iPhone 7 - Raspbian "ERROR: Exploit failed. Device did not enter pwned DFU Mode"

Techsteps commented 4 years ago

Clean install of Raspbian Buster Update/Upgrade Install Git Install Pip Apt Install python-libusb1 Pip Pyusb

Put phone in DFU mode Run sudo ./ipwndfu -p

Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] ERROR: Exploit failed. Device did not enter pwned DFU Mode.

Rinse and Repeat

Techsteps commented 4 years ago

 sudo lsusb -v | grep -i apple
can't get device qualifier: Resource temporarily unavailable
can't get debug descriptor: Resource temporarily unavailable
can't get debug descriptor: Resource temporarily unavailable
can't get debug descriptor: Resource temporarily unavailable
Bus 001 Device 007: ID 05ac:1227 Apple, Inc. Mobile Device (DFU Mode)
  idVendor           0x05ac Apple, Inc.
  iManufacturer           2 Apple Inc.
  iProduct                3 Apple Mobile Device (DFU Mode)
    iConfiguration          5 Apple Mobile Device (DFU Mode)
can't get debug descriptor: Resource temporarily unavailable
can't get device qualifier: Resource temporarily unavailable
can't get debug descriptor: Resource temporarily unavailable

EWouters commented 4 years ago

Duplicate of #63. Please close this and take your discussion there.

Techsteps commented 4 years ago

Except it’s not because the error is completely different.

Being on Raspbian isn’t the issue since libusb seemingly works for me.

Also that ticket is pending resolved.

Techsteps commented 4 years ago

I did forget to apt install libusb-dev

But, the error is the same. So, it did not resolve my issue. Also, I verified that 'python --version' returns python 2 not 3.

DaJakerBoss commented 4 years ago

The success rate of this exploit is relatively low. Have you tried the exploit on another system or with another cable?

Techsteps commented 4 years ago

I tried different cables. I have not been able to acquire an OSX device. Have tried fresh installs of Rasbian.

baconwaifu commented 4 years ago

Try the geohot fork. it uses python3, and has more verbose output. might give us a clue as to what's going on.

Techsteps commented 4 years ago

Thanks for that. It is more verbose.

` checkm8 exploit by axi0mX ** stage 1, heap grooming

Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]

no large leak, hole:5

ctrl transfer good: 128 6

Performing USB port reset.

** stage 2, usb setup, send 0x800 of 'A', sends no data ctrl transfer good: 33 4 ** stage 3, exploit

ctrl transfer ERROR: 2 3 USBError(32, 'Pipe error')

doing leak 1

ctrl transfer ERROR: 128 6 USBError(110, 'Operation timed out')

ctrl transfer ERROR: 0 0 USBError(32, 'Pipe error')

ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')

Performing USB port reset.

** final check

final serial CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]

ERROR: Exploit failed. Device did not enter pwned DFU Mode.`

baconwaifu commented 4 years ago

Great. After doing some digging, apparently the pipe error from libUSB during a control transfer means that the device "doesn't support that request" so it would be useful to know what the request numbers actually mean, since there's no comment for it. would need a bootROM dump or a comment from the dev.

My copy errors on the same transfer in the same way (well, the first instance of it, which yours doesn't hit due to the hole)

izaman1 commented 4 years ago

Thanks for that. It is more verbose.

` checkm8 exploit by axi0mX ** stage 1, heap grooming

Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]

no large leak, hole:5

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

Performing USB port reset.

** stage 2, usb setup, send 0x800 of 'A', sends no data ctrl transfer good: 33 4 ** stage 3, exploit

ctrl transfer ERROR: 2 3 USBError(32, 'Pipe error')

doing leak 1

ctrl transfer ERROR: 128 6 USBError(110, 'Operation timed out')

ctrl transfer ERROR: 0 0 USBError(32, 'Pipe error')

ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')

ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')

Performing USB port reset.

** final check

final serial CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]

ERROR: Exploit failed. Device did not enter pwned DFU Mode.`

same error

izaman1 commented 4 years ago

Thanks for that. It is more verbose.

` checkm8 exploit by axi0mX ** stage 1, heap grooming

Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]

no large leak, hole:5

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

ctrl transfer good: 128 6

Performing USB port reset.

** stage 2, usb setup, send 0x800 of 'A', sends no data ctrl transfer good: 33 4 ** stage 3, exploit

ctrl transfer ERROR: 2 3 USBError(32, 'Pipe error')

doing leak 1

ctrl transfer ERROR: 128 6 USBError(110, 'Operation timed out')

ctrl transfer ERROR: 0 0 USBError(32, 'Pipe error')

ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')

ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')

Performing USB port reset.

** final check

final serial CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:001671AA202A4326 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]

ERROR: Exploit failed. Device did not enter pwned DFU Mode.`

Did You solve?

axi0mX / ipwndfu

iPhone 7 - Raspbian "ERROR: Exploit failed. Device did not enter pwned DFU Mode" #117