SAD1992 / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

Repeated nand_dump, differing SHA1 hashes (iPhone3,1 8GB) #129

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Boot ramdisk with nand-disable=1
2. Run 1st nand_dump, record SHA1
3. Run 2nd nand_dump, record SHA1

I expect SHA1 hashes to match, they do not.

What version of the product are you using? On what operating system?
OS X version : 10.7.5
XCode version : 4.4.1
Tools revision : 9253cb99a012

I am doing some experiments on some iPhone4 devices and have run into this 
issue.  On two separate iPhone4 devices (both 3,1 8GB versions), one running 
the OS it came with (5.0) and another running up-to-date iOS (7.0.4).  
Initially, their flash chip ID (0x7a94d7ec) was not recognized by 
iphone-dataprotection, but I modified python_scripts/nand/structs.py to include 
the same data as openiboot has for this chip.  In both cases, the nand_dumps 
come back with differing SHA1 results.  On both devices I'm getting around 8% 
of pages showing unrecoverable ECC errors according to the device.  Maybe that 
is what is causing the issue?  I've tried everything I can think of and I'm at 
a loss on this one.

Here is the initial output of ios_examiner for the iOS5 device.  The iOS7 
device looks very similar, just running iOS7 of course.

Connecting to device : 
Device model: iPhone 4 GSM
UDID: 
ECID: 
Serial number: 
key835: e2ff1570d9013aabc161ee1aceaed013
key89B: b513be130b88918a862bd647afababe6
Chip id 0x7a94d7ec banks per CE physical 1
NAND geometry : 8GB (2 CEs (1 physical banks/CE) of 4152 blocks of 128 pages of 
8192 bytes data, 12 bytes metdata)
Searching for special pages...
Found DEVICEUNIQUEINFO, NANDDRIVERSIGN, DEVICEINFOBBT special pages in CE 0
NAND signature 0x43313131 flags 0x10006 withening=1, epoch=1
Effaceable generation 29
Effaceable CRC OK
Found effaceable lockers in ce 0 block 1 page 96
Lockers : BAG1, DONE, Dkey, LwVM
Found DEVICEUNIQUEINFO, serial number=
Using VSVFL
VSVFL context open OK
YaFTL context OK, version=CX01 maxIndexUsn=677 context usn=677
LwVM header CRC OK
cprotect version : 4 (iOS 5)
iOS version:  5.0
Keybag state: locked

Original issue reported on code.google.com by jimmyvlu...@gmail.com on 21 Feb 2014 at 10:16

GoogleCodeExporter commented 8 years ago
just merged the two issues

Original comment by jean.sig...@gmail.com on 23 Feb 2014 at 10:55