09 |.....[....mo..B.|
000002b0 1b 5e 88 00 10 21 27 76 af a8 04 4c 3b 70 16 17 |.^...!'v...L;p..|
000002c0 33 7e e1 14 cd e7 22 32 e3 0e de 74 50 c5 eb 68 |3~...."2...tP..h|
000002d0 48 d6 f6 2d 47 d4 b7 46 15 c3 2a 4a 5c 01 ee 39 |H..-G..F..*J\..9|
000002e0 bb 4f fc 57 6f 01 c1 0c 22 84 f1 43 19 01 ef 60 |.O.Wo..."..C...`|
000002f0 ba 24 f3 26 9b 57 01 7f 7d 30 da 49 f5 a5 55 70 |.$.&.W..}0.I..Up|
00000300 0b 37 b8 5f e1 1e 80 50 1a ac 88 04 1c 01 b8 5f |.7._...P......._|
00000310 7f 8f a7 6a 23 bd 72 76 f8 5a c7 6f 29 70 5f 6a |...j#.rv.Z.o)p_j|
00000320 f8 18 5e 7d a4 34 35 5f 1b 82 a1 73 13 77 e6 7d |..^}.45_...s.w.}|
00000330 b5 55 5c 55 ca 2a a6 3f 4e e7 fc 14 e8 d3 3d 6a |.U\U.*.?N.....=j|
00000340 98 12 c9 71 32 f6 da 09 38 99 29 53 e0 e8 bf 1f |...q2...8.)S....|
00000350 79 ca 92 50 4d 5c 54 1d 3d ea ad 59 34 1a 8f 28 |y..PM\T.=..Y4..(|
00000360 bc 5d 15 2a 5f 6e 9f 1d 4e 1b 7e 09 77 82 08 51 |.].*_n..N.~.w..Q|
00000370 fa c5 a0 1c cb 4b 58 53 6c 28 5e 41 05 fd 58 7c |.....KXSl(^A..X||
00000380 ac 6a d8 23 86 d4 e6 45 21 fe 10 5c 2b fa 7f 0e |.j.#...E!..\+...|
00000390 aa 91 59 3c 1a 59 d8 4b 55 6a df 78 a2 aa b7 39 |..Y<.Y.KUj.x...9|
000003a0 be 8d 0d 2b 70 ec 80 6c b5 21 9e 37 73 e3 69 00 |...+p..l.!.7s.i.|
000003b0 3b 17 27 2c 04 09 9b 4c 5c b7 a7 6a d3 29 f0 1d |;.',...L\..j.)..|
000003c0 36 ff 75 56 94 50 d1 3d b3 12 b0 3d af c9 08 27 |6.uV.P.=...=...'|
000003d0 e2 ac 25 5b f0 fc 5d 17 e4 e3 97 4f 9e 0a 3b 05 |..%[..]....O..;.|
000003e0 4f 6b fd 34 32 ff 15 59 15 8d 43 56 49 31 9e 51 |Ok.42..Y..CVI1.Q|
000003f0 fd 4a 6e 2c 82 b5 a1 17 4e 2e f7 4d a9 b5 46 50 |.Jn,....N..M..FP|
00000400 74 6f 6f 62 00 00 00 00 01 00 00 00 00 00 00 00 |toob............|
00000410 67 6f 6c 70 01 00 00 00 01 00 00 00 00 00 00 00 |golp............|
00000420 6d 72 76 6e 02 00 00 00 06 00 00 00 00 00 00 00 |mrvn............|
00000430 6d 72 69 66 08 00 00 00 08 00 00 00 00 00 00 00 |mrif............|
00000440 73 79 73 66 10 00 00 00 f8 1f 00 00 00 00 00 00 |sysf............|
00000450 67 66 63 73 00 00 00 00 00 00 00 00 01 00 00 00 |gfcs............|
00000460 67 61 69 64 00 00 00 00 00 00 00 00 01 00 00 00 |gaid............|
00000470 74 62 62 66 00 00 00 00 00 00 00 00 01 00 00 00 |tbbf............|
00000480 65 6e 6f 6e 84 4d 7b 59 7f 9e 81 0f 2d d4 c7 57 |enon.M{Y....-..W|
00000490 65 6e 6f 6e d4 64 1b 63 76 e7 b5 78 47 6e 48 75 |enon.d.cv..xGnHu|
