[Bug] iOS 10.3.3 - ERROR: Failed to patch iBSS (Kairos returned with: -1) (iPhone 7 128 GB - iOS 14.4.1)

[kushwavez]

Describe the bug Trying to restore iOS 10.3.3 to iPhone 7 (running iOS 14.4.1), but this error always occurring: ERROR: Failed to patch iBSS (Kairos returned with: -1)

To Reproduce Steps to reproduce the behavior:

1. iOS 14.4.1 jailbroken with checkra1n, Divisé downloaded, selected Tethered boot, downloaded iOS 10.3.3 inside Divisé, waiting for it to complete.
2. Restarted the phone to DFU mode
3. Opened Ramiel, selected "Boot device", "Select IPSW", selected iOS 10.3.3 ipsw
4. After "Warning: Ramiel needs to dump your devices SHSH to boot iOS 10.3.3" error appeared "Failed to patch iBSS (Kairos returned with: -1)"
5. Device bootlooping

Expected behavior No errors, Boot iOS 10.3.3

Screenshots

Desktop (please complete the following information):

• macOS Version: Big Sur 11.2.3
• Machine Model: X1 Carbon 6th (Hackintosh)

iOS/iPadOS Device(please complete the following information):

• Model: iPhone9,3 (iOS 14.4.1)
• iOS Version Being Booted: iOS 10.3.3
• Dualbooted: N

Additional context Log:

Device Information:

Model: d101ap
iOS Version: (null)
Bootargs: "-v"

Other Error Information:

Kairos returned with: -1
Failed to patch iBSS

Detailed Error Log:

N/A

[kushwavez]

same error code with iOS 13.5 too

[MatthewPierson]

First and foremost, iOS 14.4.1's SEP isn't compatible with iOS 10.3.3, so even if Ramiel succeeded in booting your device it would panic before booting into iOS fully.

Secondly, can you try running Ramiel via the terminal /Applications/Ramiel.app/Contents/MacOS/Ramiel And then show me the full output that it provides there?

[kushwavez]

First and foremost, iOS 14.4.1's SEP isn't compatible with iOS 10.3.3, so even if Ramiel succeeded in booting your device it would panic before booting into iOS fully.

Thanks, understandable. didn't look it up first. Now I only trying with iOS 13.5

Secondly, can you try running Ramiel via the terminal /Applications/Ramiel.app/Contents/MacOS/Ramiel And then show me the full output that it provides there?

got "Permission denied": /bin/bash: /usr/local/bin/img4tool: Permission denied

Fixed that by chmod +x /usr/local/bin/img4tool

Now the app just crashed with a panic right after clicking the SHSH dump warning msg :

2021-03-14 21:53:41.908 Ramiel[1963:131137] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'NSWindow drag regions should only be invalidated on the Main Thread!'
*** First throw call stack:
(
    0   CoreFoundation                      0x00007fff207486af __exceptionPreprocess + 242
    1   libobjc.A.dylib                     0x00007fff204803c9 objc_exception_throw + 48
    2   CoreFoundation                      0x00007fff20770a9a -[NSException raise] + 9
    3   AppKit                              0x00007fff22f17460 -[NSWindow(NSWindow_Theme) _postWindowNeedsToResetDragMarginsUnlessPostingDisabled] + 321
    4   AppKit                              0x00007fff22f02121 -[NSWindow _initContent:styleMask:backing:defer:contentView:] + 1375
    5   AppKit                              0x00007fff230c4377 -[NSPanel _initContent:styleMask:backing:defer:contentView:] + 50
    6   AppKit                              0x00007fff22f01bbb -[NSWindow initWithContentRect:styleMask:backing:defer:] + 42
    7   AppKit                              0x00007fff230c432c -[NSPanel initWithContentRect:styleMask:backing:defer:] + 64
    8   AppKit                              0x00007fff22effcd4 -[NSWindowTemplate nibInstantiate] + 393
    9   AppKit                              0x00007fff22ecbaf5 -[NSIBObjectData instantiateObject:] + 238
    10  AppKit                              0x00007fff22ecb254 -[NSIBObjectData nibInstantiateWithOwner:options:topLevelObjects:] + 484
    11  AppKit                              0x00007fff22ebfca8 loadNib + 392
    12  AppKit                              0x00007fff22ebf2b0 +[NSBundle(NSNibLoading) _loadNibFile:nameTable:options:withZone:ownerBundle:] + 693
    13  AppKit                              0x00007fff22ebef06 -[NSBundle(NSNibLoading) loadNibNamed:owner:topLevelObjects:] + 201
    14  AppKit                              0x00007fff232526fe -[NSAlert init] + 137
    15  Ramiel                              0x000000010f557aa3 Ramiel + 322211
    16  Ramiel                              0x000000010f5477b0 Ramiel + 255920
    17  libdispatch.dylib                   0x00007fff2042a5dd _dispatch_call_block_and_release + 12
    18  libdispatch.dylib                   0x00007fff2042b7c7 _dispatch_client_callout + 8
    19  libdispatch.dylib                   0x00007fff2043a9b5 _dispatch_root_queue_drain + 676
    20  libdispatch.dylib                   0x00007fff2043afb8 _dispatch_worker_thread2 + 92
    21  libsystem_pthread.dylib             0x00007fff205d3453 _pthread_wqthread + 244
    22  libsystem_pthread.dylib             0x00007fff205d2467 start_wqthread + 15
)
libc++abi.dylib: terminating with uncaught exception of type NSException
zsh: abort      /Applications/Ramiel.app/Contents/MacOS/Ramiel

