Open pwnee opened 2 years ago
Try removing ,ticket-filename=root_ticket.der
from your qemu command.
I'm still having same msg, after removing , ,ticket-filename=root_ticket.der
./qemu-t8030/build/qemu-system-aarch64 -s -M t8030,trustcache-filename=Firmware/038-44135-124.dmg.trustcache \
> -kernel kernelcache.research.iphone12b \
> -dtb Firmware/all_flash/DeviceTree.n104ap.im4p \
> -append "debug=0x14e kextlog=0xffff serial=3 -v wdt=-1" \
> -initrd 038-44135-124.dmg \
> -cpu max -smp 4 \
> -m 4G -serial mon:stdio \
> -drive file=nvme.1,format=raw,if=none,id=drive.1 \
> -device nvme-ns,drive=drive.1,bus=nvme-bus.0,nsid=1,nstype=1,logical_block_size=4096,physical_block_size=4096 \
> -drive file=nvme.2,format=raw,if=none,id=drive.2 \
> -device nvme-ns,drive=drive.2,bus=nvme-bus.0,nsid=2,nstype=2,logical_block_size=4096,physical_block_size=4096 \
> -drive file=nvme.3,format=raw,if=none,id=drive.3 \
> -device nvme-ns,drive=drive.3,bus=nvme-bus.0,nsid=3,nstype=3,logical_block_size=4096,physical_block_size=4096 \
> -drive file=nvme.4,format=raw,if=none,id=drive.4 \
> -device nvme-ns,drive=drive.4,bus=nvme-bus.0,nsid=4,nstype=4,logical_block_size=4096,physical_block_size=4096 \
> -drive file=nvram,if=none,format=raw,id=nvram \
> -device apple-nvram,drive=nvram,bus=nvme-bus.0,nsid=5,nstype=5,id=nvram,logical_block_size=4096,physical_block_size=4096 \
> -drive file=nvme.6,format=raw,if=none,id=drive.6 \
> -device nvme-ns,drive=drive.6,bus=nvme-bus.0,nsid=6,nstype=6,logical_block_size=4096,physical_block_size=4096 \
> -drive file=nvme.7,format=raw,if=none,id=drive.7 \
> -device nvme-ns,drive=drive.7,bus=nvme-bus.0,nsid=7,nstype=8,logical_block_size=4096,physical_block_size=4096 \
> -snapshot \
> -monitor telnet:127.0.0.1:1235,server,nowait \
>
Loading iOS 14.0...
kernel_low: 0xfffffff004000000
kernel_high: 0xfffffff00a4cd4f0
KPF: found apfs_vfsop_mount
KPF: found handle_eval_rootauth
KPF: Found AMFI hashtype check
kpf_amfi_callback: Found AMFI (Leaf)
kpf_amfi_callback: Found lookup_in_trust_cache_module @ 0xfffffff007b5d71c
KPF: Found mac_mount
KPF: Found mac_mount
kpf_amfi_callback: Found AMFI (Routine)
kpf_amfi_callback: Found lookup_in_static_trust_cache @ 0xfffffff0097edcb8
qemu-system-aarch64: Missing patch: trustcache16
KPF: Found AppleKeyStoreUserClient::handleUserClientCommandGated
Qemu FB realize
boot_mode: 0
auto-boot=false
g_virt_base: 0xfffffff01a000000
g_phys_base: 0x0000000802000000
slide_virt: 0x0000000016df0000
slide_phys: 0x0000000000df0000
entry: 0x0000000806f104e8
cmdline: [-restore rd=md0 nand-enable-reformat=1 -progress debug=0x14e kextlog=0xffff serial=3 -v wdt=-1]
iBoot version: qemu-t8030
Darwin Image4 Validator Version 3.0.0: Wed Aug 12 22:19:21 PDT 2020; root:AppleImage4-106.0.4.0.1~129/AppleImage4/RELEASE_ARM64E
AMFI is running in RESEARCH mode!
AUC:[0xffffffe19bc48220]::init(0xffffffe19bc82238)
AUC:[0xffffffe19bc48220]::probe(0xffffffe19ba121c0, 0xffffffe8081ebdac)
AppleCredentialManager: init: called, instance = <ptr>.
ACMFirstResponderKernelService: init: called, .
ACMRM-S: init: called, starting PersistentStore service.
ACMRM-C: init: called, starting AccessoryCache service.
