Open Chamith96R opened 2 years ago
After many attempts and a 0% success rate I figured out a way to reliably get into pwned DFU mode and do the rest of the commands. For me it was an iPhone 5.
Note: I had previously tried Sliver which wanted to install Python 2.7.18 to /usr/local/bin
. Not sure if a slightly different 2.x version matters though.
Before even putting your device in DFU mode, open a new Terminal window and run this: while true; do killall iTunes 2>/dev/null && echo KILLED; sleep 1; done
When trying to pwn the DFU, I noticed iTunes actually wants to auto(re)start at least 5 times and it may "steal" the USB connection from ipwndfu
, resulting in failure. Leave this running until you reboot after removing Setup.app
. This is likely the cause of the no langid
error; midway through this process iTunes nicks control of the device back so ipwndfu
actually doesn't get a reply. The same probably goes for the AssertionError
assert usb.backend.libusb1._lib.libusb_cancel_transfer(transfer_ptr) == 0
.
For me it now always (and almost instantly) returns with Device is now in pwned DFU Mode
.
Mac 8 plus GSM
crp@Chamiths-MacBook-Air ipwndfu-A11-patch-rom % sudo python2 ipwndfu -p Password: checkm8 exploit by axi0mX Found: CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000D756E24FA202E IBFL:3C SRTG:[iBoot-3332.0.0.1.23] Traceback (most recent call last): File "ipwndfu", line 81, in
checkm8.exploit()
File "/Users/crp/Downloads/ipwndfu-A11-patch-rom/checkm8.py", line 489, in exploit
device.serial_number
File "/Users/crp/Downloads/ipwndfu-A11-patch-rom/usb/core.py", line 830, in serial_number
self._serial_number = util.get_string(self, self.iSerialNumber)
File "/Users/crp/Downloads/ipwndfu-A11-patch-rom/usb/util.py", line 314, in get_string
raise ValueError("The device has no langid")
ValueError: The device has no langid