000004a0 65 6e 6f 6e 32 de 0d 1a 1c 8c 96 65 ec 3d 26 46 |enon2......e.=&F|
000004b0 65 6e 6f 6e c4 d3 d4 73 30 2e 6f 74 f6 8a de 6f |enon...s0.ot...o|
000004c0 65 6e 6f 6e 23 e8 c0 49 85 36 d5 14 6c 85 0f 23 |enon#..I.6..l..#|
000004d0 65 6e 6f 6e b2 ec 06 3f 07 48 59 3b 04 23 aa 6c |enon...?.HY;.#.l|
000004e0 65 6e 6f 6e ec 3b 41 25 0b 0b 18 17 b9 28 93 57 |enon.;A%.....(.W|
000004f0 65 6e 6f 6e ba a8 cc 11 86 ab 32 4d c3 ac 07 3f |enon......2M...?|
00000500 65 6e 6f 6e 05 4a b4 5c f1 80 cf 16 ec 5d 69 1c |enon.J.\.....]i.|
00000510 65 6e 6f 6e 67 68 85 0f 33 cc b1 11 b7 fb 22 2e |enongh..3.....".|
00000520 65 6e 6f 6e 50 58 48 77 a3 39 49 74 e3 d2 a0 4f |enonPXHw.9It...O|
00000530 65 6e 6f 6e d3 67 b8 68 d9 5d 7f 3f 34 5a e0 2a |enon.g.h.].?4Z.*|
00000540 65 6e 6f 6e 5e 94 54 54 a0 df ef 4d f2 d5 23 21 |enon^.TT...M..#!|
00000550 65 6e 6f 6e a8 27 49 09 f6 f8 cd 0d 05 b1 d7 52 |enon.'I........R|
00000560 65 6e 6f 6e 01 04 e6 24 be d9 6a 2a b4 c1 aa 0b |enon...$..j*....|
00000570 65 6e 6f 6e 44 85 9d 77 78 6e b2 4a fa a2 fa 21 |enonD..wxn.J...!|
00000580 65 6e 6f 6e 69 ef 81 61 e6 00 64 3e 23 7e 21 14 |enoni..a..d>#~!.|
00000590 65 6e 6f 6e 1a cd 15 50 da 79 44 42 69 9e 9a 1a |enon...P.yDBi...|
000005a0 65 6e 6f 6e 7e b3 8d 36 4c 71 3b 6a 7e 51 7b 32 |enon~..6Lq;j~Q{2|
000005b0 65 6e 6f 6e 25 cf ba 29 b3 ab 5b 5d 48 6b bf 51 |enon%..)..[]Hk.Q|
000005c0 65 6e 6f 6e 53 8b 4b 2b 3a 41 e3 72 94 e4 6a 11 |enonS.K+:A.r..j.|
000005d0 65 6e 6f 6e 31 3a b1 00 99 95 42 64 90 16 1f 63 |enon1:....Bd...c|
000005e0 65 6e 6f 6e 57 6f ad 0e 44 d8 c9 6e ee ea 49 5c |enonWo..D..n..I\|
000005f0 65 6e 6f 6e bc 46 7c 39 e9 8d 44 7e e5 c3 9c 5a |enon.F|9..D~...Z|
00000600 6c 55 73 c0 ce f0 f9 17 88 96 8c a9 dc ea 01 b7 |lUs.............|
00000610 a8 89 fd 7a 3b 2c 69 d5 ae c3 47 4f aa a0 b2 15 |...z;,i...GO....|
...
Original comment by stefan.b...@web.de on 14 Jan 2013 at 9:09
GoogleCodeExporter
commented
8 years ago sorry for the delay, the patch that should fix your issue is there :
https://code.google.com/p/iphone-dataprotection/issues/detail?id=95#c8
you'll have to reacquire the image, as the dumper code was incorrect and
"missed" half of the data when reading.Original comment by jean.sig...@gmail.com on 1 Apr 2013 at 9:37
GoogleCodeExporter
commented
8 years ago This fixes the AssertionError, thanks!
