Enter pwnDFU failed

[zhirongxiang]

Device: macOS 14.5 running on M2 Mac Mini

[Input] Select your option: 1) ipwnder 2) ipwndfu

? 1

[Log] Placing device to pwnDFU mode using ipwnder [main] enabled: debug log [main] Waiting for device in DFU mode... [io_get_serial] Found serial number! [main] CONNECTED [main] CPID: 0x8920, BDID: 0x00, STRG: [iBoot-359.3.2] [patch_payload] newBR [limera1n] ERROR:Failed to generate payload! [Error] Failed to enter pwnDFU mode. Please run the script again.

[zhirongxiang]

This what is get when trying ipwndfu:

[Input] Select your option: 1) ipwnder 2) ipwndfu

? 2

[Log] Placing device to pwnDFU mode using ipwndfu ln: /Users/zhirongxiang/lib/lib: Permission denied [Log] Placing device to pwnDFU Mode using ipwndfu Traceback (most recent call last): File "ipwndfu", line 49, in device = dfu.acquire_device() File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/dfu.py", line 16, in acquire_device for device in usb.core.find(find_all=True, idVendor=0x5AC, idProduct=0x1227, backend=backend): File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/usb/core.py", line 1263, in find raise NoBackendError('No backend available') usb.core.NoBackendError: No backend available [Error] Failed to enter pwnDFU mode. Please run the script again.

[LukeZGD]

for ipwnder: is this with the latest version of legacy ios kit (v24.07.13)

for ipwndfu: install libusb in homebrew

[zhirongxiang]

Yes, I'm using v24.07.13 (df82158) I also tried installing libusb, but still no luck. Tried other tools such as limera1n-pwner and it successfully puts my device into pwnDFU. Seems that it has something to with the ipwnder/ipwndfu used by this tool which is no longer compatible with the latest macOS.

[zhirongxiang]

However, even with device in pwnDFU using other tools, I still encounter the same no backend error when trying to exploit the device with alloc8. Something wrong with the ipwndfu used?

? 7

[Input] PwnDFU Tool Option

• Select tool to be used for entering pwned DFU mode.
• This option is set to ipwnder by default (1). Select this option if unsure.
• If the first option does not work, try the other option(s). [Input] Select your option: 1) ipwnder 2) ipwndfu

  ? 1

  [Log] Placing device to pwnDFU mode using ipwnder [main] enabled: debug log [main] Waiting for device in DFU mode... [io_get_serial] Found serial number! [main] CONNECTED [main] CPID: 0x8920, BDID: 0x00, STRG: [iBoot-359.3.2] [main] ERROR:Already pwned! ln: /Users/zhirongxiang/lib/lib: Permission denied [Log] Installing alloc8 to device Traceback (most recent call last): File "ipwndfu", line 98, in device = PwnedDFUDevice() File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/dfuexec.py", line 100, in init device = dfu.acquire_device() File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/dfu.py", line 16, in acquire_device for device in usb.core.find(find_all=True, idVendor=0x5AC, idProduct=0x1227, backend=backend): File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/usb/core.py", line 1263, in find raise NoBackendError('No backend available') usb.core.NoBackendError: No backend available

• If you get the error "No backend available," install libusb in Homebrew/MacPorts [Log] Done!

[LukeZGD]

oh yeah i see the lib error, here:

run mv ~/lib ~/lib.bak; ln -sf /opt/homebrew/lib ~/lib

this should fix ipwndfu

[LukeZGD]

i will be fixing both ipwnder and ipwndfu issues with the 3gs in the next commit later

[zhirongxiang]

mv ~/lib ~/lib.bak; ln -sf /opt/homebrew/lib ~/lib command still not working, much appreciated if a fix could be provided 🙏

[LukeZGD]

pushed a fix, ipwnder should work now

[zhirongxiang]

Any plan for fixing ipwndfu? Still getting the backend error when trying alloc8. Thanks!

[Input] Select an option: 1) Get iOS Version 7) Install alloc8 Exploit 2) Enter pwnDFU Mode 8) SSH Ramdisk 3) Clear NVRAM 9) Create Custom IPSW 4) Activation Records 10) Enable Flags 5) Dump Baseband 11) (Re-)Install Dependencies 6) Just Boot 12) Go Back

? 7

[Input] PwnDFU Tool Option

• Select tool to be used for entering pwned DFU mode.

• This option is set to ipwnder by default (1). Select this option if unsure.

• If the first option does not work, try the other option(s). [Input] Select your option: 1) ipwnder 2) ipwndfu

  ? 1

  [Log] Placing device to pwnDFU mode using ipwnder [main] enabled: debug log [main] Waiting for device in DFU mode... [io_get_serial] Found serial number! [main] CONNECTED [main] CPID: 0x8920, BDID: 0x00, STRG: [iBoot-359.3.2] [main] ERROR:Already pwned! [Log] Installing alloc8 to device Traceback (most recent call last): File "ipwndfu", line 98, in device = PwnedDFUDevice() File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/dfuexec.py", line 100, in init device = dfu.acquire_device() File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/dfu.py", line 16, in acquire_device for device in usb.core.find(find_all=True, idVendor=0x5AC, idProduct=0x1227, backend=backend): File "/Users/zhirongxiang/Downloads/Legacy-iOS-Kit_macos_v24.07.12/saved/ipwndfu/usb/core.py", line 1263, in find raise NoBackendError('No backend available') usb.core.NoBackendError: No backend available

• If you get the error "No backend available," install libusb in Homebrew/MacPorts [Log] Done!

• This may take several tries. If it fails, unplug and replug your device, then run the script again

• For more troubleshooting, go to: https://github.com/axi0mX/ipwndfu/blob/master/JAILBREAK-GUIDE.md

• Save the terminal output now if needed.

• Legacy iOS Kit v24.07.14 (a108f81)

• Platform: macos (14.5)

[LukeZGD]

having libusb installed in homebrew fixed this issue for other apple silicon mac users i know of

[zhirongxiang]

For anyone who encounter the same issue, try:

brew install pyenv
pyenv install 2.7.18
pyenv install 3.10.4
pyenv global 2.7.18 3.10.4

Now libusb should be correctly recognized.