Closed wqhqq1 closed 4 years ago
@MatthewPierson
and sometimes pyboot continue patching but i get ERROR: Unable to connect to device
i tried for many times, this is the log ./pyboot.py -q ~/Documents/iPad_64bit_TouchID_13.4_17E255_Restore.ipsw iPad5,1 -a Please enter the boot-args you want to use then press enter: -v PyBoot - A tool for tether booting Checkm8 vulnerable iOS devices by Matty, @mosk_i
Current version is: Beta 0.6 User chose to use a locally stored IPSW, running some checks... /Users/wqh/Documents/iPad_64bit_TouchID_13.4_17E255_Restore.ipsw is a zip archive! Starting IPSW unzipping IPSW found at given path... Cleaning up old files... Unzipping.. IPSW is for given device! iOS version is: 13.4 and device model is: iPad5,1 Checking theiphonewiki for 13.4 keys... Keys weren't found for your device, PyBoot will place your device into PWNDFU mode and retrieve the needed keys...
Please ensure your device is connected in DFU mode... Device already in PWNDFU mode, not re-running exploit.. Found multiple device models... Which is your device?
1: j96ap 2: j81ap
Enter 1 or 2: 1 Device set to j96ap Getting SHSH for signing images Moving iBSS/iBEC...
Device needs to be rebooted in order to continue, please re-enter DFU mode and then press enter to continue... If you do not reboot the device into DFU mode, PyBoot will fail to send the needed boot components Waiting for user to press enter...
Fuck this Largest file is 048-64500-319.dmg, getting correct trustcache... Patching Kernel's type from krnl to rkrn Patching TrustCache's type from trst to rtsc Patching Devicetree's type from dtre to rdtr Signing boot files Exploiting device with checkm8 Waiting for the USB device with VID: 0x5AC, PID: 0x1227, SRTG: iBoot-1992.0.0.1.19 Found the USB device. Stage: RESET, ret: 0x0 Found the USB device. transfer_ret: 0xE00002EB, transfer_sz: 0x0 Stage: SETUP, ret: 0x0 Found the USB device. Stage: PATCH, ret: 0x5 Found the USB device. Found the USB device. Stage: RESET, ret: 0x0 Found the USB device. Found the USB device. transfer_ret: 0xE00002EB, transfer_sz: 0x0 Stage: SETUP, ret: 0x0 Found the USB device. Stage: PATCH, ret: 0x0
Eclipsa doesn't allow me to see if the exploit worked or not =( Just have to assume it did, if it didn't then reboot into DFU mode and re-run PyBoot Sending boot files to the device and booting [==================================================] 100.0% [==================================================] 100.0% ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device Device should be booting! ERROR: Unable to connect to device wqh@wqhdeMacBook-Pro ~/D/PyBoot (master)> ERROR: Unable to connect to device ERROR: Unable to connect to device wqh@wqhdeMacBook-Pro ~/D/PyBoot (master)>
That last error was caused by test code that was accidentally left in, have removed it in the latest commit. Please download the update and try again
now device boot up, but in -v i see "still waiting for root device"
Does the device boot or does it get stuck there? Also, if you just want verbose boot, you don't need to and the '-a' flag and manually add -v, PyBoot will use -v as a boot-arg by default
i can only see logo and log but system stuck with "still waiting for root divice",i can not enter ios
i tried for three times, still shows me "still waiting for root device"and do not boot up just stuck there (maybe should another works on ipad mini 4?) @MatthewPierson
now the problem solved, when i using my ipad to use pyboot , i must do some work on buildmanifest.plist,and ibss ibec's name then device boot up
I tried to run eclipsa7000 in bin folder and it returned three state