search

axi0mX / ipwndfu

open-source jailbreaking tool for many iOS devices
GNU General Public License v3.0
7.07k stars 1.69k forks source link

Can't enter into PWNED DFU Mode #21

Open kup2013 opened 7 years ago

kup2013 commented 7 years ago

OS X Yosemite (10.10.5)

Mac-admin:ipwndfu admin$ ./ipwndfu -p
*** based on limera1n exploit (heap overflow) by geohot ***
Found: CPID:8920 CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:000002C07509550C SRTG:[iBoot-359.3.2]
ERROR: This request succeeded, but it should have raised an exception. Exiting.
Mac-admin:ipwndfu admin$
axi0mX commented 7 years ago

Open limera1n.py in a text editor and add a # on the line right under this message:

        print 'ERROR: This request succeeded, but it should have raised an exception. Exiting.'
        #sys.exit(1)

Then try ./ipwndfu -p again. I'll need the output. Could you measure how many seconds it takes to execute that command?

kup2013 commented 7 years ago

3-4 seconds

Mac-admin:ipwndfu admin$ ./ipwndfu -p
*** based on limera1n exploit (heap overflow) by geohot ***
Found: CPID:8920 CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:000002C07509550C SRTG:[iBoot-359.3.2]
ERROR: This request succeeded, but it should have raised an exception. Exiting.
ERROR: Exploit failed. Device did not enter pwned DFU Mode.
Mac-admin:ipwndfu admin$
axi0mX commented 7 years ago

Thanks, this is what I needed.

This is not running inside of a virtual machine, correct?

For pwned DFU Mode, limera1n exploit uses a race condition which might not work in a virtual machine. What you are getting seems to indicate that USB requests are taking much longer to complete than on a bare metal macOS or Ubuntu, so the race condition doesn't work.

I don't know why that would be the case if you are not running it in a virtual machine.

kup2013 commented 7 years ago

Oh, thanks

axi0mX commented 7 years ago

In About This Mac -> System Report, what speed is shown for your iPhone when it is connected, under USB?

This is what it shows for my iPhone 7: Speed: Up to 480 Mb/sec

ghost commented 6 years ago

I'm getting the same exact error: ERROR: Exploit failed. Device did not enter pwned DFU Mode.

syui commented 4 years ago

In my case, the following steps will almost certainly succeed. Any other simple iteration will almost fail.

# need to restart mac
1. After connecting ipad to PC with dfu, unplug usb
2. Restart your mac
3. Connect ipad to computer with usb, unmount ipad
4. Run `ipwndfu -p` (checkm8)
izaman1 commented 4 years ago

In my case, the following steps will almost certainly succeed. Any other simple iteration will almost fail.

  • mac10.15, ipad4(wifi)
# need to restart mac
1. After connecting ipad to PC with dfu, unplug usb
2. Restart your mac
3. Connect ipad to computer with usb, unmount ipad
4. Run `ipwndfu -p` (checkm8)

I am having same issue on kali linux. usb error I think. I tried different cables but it is not working.

I identified the error system is not accessing line 118 def stall(device): libusb1_async_ctrl_transfer(device, 0x80, 6, 0x304, 0x40A, 'A' * 0xC0, 0.00001) def leak(device): libusb1_no_error_ctrl_transfer(device, 0x80, 6, 0x304, 0x40A, 0xC0, 1) def no_leak(device): libusb1_no_error_ctrl_transfer(device, 0x80, 6, 0x304, 0x40A, 0xC1, 1)

def usb_req_stall(device): libusb1_no_error_ctrl_transfer(device, 0x2, 3, 0x0, 0x80, 0x0, 10) def usb_req_leak(device): libusb1_no_error_ctrl_transfer(device, 0x80, 6, 0x304, 0x40A, 0x40, 1) def usb_req_no_leak(device): libusb1_no_error_ctrl_transfer(device, 0x80, 6, 0x304, 0x40A, 0x41, 1)

And I don't know how to fix this though