ACMKernelService: initValueFromBootArgAliasesUInt32: acc-cache size = 16 (default).
ACMKernelService: initValueFromBootArgAliasesUInt32: acc-cache expiration = 2592000 (default).
ACMRM: init: called, starting TRM service.
ACMRM-A: init: called, starting TRM Analytics service.
ACMKernelService: initValueFromBootArgAliasesUInt32: analytics collection period = 86400 (default).
ACMKernelService: initValueFromBootArgAliasesUInt32: policy mode timeout = 259200 (default).
ACMRM-A: notifyStandardModeTimeoutChanged: called, value = 259200 (modified = YES).
ACMKernelService: initValueFromBootArgAliasesUInt32: (bounded) grace period timeout = 3600 (default).
ACMRM-A: notifyGracePeriodTimeoutChanged: called, value = 3600 (modified = YES).
ACMKernelService: initValueFromBootArgAliasesUInt32: enabled = 1 (default).
ACMRM: _disableBy: [TRM ENABLED=YES] (mask=0, DISABLED BY: Def=NO* BtArg=NO LegHW=NO OSEnv=NO | MngCo=NO DwnOS=NO ChkBd=NO coGSw=NO).
ACMRM: _disableBy: [TRM ENABLED=YES] (mask=0, DISABLED BY: Def=NO BtArg=NO* LegHW=NO OSEnv=NO | MngCo=NO DwnOS=NO ChkBd=NO coGSw=NO).
ACMRM: _loadDisabledByOSEnvironment: disabled by OSEnvironment: NO.
ACMRM: _disableBy: [TRM ENABLED=YES] (mask=0, DISABLED BY: Def=NO BtArg=NO LegHW=NO OSEnv=NO* | MngCo=NO DwnOS=NO ChkBd=NO coGSw=NO).
ACMRM: _mapAndPublishTRM: set TRM_PolicyTimeout = 259200.
ACMRM: _mapAndPublishTRM: sending kIOMessageServicePropertyChange(n=1) while DISABLED, TRM: 259200 -/ff 4294967295 -/ff miss=ff (CUR: 259200 -/ff 4294967295 -/ff).
AppleCredentialManager: init: returning, result = true, instance = <ptr>.
AppleARMBootPerf: Error: profile region not found (2)
AppleARMBootPerf: Error: failed to publish profile data (2)
virtual bool CoreAnalyticsHub::start(IOService *)::105:CoreAnalyticsHub start
AppleSSE::start called
AppleSSE::start returning, result = 1
AUC:[0xffffffe19bc48220]::start(0xffffffe19ba121c0)
AppleSEPKeyStore:321:0: starting (BUILT: Aug 12 2020 22:51:30)
AppleSEPKeyStore:545:0: _sep_enabled = 1
AppleCredentialManager: start: called, instance = <ptr>.
ACMRM: _publishIOResource: AppleUSBRestrictedModeTimeout = 259200.
AppleCredentialManager: start: initializing power management, instance = <ptr>.
AppleCredentialManager: start: started, instance = <ptr>.
AppleCredentialManager: start: returning, result = true, instance = <ptr>.
virtual bool AppleARMLightEmUp::start(IOService *): starting...
AppleS5L8940XI2CController::start: smc-i2c0 this: <ptr> _i2cBaseAddress: <ptr>
AppleS5L8940XI2CController::start: smc-i2c1 this: <ptr> _i2cBaseAddress: <ptr>
AppleS5L8940XI2CController::start: i2c0 this: <ptr> _i2cBaseAddress: <ptr>
AppleGPIOICController::start: this: <ptr>, _gpioicBaseAddress: <ptr>
AppleS5L8940XI2CController::start: i2c2 this: <ptr> _i2cBaseAddress: <ptr>
AppleS5L8940XI2CController::start: i2c3 this: <ptr> _i2cBaseAddress: <ptr>
AppleS5L8940XI2CController::start: i2c1 this: <ptr> _i2cBaseAddress: <ptr>
000002.452808 AppleT8030TypeCPhy@0: AppleT8027TypeCPhy::start: usb3-phy-parent not specified
AppleGPIOICController::start: this: <ptr>, _gpioicBaseAddress: <ptr>
AppleInterruptController::start: Num Shared Timestamps == 0
AppleS8000AES::start: registers at phys:0x0x235008000/0x0x23d2d0000 virt:0x<ptr>/0x0x4000 / 0x<ptr>/0x0x4000
AppleGPIOICController::start: this: <ptr>, _gpioicBaseAddress: <ptr>
000002.753711 wlan0.A[1] start@968:Default options property found with value 4
Creating an object of AppleBCMWLANPlatformFunctionEmbeddedAMFM class
000002.779103 wlan0.A[2] start@1401: Raised adjustBusy(+1), getBusyState() -> 2
000002.779476 wlan0.A[3] start@1403:Setting up notifier for CoreAnalyticsHub
Identified Serial Port uart0 at 0x235200000(<ptr>)
AppleA7IOPNub: withRegistryEntry, 47: allocated nub <ptr>
Identified Serial Port uart7 at 0x23521c000(<ptr>)
AppleA7IOPNub: withRegistryEntry, 47: allocated nub <ptr>
RTBuddy(ANS2): start(<ptr>) - (Aug 12 2020@22:50:37)
RTBuddy(ANS2): Boot args override: wdt = -1
RTBuddy(SMC): start(<ptr>) - (Aug 12 2020@22:50:37)
RTBuddy(SMC): Boot args override: wdt = -1
LPM state clear
RTBuddy(ANS2): Resuming...
RTBuddy(SMC): Resuming...
AppleA7IOPNub: withRegistryEntry, 47: allocated nub <ptr>
virtual IOService *AppleANS2NVMeController::probe(IOService *, SInt32 *)::194:Found (ANS2) provider, returning score 100000
Starting AppleSMC kext(<ptr>) - (Aug 12 2020@22:51:44)
RTBuddy(SIO): start(<ptr>) - (Aug 12 2020@22:50:37)
void AppleEmbeddedNVMeController::GetRestoreEnvironment()::444:Restore Environment!
AppleSMCEmbedded::setPowerState(): ENTER powerStateOrdinal=1, _activeKeyCommand=17 newState=1
LPM: Log data is NOT valid. 0x0 0x0
RTBuddy(SIO): Boot args override: wdt = -1
AppleDialogSPMIPMU::start: Primary PMU detected
AppleARMRTC started!#####
AppleDialogSPMIPMURTC started!******
Failed to read info-leg_scrpadRTBuddy(SIO): Resuming...
virtual bool AppleANS2NVMeController::start(IOService *)::394:Found the ANS2Endpoint1
AppleDialogSPMIPMURTC tick read!&&&&&&&
AppleDialogSPMIPMURTC ending!%%%
void AppleEmbeddedNVMeController::GetRestoreEnvironment()::444:Restore Environment!
bool AppleEmbeddedNVMeController::SetNamespacesStruct()::186:Obtained 7 namespaces from DT
AppleARMRTC registering service!@@@@@@
virtual IOFilterInterruptEventSource *AppleANS2NVMeController::CreateDeviceInterrupt(IOInterruptEventSource::Action, IOFilterInterruptEventSource::Filter, IOService *)::2719:ANS2 NVMe interrupt index - 0x4
AppleARMRTC service registered!$$$$$
AppleARMRTC publishing service!^^^^^^
AppleSmartIO (RTBuddy-based)::start (<ptr>) - (Aug 12 2020@22:19:30)
/Library/Caches/com.apple.xbs/Sources/AppleSMC/AppleSMC-589.0.5/AppleSMCEmbeddedCharger/AppleSMCCharger.cpp:408 _setPowerStateGated() ENTER powerStateOrdinal=1, _powerState=1
Identified Serial Port uart4 at 0x235210000(<ptr>)
apfs_module_start:2411: load: com.apple.filesystems.apfs, v1677.0.5, apfs-1677.0.5, 2020/08/12
com.apple.AppleFSCompressionTypeZlib kmod start
apfs_sysctl_register:1253: done registering sysctls.
com.apple.AppleFSCompressionTypeZlib load succeeded
L2TP domain init
L2TP domain init complete
Load request for com.apple.nke.pptp failed: -603946998
BSD root: md0, major 3, minor 0
apfs_vfsop_mountroot:2188: apfs: mountroot called!
virtual IOReturn IONVMeController::CreateSubmissionQueue(uint16_t, uint8_t)::2886:SQ index=0 entrysize=64
virtual IOReturn IONVMeController::CreateSubmissionQueue(uint16_t, uint8_t)::2886:SQ index=1 entrysize=128
apfs_vfsop_mount:1745: unable to root from devvp <ptr> (root_device): 2
apfs_vfsop_mountroot:2192: apfs: mountroot failed, error: 2
ANS2: MMIO write to unknown vendor register, offset=0x1210 value=0x240024, returning
ANS2: MMIO write to unknown vendor register, offset=0x24004 value=0x1000, returning
ANS2: MMIO write to unknown vendor register, offset=0x24008 value=0x0, returning
ANS2: MMIO write to unknown vvirtual void AppleANS2NVMeController::SetModeselRegister(uint32_t)::1186:Setting modesel to 4
ANS2: MMIO write to unknown vendor register, offset=0x1304 value=0x4, returning
000003.297201 AppleT8027USBXDCI@: AppleUSBXDCIARM::start: _dock is NULL, defaulting to device mode
000003.306623 AppleT8027USBXDCI@: IOUSBDeviceController::prepareDefaults: model iPhone version 12.1
hfs: mounted AzulSeed18A5351d.arm64eCustomerRamDisk on device b(3, 0)
000003.321268 usb-drd-port-hs@00100000: AppleUSB20XHCITypeCPort::start: _dock is NULL, defaulting to device mode
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::1964:nvme: Vendor ID : 0x1b36
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::1965:nvme: Model Number : QEMU NVMe Ctrl
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::1966:nvme: Serial Number : QEMUT8030ANS
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::1967:nvme: Firmware Rev : 1.0
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::2000:nvme: S3E A0 Invalid 1x slc 1D 0 plane 128GB 000003.479871 usb-drd-port-hs@00100000: AppleUSB20XHCITypeCPort::cableChangeOccurred: cable detect disabled: transport type 2 connect type 2 restricted mode 0
NAND
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::2009:ECCVersion : 0
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::2010:FTL Rev : 0.0
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::2011:DM_Version : 0
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::2012:=======================
bool AppleEmbeddedNVMeController::IdentifyNamespaces()::2019:Found 16 namespaces in current NAND
000003.483070 usb-drd-port-hs@00100000: AppleUSB20XHCITypeCPort::cableChangeOccurred: no action for transport type 2 connect type 2 restricted mode 0
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[1] as nstype[1]
000003.484378 usb-drd-port-hs@00100000: AppleUSBHostPort::fullDisconnect:
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[2] as nstype[2]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[3] as nstype[3]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[4] as nstype[4]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[5] as nstype[5]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[6] as nstype[6]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[7] as nstype[8]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[8] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[9] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[10] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[11] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[12] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[13] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[14] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[15] as nstype[0]
bool AppleEmbeddedNVMeController::DetermineNamespaces()::2435:Identified nsid[16] as nstype[0]
bool AppleEmbeddedNVMeController::SetSwapWriteLimit(uint32_t)::2192: Swap limit set to 2147483648bytes, 2GB
virtual bool AppleEmbeddedNVMeController::InitializeController()::507:FW update not complete, create dummy block device
uint32_t AppleEmbeddedNVMeNVRAM::GetNVRAMSize()::745:NVRAM size is 8192 bytes
virtual bool AppleEmbeddedNVMeController::AllocateNodes(bool)::1578:allocateAll 1
virtual bool AppleEmbeddedNVMeController::StartController()::1547:Setting NAND status to Ready
dyld: setting comm page to 0x0
ERR: AppleStockholmControl::start:334 failed waiting for AppleStockholmSPMI
Sat Oct 22 09:20:21 2022 com.apple.xpc.launchd[1] <Notice>: hello
Darwin Bootstrapper Version 7.0.0: Mon Aug 10 04:09:14 PDT 2020; root:libxpc_executables-2038.0.13~13/launchd/RELEASE_ARM64E
boot-args = -restore rd=md0 nand-enable-reformat=1 -progress debug=0x14e kextlog=0xffff serial=3 -v wdt=-1
Sat Oct 22 09:20:21 2022 com.apple.xpc.launchd[1] <Notice>: Restore environment starting.
Sat Oct 22 09:20:21 2022 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Notice>: entering ondemand mode
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: fsck
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: mount-phase-1
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: data-protection
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: finish-obliteration
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Doing boot task: commit-boot-mode
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: boot-mode committed: (null)
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Doing boot task: restore-datapartition
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: restore-datapartition: optional boot task not present
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: mount-phase-2
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Doing boot task: init-with-data-volume
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: MSUEarlyBootTask
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: fips
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: keybag
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: usermanagerd
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: init_featureflags
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: fud
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: tzinit
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: finish-restore
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: finish-demo-restore
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: sysstatuscheck
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: prng_seedctl
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Error>: Unable to open /System/Library/xpc/launchd.plist [2:No such file or directory]
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Skipping boot-task: launchd_cache_loader
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Error>: No MRM cache found
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Warning>: Unable to load cache
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: launchd UUID: 4C2464F5-9F87-31DE-B252-584E3391D4FA
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] <Notice>: Early boot complete. Continuing system boot.
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Notice>: entering bootstrap mode
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.KeyMaker) <Warning>: Unknown key for Boolean: EnablePressureExit
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.KeyMaker (lint): Unable to find persona with type 6: kpersona_find returned -1
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.PurpleReverseProxy.ramdisk (lint): Unable to find persona with type 6: kpersona_find returned -1
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.diskimagesiod.ram (lint): Unable to find persona with type 6: kpersona_find returned -1
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: com.apple.restored_external (lint): Unable to find persona with type 6: kpersona_find returned -1
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Failed to bootstrap path: path = /System/Library/NanoLaunchDaemonsAltAccount, error = 2: No such file or directory
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Failed to bootstrap path: path = /System/Library/NanoLaunchDaemons, error = 2: No such file or directory
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Error>: Failed to bootstrap path: path = /AppleInternal/Library/LaunchDaemons, error = 2: No such file or directory
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Notice>: exiting bootstrap mode
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system) <Notice>: exiting ondemand mode
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.KeyMaker.3) <Warning>: Could not find and/or execute program specified by service: 2: No such file or directory: /usr/local/bin/KeyMaker
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.KeyMaker.3) <Notice>: Service setup event to handle failure and will not launch until it fires.
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.KeyMaker.3) <Error>: Missing executable detected. Job: 'com.apple.KeyMaker' Executable: '/usr/local/bin/KeyMaker'
Sat Oct 22 09:20:21 2022 localhost com.apple.xpc.launchd[1] (com.apple.KeyMaker.3) <Warning>: Service exited with abnormal code: 78
objc[4]: Class AMSupportURLConnectionDelegate is implemented in both ?? (0x101928000) and ?? (0x102338028). One of the two will be used. Which one is undefined.
objc[4]: Class AMSupportURLSession is implemented in both ?? (0x101928050) and ?? (0x102338078). One of the two will be used. Which one is undefined.
[09:20:24.0238-GMT]{1>4} CHECKPOINT ANOMALY: [check_collection]auto-boot(does_not_exist)
[09:20:24.0254-GMT]{1>4} CHECKPOINT PROGRESS: START (unknown) -> (initial_monitor_no_return)
[09:20:24.0254-GMT]{1>4} CHECKPOINT NOTICE: NVRAM access available on initial check
restore-anomalies = {0x00000000:[check_collection]auto-boot(does_not_exist)}
restore-outcome = initial_monitor_no_return
executing /usr/sbin/nvram -s restore-outcome=initial_monitor_no_return
[09:20:24.0851-GMT]{1>4} CHECKPOINT NOTICE: (NVRAM set) restore-outcome=initial_monitor_no_return [sync=true] (initial entry)
entering set_boot_stage
[09:20:24.0899-GMT]{1>4} CHECKPOINT MONITOR: [0x0204] boot_stage
restore-step-monitor = {0x11010204:"boot_stage"}
executing /sbin/mount_tmpfs /mnt5
entering show_service_nodes
disk0
IOBlockStorageDriver RegistryID : 0x10000022d Busy State : 0x0 Service State : 0x1e
NS_01 RegistryID : 0x10000022c Busy State : 0x0 Service State : 0x1e
AppleANS2NVMeController RegistryID : 0x1000001ff Busy State : 0x0 Service State : 0x1e
RTBuddyService RegistryID : 0x1000001f4 Busy State : 0x0 Service State : 0x1e
RTBuddyV2 RegistryID : 0x1000001f0 Busy State : 0x0 Service State : 0x1e
iop-ans-nub RegistryID : 0x100000134 Busy State : 0x0 Service State : 0x1e
AppleASCWrapV2 RegistryID : 0x1000001da Busy State : 0x0 Service State : 0x0
ans RegistryID : 0x100000133 Busy State : 0x0 Service State : 0x1e
AppleT803xIO RegistryID : 0x100000197 Busy State : 0x4 Service State : 0x1e
arm-io RegistryID : 0x100000116 Busy State : 0x1 Service State : 0x1e
AppleARMPE RegistryID : 0x100000189 Busy State : 0x2 Service State : 0x1e
N104DEV RegistryID : 0x100000188 Busy State : 0x1 Service State : 0x1e
Root RegistryID : 0x100000100 Busy State : 0x0 Service State : 0x0
----
[09:20:25.0244-GMT]{1>4} CHECKPOINT MONITOR: [0x1180] create_ramdisk
restore-step-monitor = {0x11011180:"create_ramdisk"}
[09:20:25.0286-GMT]{1>4} CHECKPOINT MONITOR: [0x0206] monitoring_child
restore-step-monitor = {0x11010206:"monitoring_child"}
objc[7]: Class AMSupportURLConnectionDelegate is implemented in both ?? (0x1015fc000) and ?? (0x10200c028). One of the two will be used. Which one is undefined.
objc[7]: Class AMSupportURLSession is implemented in both ?? (0x1015fc050) and ?? (0x10200c078). One of the two will be used. Which one is undefined.
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: Image4Supported
2022-10-22 09:20:26.723320+0000 restored_external[7:384] RestoreLog: Client Query: Image4Supported
libMobileGestalt utility.c:64: Could not open /private/var/containers/Shared/SystemGroup/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist: No such file or directory
2022-10-22 09:20:26.741267+0000 restored_external[7:384] Could not open /private/var/containers/Shared/SystemGroup/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist: No such file or directory
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: Image4Supported : true
2022-10-22 09:20:26.756006+0000 restored_external[7:384] RestoreLog: Client Response: Image4Supported : 1
[09:20:26.0757-GMT]{4>7} CHECKPOINT NOTICE: Image4 device: AP nonce clearable
entering ramrod_clear_ap_nonce
[09:20:26.0789-GMT]{4>7} CHECKPOINT NOTICE: AP nonce consumed
[09:20:26.0796-GMT]{4>7} CHECKPOINT NOTICE: Pre-existing NVRAM variable: restore-outcome=initial_monitor_no_return
[09:20:26.0808-GMT]{4>7} CHECKPOINT ANOMALY: [check_collection]auto-boot(does_not_exist)
[09:20:26.0810-GMT]{4>7} CHECKPOINT PROGRESS: START (unknown) -> (initial_engine_no_return)
[09:20:26.0810-GMT]{4>7} CHECKPOINT NOTICE: NVRAM access available on initial check
restore-anomalies = {0x00000000:[check_collection]auto-boot(does_not_exist)}
restore-outcome = initial_engine_no_return
executing /usr/sbin/nvram restore-outcome=initial_engine_no_return
[09:20:27.0271-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0400] umask
restore-step-ids = {0x11030400:1}
restore-step-names = {0x11030400:umask}
restore-step-uptime = 8
restore-step-user-progress = -1
[09:20:27.0276-GMT]{4>7} CHECKPOINT END: MAIN:[0x0400] umask
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 8
restore-step-user-progress = -1
[09:20:27.0280-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0402] setvbuf
restore-step-ids = {0x11030402:2}
restore-step-names = {0x11030402:setvbuf}
restore-step-uptime = 8
restore-step-user-progress = -1
[09:20:27.0284-GMT]{4>7} CHECKPOINT END: MAIN:[0x0402] setvbuf
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 8
restore-step-user-progress = -1
[09:20:27.0287-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0403] kernel_logger_thread
restore-step-ids = {0x11030403:3}
restore-step-names = {0x11030403:kernel_logger_thread}
restore-step-uptime = 8
restore-step-user-progress = -1
[09:20:27.0292-GMT]{4>7} CHECKPOINT END: MAIN:[0x0403] kernel_logger_thread
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 8
restore-step-user-progress = -1
[09:20:27.0295-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0406] set_progress_0
restore-step-ids = {0x11030406:4}
restore-step-names = {0x11030406:set_progress_0}
restore-step-uptime = 8
restore-step-user-progress = -1
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: DeviceClass
2022-10-22 09:20:27.301005+0000 restored_external[7:384] RestoreLog: Client Query: DeviceClass
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: DeviceClass : iPhone
2022-10-22 09:20:27.303898+0000 restored_external[7:384] RestoreLog: Client Response: DeviceClass : iPhone
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: DeviceColorMapPolicy
2022-10-22 09:20:27.305999+0000 restored_external[7:384] RestoreLog: Client Query: DeviceColorMapPolicy
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: DeviceColorMapPolicy : 0
2022-10-22 09:20:27.346251+0000 restored_external[7:384] RestoreLog: Client Response: DeviceColorMapPolicy : 0
2022-10-22 09:20:27.358549+0000 restored_external[7:384] IOMFB: /System/Library/Frameworks/MediaToolbox.framework/MediaToolbox not found
2022-10-22 09:20:27.362614+0000 restored_external[7:384] IOMFB: /System/Library/PrivateFrameworks/MediaToolbox.framework/MediaToolbox not found
2022-10-22 09:20:27.365920+0000 restored_external[7:384] IOMFB: /System/Library/PrivateFrameworks/Celestial.framework/Celestial not found
2022-10-22 09:20:27.367219+0000 restored_external[7:384] IOMFB: FigInstallVirtualDisplay not found
unable to get display list
unable to get framebuffer
No framebuffer but an internal display. Ok on bridge but weird anywhere else.
ramrod_display_set_granular_progress_forced: 0.000000
[09:20:32.0983-GMT]{4>7} CHECKPOINT END: MAIN:[0x0406] set_progress_0
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 13
restore-step-user-progress = 0
[09:20:32.0988-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0407] start_gasgauge_thread
restore-step-ids = {0x11030407:5}
restore-step-names = {0x11030407:start_gasgauge_thread}
restore-step-uptime = 13
restore-step-user-progress = 0
[09:20:33.0000-GMT]{4>7} CHECKPOINT WARNING: MAIN:[0x0407] gasgauge_start_update_thread failed: -1
restored_external: gasgauge_start_update_thread failed: -1
[09:20:33.0002-GMT]{4>7} CHECKPOINT END: MAIN:[0x0407] start_gasgauge_thread
restore-step-ids = {}
restore-step-names = {}
restore-step-warnings = {0x11060407:{0:"gasgauge_start_update_thread failed: -1"}}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0012-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0408] listen_for_log_client
restore-step-ids = {0x11030408:6}
restore-step-names = {0x11030408:listen_for_log_client}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0025-GMT]{4>7} CHECKPOINT END: MAIN:[0x0408] listen_for_log_client
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0030-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x040D] create_listen_socket
restore-step-ids = {0x1103040D:7}
restore-step-names = {0x1103040D:create_listen_socket}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0065-GMT]{4>7} CHECKPOINT END: MAIN:[0x040D] create_listen_socket
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0070-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0404] update_root_mount
restore-step-ids = {0x11030404:8}
restore-step-names = {0x11030404:update_root_mount}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0117-GMT]{4>7} CHECKPOINT END: MAIN:[0x0404] update_root_mount
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0121-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x0405] disable_watchdog
restore-step-ids = {0x11030405:9}
restore-step-names = {0x11030405:disable_watchdog}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0133-GMT]{4>7} CHECKPOINT END: MAIN:[0x0405] disable_watchdog
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 14
restore-step-user-progress = 0
[09:20:33.0139-GMT]{4>7} CHECKPOINT BEGIN: MAIN:[0x040E] enable_usb
restore-step-ids = {0x1103040E:10}
restore-step-names = {0x1103040E:enable_usb}
restore-step-uptime = 14
restore-step-user-progress = 0
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: UniqueDeviceID
2022-10-22 09:20:33.174479+0000 restored_external[7:384] RestoreLog: Client Query: UniqueDeviceID
2022-10-22 09:20:33.183818+0000 restored_external[7:384] [fast-path] taking platform fast path for key: re6Zb+zwFKJNlkQTUeT+/w
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: nFRqKto/RuQAV1P+0/qkBA
2022-10-22 09:20:33.185617+0000 restored_external[7:384] RestoreLog: Client Query: nFRqKto/RuQAV1P+0/qkBA
2022-10-22 09:20:33.186639+0000 restored_external[7:384] [fast-path] taking platform fast path for key: nFRqKto/RuQAV1P+0/qkBA
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: TF31PAB6aO8KAbPyNKSxKA
2022-10-22 09:20:33.190588+0000 restored_external[7:384] RestoreLog: Client Query: TF31PAB6aO8KAbPyNKSxKA
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: TF31PAB6aO8KAbPyNKSxKA : 1234605616436508552
2022-10-22 09:20:33.196877+0000 restored_external[7:384] RestoreLog: Client Response: TF31PAB6aO8KAbPyNKSxKA : 1234605616436508552
libMobileGestalt MobileGestalt.c:711: RestoreLog: Client Query: 566JrJVMlDfnslGpwUzNlQ
2022-10-22 09:20:33.199001+0000 restored_external[7:384] RestoreLog: Client Query: 566JrJVMlDfnslGpwUzNlQ
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: 566JrJVMlDfnslGpwUzNlQ : 32816
2022-10-22 09:20:33.207107+0000 restored_external[7:384] RestoreLog: Client Response: 566JrJVMlDfnslGpwUzNlQ : 32816
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: nFRqKto/RuQAV1P+0/qkBA : <CFData 0x10fe0da50 [0x101cf01b8]>{length = 25, capacity = 25, bytes = 0x30303030383033302d31313232333334 ... 3535363637373838}
2022-10-22 09:20:33.230310+0000 restored_external[7:384] RestoreLog: Client Response: nFRqKto/RuQAV1P+0/qkBA : {length = 25, bytes = 0x30303030 38303330 2d313132 32333334 ... 35353636 37373838 }
libMobileGestalt MobileGestalt.c:743: RestoreLog: Client Response: UniqueDeviceID : 00008030-1122334455667788
2022-10-22 09:20:33.232926+0000 restored_external[7:384] RestoreLog: Client Response: UniqueDeviceID : 00008030-1122334455667788
000016.558929 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Apple Mobile Device
000016.559671 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
000016.586020 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Reserved 1 + Apple Mobile Device
000016.586447 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: Reserved
000016.587049 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
000016.587434 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Reserved 2 + Apple Mobile Device
000016.587817 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: Reserved
000016.588129 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
000016.588483 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: configuration: Reserved 3 + Apple Mobile Device
000016.588861 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: Reserved
000016.589172 AppleT8027USBXDCI@: IOUSBDeviceController::createUSBDevice: interface: AppleUSBMux
waiting for matching IOKit service: {
IOProviderClass = AppleUSBDeviceMux;
}
AppleUSBDeviceMux build: Aug 12 2020 22:50:42
000016.607386 AppleT8027USBXDCI@: IOUSBDeviceController::gated_registerFunction: register function Reserved
000016.610003 AppleT8027USBXDCI@: IOUSBDeviceController::gated_registerFunction: register function AppleUSBMux
000016.610471 AppleT8027USBXDCI@: IOUSBDeviceController::startUSBStack: starting usb stack
000016.613653 AppleT8027USBXDCI@0: IOUSBDeviceController::startUSBStack: not connected
000016.614552 AppleT8027USBXDCI@0: AppleUSBXDCI::goOnBus: not on bus
000016.618845 AppleT8027USBXDCI@0: AppleUSBXDCIARM::cableChangeOccurred: cable detect disabled: transport type 2 connect type 2 restricted mode _lastRestrictedMode 0
000016.619582 AppleT8027USBXDCI@0: AppleUSBXDCIARM::cableChangeOccurred: powering on for transport type 2 connect type 2 restricted mode 0
qemu-system-aarch64: usb_tcp_host_attach: failed to connect to server: -1
IOReturn AppleUSBDeviceMux::setPropertiesGated(OSObject *) setting debug level to 7
[09:20:36.0290-GMT]{4>7} CHECKPOINT END: MAIN:[0x040E] enable_usb
restore-step-ids = {}
restore-step-names = {}
restore-step-uptime = 17
restore-step-user-progress = 0
waiting for host to trigger start of restore [timeout of 120 seconds]
000022.775305 wlan0.A[4] initWithProvider@120:amfm not matched
000022.778591 wlan0.A[5] deferredStart@1730: Lowered adjustBusy(-1), getBusyState() -> 4
@authscuredev, Please check the instruction in the USB-and-Restore section of the wiki
Hey, I'm also stuck here, how did you fixed it ?
Hello,
I follow the wiki and using the ipsw pointed there. This is what I get when I start qemu in ramdisk mode (no modifications on ramdisk); couldn't pass this stage. My setup is MBP Intel with latest ventura.