lmy86263
commented
4 years ago Describe the issue
I just wanted to downgrade my iPad to iOS 10.3.3, I tried at least 10 times, but always the same result:
Unable to restore device, errorcode=-11, Return code: 245. The iPad shows a green screen then an update screen with a progress bar and at this moment the command returns with errors and the iPad fallback in restore mode.Command
python3 vieux -i iPad_64bit_10.3.3_14G60_Restore.ipswOutput
Expand
Computer:
- Computer Model: Mac Book Air 2015
- MacOS Version: 10.15.2
- Python Version: 3.7.6
- Vieux Version: commit f2dc4f7
iOS Device:
- Device: iPad Air Wifi (iPad 4,1) running iOS 12.4.5
- Desired Version: iOS 10.3.3
I encountered the same error.
LiGang1204
注意:很多教程并未提及在降级过程中iPad设备的屏幕变化,在此处说明,iPad设备要提前进入DFU模式,然后就不需要操作了,在终端提示WARNING: Unable to find BbChipID node的时候,iPad会从DFU模式进入到恢复模式,并且此时爱思助手显示不能连接,这都是正常的,因为在刷机过程中,爱思助手怎么可能连接的上呢。有疑问可以回复我,很乐意为大家解答。
ghost
bartoo132
ChristianGaetcke
Describe the issue
I just wanted to downgrade my iPad to iOS 10.3.3, I tried at least 10 times, but always the same result:
Unable to restore device, errorcode=-11, Return code: 245. The iPad shows a green screen then an update screen with a progress bar and at this moment the command returns with errors and the iPad fallback in restore mode.Command
python3 vieux -i iPad_64bit_10.3.3_14G60_Restore.ipswOutput
Expand
Vieux - A tool for 32/64 Bit OTA downgrades Current version is: 1.0.1 If you are using a 64 Bit device then connect it in DFU Mode If you are using a 32 Bit device then just have it connected in NORMAL mode Files cleaned. iPad_64bit_10.3.3_14G60_Restore.ipsw is a zip archive! Starting IPSW unzipping Continuing... IPSW found at given path... Cleaning up old files... Files cleaned. Unzipping.. Found: CPID:8960 CPRV:11 CPFM:03 SCEP:01 BDID:10 ECID:0000070F8A946A30 IBFL:1C SRTG:[iBoot-1704.10] Device is now in pwned DFU Mode. (15.42 seconds) Exploit worked! *** SecureROM Signature check remover by Linus Henze *** Applying patches... Successfully applied patches Starting iBSS/iBEC patching Looks like you are downgrading an iPad Air to 10.3.3! Patched iBSS/iBEC About to re-build IPSW Entering PWNREC mode... Getting SHSH... Restoring... Note that errors about 'BbSkeyId', 'FDR Client', 'BasebandFirmware Node' and 'ERROR: zip_name_locate: Firmware/all_flash/manifest' are not important. Just ignore them and only report errors that actually stop the restore. Restoring without a baseband as your iPad4,1 doesn't have cellular capabilities... WARNING: Unable to find BbChipID node WARNING: Unable to find BbChipID node ERROR: Unable to receive message from FDR 0x7f8641c09db0 (-2). 0/2 bytes ERROR: Unable to send NORImageData data ERROR: Unable to send NOR data ERROR: Unable to successfully restore device Version: 81b98e0425e17250cc83d5badaf9a8cc6399f481 - 245 Libipatcher version: 3159a387584e352f690cca859e013c3a4683f3e8 - 69 Odysseus support: yes INFO: device serial number is DMPMRREZFK14 [INFO] 64-bit device detected futurerestore init done reading signing ticket resources/other/apnonce.shsh is done Found device iPad4,1 j71ap [TSSC] opening resources/manifests/BuildManifest_iPad4,1.plist [TSSR] User specified not to request a baseband ticket. Request URL set to https://gs.apple.com/TSS/controller?action=2 Sending TSS request attempt 1... response successfully received WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband! if you added this flag by mistake you can press CTRL-C now to cancel continuing restore in 10 9 8 7 6 5 4 3 2 1 Found device in Recovery mode Device already in Recovery mode Found device in Recovery mode Identified device as j71ap, iPad4,1 Extracting BuildManifest from iPSW Product version: 10.3.3 Product build: 14G60 Major: 14 Device supports IMG4: true Got ApNonce from device: be d9 5a 1b 77 27 42 46 fb ef 32 37 37 18 a4 f6 3e 35 19 57 checking APTicket to be valid for this restore... Verified ECID in APTicket matches device ECID checking APTicket to be valid for this