Linux VM couldn't find the emulated device

[raspiduino]

I followed the instructions in the wiki, build QEMU from this repo, launch a Linux VM using it (I use Slax). I also generated root_ticket.der and put it in both host Linux and guess Linux VM, start the Linux VM then start the iOS VM.

The iOS VM boot to the line waiting for host to trigger start of restore [timeout of 120 seconds]

But Linux VM can't find the device, although it found something using lsusb:

/tmp/usbqemu is available in the host:

When the iOS VM run out of time and reboot, it shows something like RTBuddy(SMC): WARNING: failed to send ping.

Any ideas? Thanks!

[TrungNguyen1909]

are you using the correct qemu for the Linux VM? You have to use the one built from qemu-t8030 though

[raspiduino]

Yes I use x86_64-softmmu target from qemu-t8030.

Anyway I found the problem. It's in the Slax OS itself. Switching to another OS (Arch for example) and it will work.

Thanks!

[raspiduino]

Wait, I now switched to Debian VM. But now there is another error :((

(on the left is the iOS VM's serial output, on the right is Linux VM's terminal)

From idevicerestore, it said that ERROR: Unable to discover device type.

I also hashed the root_ticket.der that passed into QEMU and the one in the Linux VM and they are the same (just to check if I copied the wrong version).

What should I do now?

Thanks!

[TrungNguyen1909]

Does this happen to idevicerestore commit 17c80a650f963be7842ef15d83e93286a0129f7a ?

[raspiduino]

No, I use ddc0c16fd876d45ebd92e924c3124772c3a40654 (latest now at the writting time).

[TrungNguyen1909]

Ehhh, I don't think you applied the patch correctly

[raspiduino]

So how to apply the patch correctly? And if possible could you build idevicerestore (and its dependencies), then copy these built folders and put them here? Thanks!

Edit: I just need a workable NAND image of iOS so that I can boot it in QEMU, but it seems that distributing that image is not legal.

[TrungNguyen1909]

diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index b0572ca..b0b6a9e 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -1033,6 +1033,11 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
        }

        idevicerestore_progress(client, RESTORE_STEP_PREPARE, 0.2);
+       if (client->mode == MODE_RESTORE) {
+               if (client->flags & FLAG_ALLOW_RESTORE_MODE) {
+                       tss_enabled = 0;
+               }
+       }

        /* retrieve shsh blobs if required */
        if (tss_enabled) {
diff --git a/src/restore.c b/src/restore.c
index 257cc38..862bb75 100644
--- a/src/restore.c
+++ b/src/restore.c
@@ -302,6 +302,15 @@ irecv_device_t restore_get_irecv_device(struct idevicerestore_client_t* client)
        }

        plist_get_string_val(node, &model);
+       fprintf(stderr, "%s: Found model %s\n", __func__, model);
+
+       /* HACK: Replace DEV devices with AP equivalent devices
+        * So that it can enjoy FDR-less restore
+        */
+       if (strstr(model, "DEV")) {
+               strncpy(strstr(model, "DEV"), "AP\0", 3);
+       }
+
        irecv_devices_get_device_by_hardware_model(model, &irecv_device);
        free(model);

Can you try this diff?

[raspiduino]

Well let me try that and I will report the result later :) Thanks!

[raspiduino]

It worked. I need to checkout the commit 17c80a650f963be7842ef15d83e93286a0129f7a from idevicerestore. I will close this issue, close the pull request in your qemu-t8030-tools repo but I think you should edit the wiki to tell people they should patch idevicerestore from the commit 17c80a650f963be7842ef15d83e93286a0129f7a and build from it.

Good to see it worked! Thanks for helping me!

UPDATE: restore completed slow but worth trying :))

[raspiduino]

My fault, I use qcow2 disk format instead of raw :)