[kushwavez]

Just tried on macOS Mojave too, the exploit doesn't even work unfortunately.

Device Information:

Model: d101ap
iOS Version: (null)
Bootargs: "-v"

Other Error Information:

Please reboot device and re-enter DFU mode.
Failed to exploit device

Detailed Error Log:

===================================================================
              Fugu Copyright (C) 2019/2020 Linus Henze             
                 https://github.com/LinusHenze/Fugu                

   This is free software, and you are welcome to redistribute it   
under certain conditions; See the LICENSE file for more information

           If you paid for this software, you got scammed          
===================================================================

Connecting to iDevice[?25l[?25h
Connecting to iDevice: Done!
Device is not in pwned DFU. Exploiting now.

Exploiting iDevice[?25l
Exploiting iDevice: Leaking memory
Exploiting iDevice: Triggering UaF
Exploiting iDevice: Leaking memory again
Exploiting iDevice: Sending stage 1
Exploiting iDevice: FAILED!
Exploit failed! Did not enter pwned DFU!
[?25h

Failing every time

[kushwavez]

I could workaround that by pwning the phone on the Big Sur device, then connect back to the Mojave.

After that, Ramiel started it's thing. After SHSH warning, spam started: No such file or directory /usr/local/bin/ldid2 Workaround by downloading ldid2 from xerub/ldid

Then tried again

No such file or directory /usr/local/bin/gtar Again, workaround that by brew install gnu-tar

After that everything went without error, but when Ramiel said "Showing boot picture", it did not showed the boot picture, and when it said "Booting..." It did not boot. At the second SHSH Dump it failed.

Then Ramiel said "Finished!", but the device did not boot unfortunately. Tried twice, will try tomorrow too.

About Big Sur: It's maybe my bad, I think I have some old jailbreak tools installed so maybe that's why it's crashing. Could you please tell me all the dependencies located in /usr/local/bin ? I'll delete them, and let Ramiel download them all.

[kushwavez]

Okay, I did a fresh install and now everything went okay, your boot logo appeared, but Ramiel failed at second SHSH dump, said "Booted device successfully!", but the device not booted. It hangs with a blank screen. Here is a full log with debug enabled: ramiel_ios-13.5-log.txt

[MatthewPierson]

Do you have python3 installed? Ramiel is trying to call python3 to dump shsh but its coming up with /usr/local/bin/python3: No such file or directory

[kushwavez]

Thanks. So I installed python3, but also saw some errors related to ldid2 (no such file or directory) so I needed to install that too. It would be nice improvements to Ramiel to check if they're installed too or not.

I also saw error "No module named paramiko" so I installed it with pip3.

Now finally the Apple boot logo appeared with a progress bar, but it still cannot boot, it restart itself eventually, going to bootloop.

It is always failing at the second SHSH dump.

Checked Apply AMFI patches

Here is the new log: Mentett Terminal kimenet.txt

[kushwavez]

With Ramiel v 1.0.3 it actually went without any error and started to boot, but the device hangs with apfs_mount failure errors looping.

apfs_mount failed, err: 75
hfs_ValidateHFSPlusVolumeHeader : Unknown Volume Signature: 0
hfs_mountfs returned error=22
mount(x)

Similar to what I mentioned in this issue: https://github.com/MatthewPierson/Divise/issues/25 (1st post)

AMFI patch selected, same without it

EDIT: nothing suspicious in log