ipad air1 A7 downgrade

[Adderly666]

Hello, i tried around 200 times to make a downgrade to 10.3.3 on my "ipad air 1" with A7 chip. My hardware: Intel i7700 pc with kali linux booted from a usb-stick. What happening while the script tries the hack: Some times the ipad resets and go to recovery-mode. Some times the ipad screen stays black. I guess this is what we want. But then i get the attached terminal output with a fail. It this a "normal" failed pwndfu try output? Do i have to make more tries till i got lucky? The traceback errors make me think i do have another issue here and not just bad luck. Any help?

Terminal output:

 *** Legacy iOS Kit ***
 - Script by LukeZGD -

* Version: v24.10.07 (146a80e)
* Platform: linux (Kali GNU/Linux Rolling - x86_64) 

* Device: iPad Air 1 (Wi-Fi) (iPad4,1 - j71ap) in Recovery mode
* iOS Version: ::       BUILD_TAG: iBoot-4513.270.14
* ECID: 64235161444

* Only select unmodified IPSW for the selection. Do not select custom IPSWs

* Selected IPSW: ../iPad_64bit_10.3.3_14G60_Restore.ipsw

 > Main Menu > Restore/Downgrade > iOS 10.3.3
[Input] Select an option:
1) Select Target IPSW
2) Download Target IPSW
3) Start Restore
4) Go Back
#? 3
[Input] Pwned Restore Option
* When this option is enabled, use-pwndfu will be enabled for restoring.
* This option is disabled by default (N). Select this option if unsure.
[Input] Enable this option? (y/N): n
[Log] Pwned restore option disabled.
[Log] Patching iBSS and iBEC...
Archive:  ../iPad_64bit_10.3.3_14G60_Restore.ipsw
  inflating: iBSS.ipad4.RELEASE.im4p  
Archive:  ../iPad_64bit_10.3.3_14G60_Restore.ipsw
  inflating: iBEC.ipad4.RELEASE.im4p  
Archive:  ../iPad_64bit_10.3.3_14G60_Restore.ipsw
  inflating: iBSS.ipad4b.RELEASE.im4p  
Archive:  ../iPad_64bit_10.3.3_14G60_Restore.ipsw
  inflating: iBEC.ipad4b.RELEASE.im4p  
[Log] Pwned iBSS and iBEC saved at: saved/iPad4,1
[Log] Found existing saved 10.3.3 blobs: ../saved/shsh/64235161444_iPad4,1_j71ap_10.3.3-14G60_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2
* DFU Mode Helper - Get ready to enter DFU mode.
* If you already know how to enter DFU mode, you may do so right now before continuing.
[Input] Select Y to continue, N to exit recovery mode (Y/n) y
[Log] Found device in DFU mode.
[Log] Placing device to pwnDFU Mode using ipwndfu
Acquiring device handle.
Releasing device handle.
*** checkm8 exploit by axi0mX ***
*** modified version by Linus Henze and synackuk ***
Acquiring device handle.
Found: CPID:8960 CPRV:11 CPFM:03 SCEP:01 BDID:10 ECID:0000000EF4B6C764 IBFL:1C SRTG:[iBoot-1704.10]
Performing USB port reset.
Releasing device handle.
Acquiring device handle.
Releasing device handle.
Acquiring device handle.
Performing USB port reset.
Releasing device handle.
Acquiring device handle.
Traceback (most recent call last):
  File "ipwndfu", line 68, in <module>
    checkm8.exploit()
  File "/media/kali/PATRIOT/hack2/saved/ipwndfu/checkm8.py", line 524, in exploit
    if 'PWND:[checkm8]' not in device.serial_number:
  File "/media/kali/PATRIOT/hack2/saved/ipwndfu/usb/core.py", line 830, in serial_number
    self._serial_number = util.get_string(self, self.iSerialNumber)
  File "/media/kali/PATRIOT/hack2/saved/ipwndfu/usb/util.py", line 314, in get_string
    raise ValueError("The device has no langid")
ValueError: The device has no langid
[Log] You may see the langid error above. This is normal, let's try to make it work
* If it is any other error, it may have failed. Just continue, re-enter DFU, and retry
[Log] Please read the message below:
* Unplug and replug the device 2 times
* After doing this, continue by pressing Enter/Return
[Input] Press Enter/Return to continue (or press Ctrl+C to cancel)
[Log] Checking for device
ERROR: Unable to connect to device
[Error] Failed to enter pwnDFU mode. Please run the script again.

* Exit DFU mode first by holding the TOP and HOME buttons for about 10 seconds.                                                                                                                      
* Unfortunately, pwning may have low success rates for PCs with an AMD desktop CPU if you have one.                                                                                                  
* Also, success rates for A6 and A7 checkm8 are lower on Linux.                                                                                                                                      
* Pwning using an Intel PC or another Mac or iOS device may be better options.                                                                                                                       
* For more details, read the "Troubleshooting" wiki page in GitHub                                                                                                                                   
* Troubleshooting links:                                                                                                                                                                             
    - https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/Troubleshooting                                                                                                                                 
    - https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/Pwning-Using-Another-iOS-Device                                                                                                                 

* Save the terminal output now if needed. (macOS: Cmd+S, Linux: Ctrl+Shift+S)
* Legacy iOS Kit v24.10.07 (146a80e)
* Platform: linux (Kali GNU/Linux Rolling - x86_64) 

[LukeZGD]

There have been many issues about this already, Linux sucks at pwning checkm8 A6 and A7

Proceed here https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/Pwning-Using-Another-iOS-Device

[Adderly666]

Thanks for the fast respond. One question: Are the traceback errors i got "normal" for a failed pwnDFU mode?

[LukeZGD]

Yes