However, when rerunning ios_examiner.py on the new nand dump, the following
error occurs, resembling issue 72. Here is the output:
Loading device information from iphone4.plist
Device model: iPhone 4 GSM
UDID: **hidden**
ECID: **hidden**
Serial number: **hidden**
key835: **hidden**
key89B: **hidden**
Chip id 0x3295ee98 banks per CE physical 2
NAND geometry : 32GB (4 CEs (2 physical banks/CE) of 8200 blocks of 128 pages
of 8192 bytes data, 12 bytes metdata)
Image size matches expected size, looks ok
Searching for special pages...
Found DEVICEUNIQUEINFO, NANDDRIVERSIGN, DEVICEINFOBBT special pages in CE 0
NAND signature 0x43313131 flags 0x10005 withening=1, epoch=1
Effaceable generation 22
Effaceable CRC OK
Found effaceable lockers in ce 1 block 1 page 96
Lockers : BAG1, DONE, Dkey, LwVM
Found DEVICEUNIQUEINFO, serial number=**hidden**
Using VSVFL
Traceback (most recent call last):
File "python_scripts/ios_examiner.py", line 366, in <module>
main()
File "python_scripts/ios_examiner.py", line 361, in main
image = NAND(nandimagename, device_infos)
File "/Volumes/Medien2012 4/iphone-dataprotection_030413/python_scripts/nand/nand.py", line 125, in __init__
self.vfl = VSVFL(self)
File "/Volumes/Medien2012 4/iphone-dataprotection_030413/python_scripts/nand/vsvfl.py", line 86, in __init__
raise Exception("Unable to find VSVFL context for CE %d" % ce)
Exception: Unable to find VSVFL context for CE 0
The new nand dump now looks like:
hexdump -C iphone4_nand.bin
00000000 6e 64 72 47 00 00 00 00 00 00 00 00 06 00 00 00 |ndrG............|
00000010 07 00 00 00 ff 5c 49 19 4a 94 e8 2a ec 58 55 62 |.....\I.J..*.XUb|
00000020 b6 18 00 00 3b 00 00 00 02 00 00 00 98 00 00 00 |....;...........|
00000030 02 00 00 00 78 02 00 00 01 00 00 00 b7 03 00 00 |....x...........|
00000040 03 00 00 00 fa 03 00 00 03 00 00 00 fc 03 00 00 |................|
00000050 03 00 00 00 fd 03 00 00 00 00 00 00 3c 04 00 00 |............<...|
00000060 00 00 00 00 3e 04 00 00 00 00 00 00 7f 04 00 00 |....>...........|
00000070 02 00 00 00 d4 05 00 00 03 00 00 00 7d 06 00 00 |............}...|
00000080 01 00 00 00 17 07 00 00 01 00 00 00 89 08 00 00 |................|
00000090 02 00 00 00 b5 08 00 00 02 00 00 00 b7 08 00 00 |................|
000000a0 02 00 00 00 0f 09 00 00 02 00 00 00 f3 09 00 00 |................|
000000b0 02 00 00 00 20 0b 00 00 01 00 00 00 24 0b 00 00 |.... .......$...|
000000c0 01 00 00 00 26 0b 00 00 02 00 00 00 fb 0b 00 00 |....&...........|
000000d0 02 00 00 00 ff 0b 00 00 01 00 00 00 9a 0c 00 00 |................|
000000e0 01 00 00 00 55 0d 00 00 01 00 00 00 57 0d 00 00 |....U.......W...|
000000f0 01 00 00 00 59 0d 00 00 01 00 00 00 5b 0d 00 00 |....Y.......[...|
00000100 01 00 00 00 5d 0d 00 00 01 00 00 00 6d 0d 00 00 |....].......m...|
00000110 01 00 00 00 78 0d 00 00 01 00 00 00 ac 0d 00 00 |....x...........|
00000120 02 00 00 00 45 0e 00 00 02 00 00 00 47 0e 00 00 |....E.......G...|
00000130 00 00 00 00 9a 0e 00 00 01 00 00 00 e0 0e 00 00 |................|
00000140 01 00 00 00 45 0f 00 00 03 00 00 00 63 0f 00 00 |....E.......c...|
00000150 03 00 00 00 21 10 00 00 01 00 00 00 c4 10 00 00 |....!...........|
00000160 01 00 00 00 c6 10 00 00 03 00 00 00 5b 11 00 00 |............[...|
00000170 00 00 00 00 ec 12 00 00 02 00 00 00 0a 13 00 00 |................|
00000180 03 00 00 00 17 13 00 00 01 00 00 00 65 13 00 00 |............e...|
00000190 01 00 00 00 67 13 00 00 01 00 00 00 86 13 00 00 |....g...........|
000001a0 00 00 00 00 8a 13 00 00 01 00 00 00 94 13 00 00 |................|
000001b0 01 00 00 00 96 13 00 00 00 00 00 00 87 14 00 00 |................|
000001c0 01 00 00 00 0b 15 00 00 00 00 00 00 3c 15 00 00 |............<...|
000001d0 01 00 00 00 43 16 00 00 00 00 00 00 b9 17 00 00 |....C...........|
000001e0 02 00 00 00 cb 17 00 00 02 00 00 00 d9 17 00 00 |................|
000001f0 01 00 00 00 8d 18 00 00 03 00 00 00 b6 18 00 00 |................|
00000200 00 00 00 00 00 00 00 00 01 00 00 00 04 00 00 00 |................|
00000210 08 20 00 00 80 00 00 00 10 00 00 00 c0 01 00 00 |. ..............|
00000220 00 00 00 00 fe ca ad de 00 00 00 00 00 00 00 00 |................|
00000230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 67 |..............Vg|
00000250 00 00 00 00 7b ee d3 7b 64 c5 d9 51 c5 fd 3e 61 |....{..{d..Q..>a|
00000260 14 2b f7 0b 73 7b 44 11 5a 3e 96 42 c5 82 03 0a |.+..s{D.Z>.B....|
00000270 5e b1 f2 08 4b 23 32 1a 79 d3 0f 3b 63 2f eb 68 |^...K#2.y..;c/.h|
00000280 3b 81 62 49 70 df b6 60 64 ee a5 06 24 06 33 14 |;.bIp..`d...$.3.|
00000290 11 ca ff 7f 9e 70 27 1a 09 11 ea 71 dc 59 0f 10 |.....p'....q.Y..|
000002a0 aa e0 b7 7f d4 5b eb 06 ac d9 6d 6f f2 11 42 09 |.....[....mo..B.|
000002b0 1b 5e 88 00 10 21 27 76 af a8 04 4c 3b 70 16 17 |.^...!'v...L;p..|
000002c0 33 7e e1 14 cd e7 22 32 e3 0e de 74 50 c5 eb 68 |3~...."2...tP..h|
000002d0 48 d6 f6 2d 47 d4 b7 46 15 c3 2a 4a 5c 01 ee 39 |H..-G..F..*J\..9|
000002e0 bb 4f fc 57 6f 01 c1 0c 22 84 f1 43 19 01 ef 60 |.O.Wo..."..C...`|
000002f0 ba 24 f3 26 9b 57 01 7f 7d 30 da 49 f5 a5 55 70 |.$.&.W..}0.I..Up|
00000300 0b 37 b8 5f e1 1e 80 50 1a ac 88 04 1c 01 b8 5f |.7._...P......._|
00000310 7f 8f a7 6a 23 bd 72 76 f8 5a c7 6f 29 70 5f 6a |...j#.rv.Z.o)p_j|
00000320 f8 18 5e 7d a4 34 35 5f 1b 82 a1 73 13 77 e6 7d |..^}.45_...s.w.}|
00000330 b5 55 5c 55 ca 2a a6 3f 4e e7 fc 14 e8 d3 3d 6a |.U\U.*.?N.....=j|
00000340 98 12 c9 71 32 f6 da 09 38 99 29 53 e0 e8 bf 1f |...q2...8.)S....|
00000350 79 ca 92 50 4d 5c 54 1d 3d ea ad 59 34 1a 8f 28 |y..PM\T.=..Y4..(|
00000360 bc 5d 15 2a 5f 6e 9f 1d 4e 1b 7e 09 77 82 08 51 |.].*_n..N.~.w..Q|
00000370 fa c5 a0 1c cb 4b 58 53 6c 28 5e 41 05 fd 58 7c |.....KXSl(^A..X||
00000380 ac 6a d8 23 86 d4 e6 45 21 fe 10 5c 2b fa 7f 0e |.j.#...E!..\+...|
00000390 aa 91 59 3c 1a 59 d8 4b 55 6a df 78 a2 aa b7 39 |..Y<.Y.KUj.x...9|
000003a0 be 8d 0d 2b 70 ec 80 6c b5 21 9e 37 73 e3 69 00 |...+p..l.!.7s.i.|
000003b0 3b 17 27 2c 04 09 9b 4c 5c b7 a7 6a d3 29 f0 1d |;.',...L\..j.)..|
000003c0 36 ff 75 56 94 50 d1 3d b3 12 b0 3d af c9 08 27 |6.uV.P.=...=...'|
000003d0 e2 ac 25 5b f0 fc 5d 17 e4 e3 97 4f 9e 0a 3b 05 |..%[..]....O..;.|
000003e0 4f 6b fd 34 32 ff 15 59 15 8d 43 56 49 31 9e 51 |Ok.42..Y..CVI1.Q|
000003f0 fd 4a 6e 2c 82 b5 a1 17 4e 2e f7 4d a9 b5 46 50 |.Jn,....N..M..FP|
00000400 74 6f 6f 62 00 00 00 00 01 00 00 00 00 00 00 00 |toob............|
00000410 67 6f 6c 70 01 00 00 00 01 00 00 00 00 00 00 00 |golp............|
00000420 6d 72 76 6e 02 00 00 00 06 00 00 00 00 00 00 00 |mrvn............|
00000430 6d 72 69 66 08 00 00 00 08 00 00 00 00 00 00 00 |mrif............|
00000440 73 79 73 66 10 00 00 00 f8 1f 00 00 00 00 00 00 |sysf............|
00000450 67 66 63 73 00 00 00 00 00 00 00 00 01 00 00 00 |gfcs............|
00000460 67 61 69 64 00 00 00 00 00 00 00 00 01 00 00 00 |gaid............|
00000470 74 62 62 66 00 00 00 00 00 00 00 00 01 00 00 00 |tbbf............|
00000480 65 6e 6f 6e 84 4d 7b 59 7f 9e 81 0f 2d d4 c7 57 |enon.M{Y....-..W|
00000490 65 6e 6f 6e d4 64 1b 63 76 e7 b5 78 47 6e 48 75 |enon.d.cv..xGnHu|
000004a0 65 6e 6f 6e 32 de 0d 1a 1c 8c 96 65 ec 3d 26 46 |enon2......e.=&F|
000004b0 65 6e 6f 6e c4 d3 d4 73 30 2e 6f 74 f6 8a de 6f |enon...s0.ot...o|
000004c0 65 6e 6f 6e 23 e8 c0 49 85 36 d5 14 6c 85 0f 23 |enon#..I.6..l..#|
000004d0 65 6e 6f 6e b2 ec 06 3f 07 48 59 3b 04 23 aa 6c |enon...?.HY;.#.l|
000004e0 65 6e 6f 6e ec 3b 41 25 0b 0b 18 17 b9 28 93 57 |enon.;A%.....(.W|
000004f0 65 6e 6f 6e ba a8 cc 11 86 ab 32 4d c3 ac 07 3f |enon......2M...?|
00000500 65 6e 6f 6e 05 4a b4 5c f1 80 cf 16 ec 5d 69 1c |enon.J.\.....]i.|
00000510 65 6e 6f 6e 67 68 85 0f 33 cc b1 11 b7 fb 22 2e |enongh..3.....".|
00000520 65 6e 6f 6e 50 58 48 77 a3 39 49 74 e3 d2 a0 4f |enonPXHw.9It...O|
00000530 65 6e 6f 6e d3 67 b8 68 d9 5d 7f 3f 34 5a e0 2a |enon.g.h.].?4Z.*|
00000540 65 6e 6f 6e 5e 94 54 54 a0 df ef 4d f2 d5 23 21 |enon^.TT...M..#!|
00000550 65 6e 6f 6e a8 27 49 09 f6 f8 cd 0d 05 b1 d7 52 |enon.'I........R|
00000560 65 6e 6f 6e 01 04 e6 24 be d9 6a 2a b4 c1 aa 0b |enon...$..j*....|
00000570 65 6e 6f 6e 44 85 9d 77 78 6e b2 4a fa a2 fa 21 |enonD..wxn.J...!|
00000580 65 6e 6f 6e 69 ef 81 61 e6 00 64 3e 23 7e 21 14 |enoni..a..d>#~!.|
00000590 65 6e 6f 6e 1a cd 15 50 da 79 44 42 69 9e 9a 1a |enon...P.yDBi...|
000005a0 65 6e 6f 6e 7e b3 8d 36 4c 71 3b 6a 7e 51 7b 32 |enon~..6Lq;j~Q{2|
000005b0 65 6e 6f 6e 25 cf ba 29 b3 ab 5b 5d 48 6b bf 51 |enon%..)..[]Hk.Q|
000005c0 65 6e 6f 6e 53 8b 4b 2b 3a 41 e3 72 94 e4 6a 11 |enonS.K+:A.r..j.|
000005d0 65 6e 6f 6e 31 3a b1 00 99 95 42 64 90 16 1f 63 |enon1:....Bd...c|
000005e0 65 6e 6f 6e 57 6f ad 0e 44 d8 c9 6e ee ea 49 5c |enonWo..D..n..I\|
000005f0 65 6e 6f 6e bc 46 7c 39 e9 8d 44 7e e5 c3 9c 5a |enon.F|9..D~...Z|
00000600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
...
Original comment by stefan.b...@web.de on 5 Apr 2013 at 8:29
GoogleCodeExporter
commented
8 years ago yes this is the same issue. can you apply the following patch, run ios_examiner
on the nand image and also without parameters with the ramdisk connected and
post both outputs ? thanks a lot.Original comment by jean.sig...@gmail.com on 7 Apr 2013 at 11:29
Attachments:
GoogleCodeExporter
commented
8 years ago here are the two outputs:Original comment by stefan.b...@web.de on 8 Apr 2013 at 7:28
Attachments:
GoogleCodeExporter
commented
8 years ago ok, can you put nand_debug.py in the python_scripts folder, run it (with
ramdisk attached) and post the output. then, apply the nand_dump_test1.patch,
rebuild the ramdisk and re-run nand_debug.py and see if the output is different.
i'm still in the dark about this bug so expect a lot a back and forth. thanks
again for your time.Original comment by jean.sig...@gmail.com on 8 Apr 2013 at 12:07
Attachments:
GoogleCodeExporter
commented
8 years ago I am happy to interate. Here we go: Original comment by stefan.b...@web.de on 8 Apr 2013 at 4:50
Attachments:
GoogleCodeExporter
commented
8 years ago ok, can you re-run nand_debug.py and repost the output, just to check if some
part of the output is random or not (use the ramdisk version with the
nand_dump_test1 patch even though i dont think it has any effect).
also, attached is another script to run as well.
thanks a lot.Original comment by jean.sig...@gmail.com on 8 Apr 2013 at 5:48
Attachments:
GoogleCodeExporter
commented
8 years ago here is a simple rerun of nand_debug.py with the nand_dump_test1.patch'ed
ramdisk (nand_debug_out3_afterpatch.txt) and a run of nand_debug2.py on the
same ramdisk (nand_debug2_out.txt): Original comment by stefan.b...@web.de on 8 Apr 2013 at 8:52
Attachments:
GoogleCodeExporter
commented
8 years ago this is the weirdest bug ...
here is another test script (nand_debug3.py), if it says checksum OK : False
then uncomment the time.sleep statement and try again to see if this changes
anything.
also if you could run again nand_debug.py twice in a row and post both outputs.
at this point i still have no idea how to fix this, it looks like when reading
sequentially at the time it gets to the 16th block (the first that does not
uses "bootloader mode"), the current read data somehow gets corrupted by the
previous : random stripes of FFs appear starting at offset 0x600, (which is the
effective size of the last bootloader page, hence my "corruption theory"), all
of this without any ecc error code from the kernel.
anyway thanks again for your help.Original comment by jean.sig...@gmail.com on 8 Apr 2013 at 9:58
Attachments:
GoogleCodeExporter
commented
8 years ago I'm stuck at the moment as entering DFU model fails (screen with empty progress
bar below apple at first, now fails with black screen after multiple tries;
iphone appears to work fine as standalone, but is not recognized as a device by
redsn0w/iTunes/iPhoto any more); any idea? Original comment by stefan.b...@web.de on 9 Apr 2013 at 9:25
GoogleCodeExporter
commented
8 years ago thats odd, no USB at all ? when yo say empty progress bar below apple, you mean
when booting the ramdisk with redsn0w ? if the device is jailbroken and you can
ssh into it through wifi try looking at the syslog see if theres any indication
about the usb issue.Original comment by jean.sig...@gmail.com on 10 Apr 2013 at 8:23
GoogleCodeExporter
commented
8 years ago DFU ok again, i got errors as in issue 84, rebuilding the ramdisk made them
disappear.