restore... Verified ECID in APTicket matches device ECID [Error] im4m_buildidentity_check_cb: can't find any identity which matches all hashes inside IM4M [Error] getBuildIdentityForIM4M: found buildidentity, but can't read information [Error] BuildIdentity selected for restore doesn't match APTicket BuildIdentity selected for restore: BuildNumber : 14G60 BuildTrain : Greensburg DeviceClass : j71ap FDRSupport : NO RestoreBehavior : Erase Variant : Customer Erase Install (IPSW) BuildIdentiy valid for the APTicket: [Error] Verified APTicket to be valid for this restore Variant: Customer Erase Install (IPSW) This restore will erase your device data. Extracting filesystem from iPSW [= ] 0.0% ... [==================================================] 100.0% Extracting iBEC.ipad4.RELEASE.im4p... Personalizing IMG4 component iBEC... Sending iBEC (673810 bytes)... waiting for device to reconnect... Getting SepNonce in recovery mode... 8e 05 09 0c dd 4c 82 c2 f4 69 9c ee 3d 54 d1 f2 c4 84 71 f1 Getting ApNonce in recovery mode... be d9 5a 1b 77 27 42 46 fb ef 32 37 37 18 a4 f6 3e 35 19 57 [WARNING] Setting bgcolor to green! If you don't see a green screen, then your device didn't boot iBEC correctly Recovery Mode Environment: iBoot build-version=iBoot-3406.60.10 iBoot build-style=RELEASE Sending RestoreLogo... Extracting applelogo@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component RestoreLogo... Sending RestoreLogo (22710 bytes)... ramdisk-size=0x10000000 Extracting 058-74940-063.dmg... Personalizing IMG4 component RestoreRamDisk... Sending RestoreRamDisk (41591830 bytes)... Extracting DeviceTree.j71ap.im4p... Personalizing IMG4 component RestoreDeviceTree... Sending RestoreDeviceTree (101147 bytes)... Extracting kernelcache.release.ipad4... Personalizing IMG4 component RestoreKernelCache... Sending RestoreKernelCache (12259801 bytes)... Trying to fetch new signing tickets Request URL set to https://gs.apple.com/TSS/controller?action=2 Sending TSS request attempt 1... response successfully received Received signing tickets About to restore device... Waiting for device... Device 3a9675326339d04c63bf8981e87d123449b0e335 is now connected in restore mode... Connecting now... Connected to com.apple.mobile.restored, version 14 Device 3a9675326339d04c63bf8981e87d123449b0e335 has successfully entered restore mode Hardware Information: BoardID: 16 ChipID: 35168 UniqueChipID: 7763330886192 ProductionMode: true Previous restore exit status: 0x100 Starting FDR listener thread About to send NORData... Found firmware path Firmware/all_flash Getting firmware manifest from build identity Extracting LLB.ipad4.RELEASE.im4p... Personalizing IMG4 component LLB... Extracting applelogo@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component AppleLogo... Extracting batterycharging0@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component BatteryCharging0... Extracting batterycharging1@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component BatteryCharging1... Extracting batteryfull@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component BatteryFull... Extracting batterylow0@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component BatteryLow0... Extracting batterylow1@2x~ipad.s5l8960x.im4p... Personalizing IMG4 component BatteryLow1... Extracting glyphplugin@2x~ipad-lightning.s5l8960x.im4p... Personalizing IMG4 component BatteryPlugin... Extracting DeviceTree.j71ap.im4p... Personalizing IMG4 component DeviceTree... Extracting recoverymode@2x~ipad-lightning.s5l8960x.im4p... Personalizing IMG4 component RecoveryMode... Extracting iBoot.ipad4.RELEASE.im4p... Personalizing IMG4 component iBoot... Personalizing IMG4 component RestoreSEP... Personalizing IMG4 component SEP... Sending NORData now... [Error] ERROR: Unable to restore device Done: restoring failed. Failed with errorcode=-11 ERROR.. Return code: 245 Restore Failed. Please try again and report the error + full logs if it persists. Exiting...
Computer:
iOS Device: