search

TrungNguyen1909 / qemu-t8030

iPhone 11 emulated on QEMU
Other
1.97k stars 194 forks source link

Kernel Panic on restore step clean_nand #77

Closed Duy-Thanh closed 1 year ago

Duy-Thanh commented 1 year ago

It's been more than two weeks since I tried this archive, and now I'm still stuck in iOS recovery mode and it fails.

The entire iOS emulator crash log is attached in the file below: iOS_Log.txt

And the log of the Linux client (I'm using Lubuntu 22.04.01, and all dependencies are up to date, including idevicerestore):

Linux_Log.txt

In all attempts, when the iOS device emulator runs to:

Creating 7 namespaces on NAND

It will always stop there and will have the following line:

unrecognized request 'GetValue'
unrecognized request 'GetValue'

At the same time when the two lines of unrecognized request 'GetValue' appeared, on the side of my Linux VM, idevicerestore gave the message:

No data to read (timeout)

And then on the iOS simulator side after two lines unrecognized request 'GetValue' :

void AppleNVMeRequest::PrintRequest()::481:QID=0 Deadline=1609306585 DW0=601600C6 DW10=00000000 DW11=00000000 DW12=00000000 DW13=00000000 DW14=00000000 DW15=00000000
DW10=00000000 DW11=00000000 DW12=00000000 DW13=00000000 DW14=00000000 DW15=00000000
ANS2: MMIO write to unknown vendor register, offset=0x13ec value=0x601600c6, returning
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8027USBXDCI
IOPlatformPanicAction -> AppleS5L8960XWatchDogTimer
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC
IOPlatformPanicAction -> AppleT8030PMGR

And then the error appeared:

panic(cpu 2 caller 0xfffffff019b07c24): nvme: "Fatal error occurred. ID=0 ARG1=0x0 ARG2=0x0 ARG3=0x0 NANDV=0x0, DRAMV=0x0, SSDC=128GB. FW Revision=1.0\n"

Throughout the process of running the iOS virtual machine, you will see these lines appear:

unrecognized request 'GetValue'

Or the following lines appear (but randomly on attempts):

recv(9, 4) failed: connection closed
unable to read message size: -1
could not receive messages

and it confused me. If this is a connection between real hardware and idevicerestore, that would make sense because the cable connection is bad and I could go out and buy a new cable to restore. But this is a rollback between virtual machines and there are no physical connections at all, but somehow poor connections keep popping up.

Also, here is the command used to run the iOS virtual machine:

qemu-t8030/build/qemu-system-aarch64 \
-s -M t8030,trustcache-filename=iphone/Firmware/018-01496-004.dmg.trustcache,ticket-filename=root_ticket.der \
-kernel iphone/kernelcache.research.iphone12b \
-dtb iphone/Firmware/all_flash/DeviceTree.n104ap.im4p \
-append "debug=0x14e kextlog=0xffff serial=3 -v wdt=-1" \
-initrd iphone/018-01496-004.dmg \
-cpu max -smp 3 \
-m 2G -serial mon:stdio \
-drive file=nvme.1,format=raw,if=none,id=drive.1 \
-device nvme-ns,drive=drive.1,bus=nvme-bus.0,nsid=1,nstype=1,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.2,format=raw,if=none,id=drive.2 \
-device nvme-ns,drive=drive.2,bus=nvme-bus.0,nsid=2,nstype=2,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.3,format=raw,if=none,id=drive.3 \
-device nvme-ns,drive=drive.3,bus=nvme-bus.0,nsid=3,nstype=3,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.4,format=raw,if=none,id=drive.4 \
-device nvme-ns,drive=drive.4,bus=nvme-bus.0,nsid=4,nstype=4,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvram,if=none,format=raw,id=nvram \
-device apple-nvram,drive=nvram,bus=nvme-bus.0,nsid=5,nstype=5,id=nvram,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.6,format=raw,if=none,id=drive.6 \
-device nvme-ns,drive=drive.6,bus=nvme-bus.0,nsid=6,nstype=6,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.7,format=raw,if=none,id=drive.7 \
-device nvme-ns,drive=drive.7,bus=nvme-bus.0,nsid=7,nstype=8,logical_block_size=4096,physical_block_size=4096

Command line to run idevicerestore on a Linux virtual machine:

idevicerestore -P -d --erase --restore-mode -i 0x1122334455667788 iPhone11,8,iPhone12,1_14.2_18B92_Restore.ipsw -T root_ticket.der

Any help on this matter is greatly appreciated

TrungNguyen1909 commented 1 year ago

Generally, this is because your machine is a bit slow. I've a fix but I haven't tested it properly yet.

Duy-Thanh commented 1 year ago

@TrungNguyen1909 My computer currently has a CPU with 4 cores and 12GB of RAM. Is there any trick or hack to fix this problem?

TrungNguyen1909 commented 1 year ago

Should be fixed in 83cff1223e92209ae483e803ce3a10ba76017600