Here now comes the output of nand_debug3.py, checksum OK: TRUE in both cases;
also, two consecutive runs of the old nand_debug.py: first run
(nand_debug_out3a.txt)
left the iphone with indefinite prompting of "Abort dump". An immediate rerun
of
the script therefore didn't work (nand_debug_out3b.txt), after reboot through
ssh
and remounting the ramdisk nand_debug.py yielded a slightly different output
(nand_debug_out3a.txt).
nand_debug_out3b.txt
nand_debug_out3c.txtOriginal comment by stefan.b...@web.de on 10 Apr 2013 at 1:18
Attachments:
GoogleCodeExporter
commented
8 years ago Hi Jean, have you made any progress in understanding this bug? Anything else I
can help with? Best, Stefan Original comment by stefan.b...@web.de on 26 Apr 2013 at 6:46
GoogleCodeExporter
commented
8 years ago i still havent quite figured it out. i will write another script soon for you
to test : it will acquire a new image (with the faulty method), then read each
page individually and compare it with the dump, to see if this weird error
happens only on a limited set of pages.Original comment by jean.sig...@gmail.com on 26 Apr 2013 at 8:53
GoogleCodeExporter
commented
8 years ago ok, here is the script. you have to boot the ramdisk, acquire a new image with
the ios_examiner nand_dump command (using the same ramdisk as before). Then,
without rebooting the device run the script :
python nand_check_image.py nand_image plist_file
It will read each page from the image and compare it with the version read
using the "read single page proxy" that gives the correct results. This might
take a long time. When it is done, you can post the nand_diff.txt file that
will be created. If the script output many xxx_yyy lines (say more than 100),
you can interrupt the script and post that output instead of waiting for the
full image to be analyzed.
Thanks again.Original comment by jean.sig...@gmail.com on 9 May 2013 at 11:33
Attachments:
GoogleCodeExporter
commented
8 years ago OK, here are the first few hundred lines of the output of the script:
python python_scripts/nand_check_image.py iphone4_nand.bin iphone4.plist
It generates many xxx_yyy lines in the output, and generates one file
xxx_yyy.bin for each line which prevents the script from finishing after a
while.
Original comment by stefan.b...@web.de on 29 May 2013 at 8:19
Attachments:
GoogleCodeExporter
commented
8 years ago ok, so the iphone4_nand.bin was acquired right before running the script right ?
can you post the 2_19456.bin file ?
i've posted another patch here
https://code.google.com/p/iphone-dataprotection/issues/detail?id=72#c32
but seeing the results you posted i'm not sure it will work now :(
thanksOriginal comment by jean.sig...@gmail.com on 29 May 2013 at 9:10
GoogleCodeExporter
commented
8 years ago yes, the iphone4_nand.bin was acquired right before running the script. I
cannot post the 2_19456.bin as I deleted the millions of .bin files to unclog
my file system. Would you like me to do a redump to get you that file? Original comment by stefan.b...@web.de on 29 May 2013 at 12:45
GoogleCodeExporter
commented
8 years ago don't bother, if you can try the patch in the last comment in issue 72.
thanks.Original comment by jean.sig...@gmail.com on 29 May 2013 at 5:37
GoogleCodeExporter
commented
8 years ago Guys help me I bought I phone 5c legitimate gys. Probles is wen I reformat d
thing asking for a icloud acout . Unfortunately I cannot longer contact the
owner. Its not jail broken yet. Is there a free way to activate this phone?Original comment by bushyh...@gmail.com on 14 Feb 2015 at 6:30
Original issue reported on code.google.com by
stefan.b...@web.deon 14 Jan 2013 at 12:46