bridgeOS -20 error

[networkextension]

Tell us about your setup:

1. 2017 iMac Pro 10.15.6
2. 10.15.6
3. 0.12.2
4. 10.14.6?
5. USB-A to USB-C cable

#
# Proudly written in nano
# (c) 2019-2020 Kim Jong Cracks
#
#========  Made by  =======
# argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV
# never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza
#======== Thanks to =======
# haifisch, jndok, jonseals, xerub, lilstevie, psychotea, sferrini
# Cellebrite (ih8sn0w, cjori, ronyrus et al.)
#==========================

 - [01/12/21 16:37:19] <Info>: Waiting for DFU devices
 - [01/12/21 16:37:19] <Verbose>: DFU mode device found
 - [01/12/21 16:37:19] <Info>: Exploiting
 - [01/12/21 16:37:19] <Verbose>: Attempting to perform checkm8 on 8012 10...
 - [01/12/21 16:37:19] <Info>: Checking if device is ready
 - [01/12/21 16:37:19] <Verbose>: == Checkm8 Preparation stage ==
 - [01/12/21 16:37:19] <Verbose>: Stalled input endpoint
 - [01/12/21 16:37:19] <Verbose>: DFU mode device found
 - [01/12/21 16:37:19] <Info>: Setting up the exploit (this is the heap spray)
 - [01/12/21 16:37:19] <Verbose>: == Checkm8 Setup stage ==
 - [01/12/21 16:37:19] <Info>: Right before trigger (this is the real bug setup)
 - [01/12/21 16:37:19] <Verbose>: Entered initial checkm8 state after 3 steps, issuing DFU abort..
 - [01/12/21 16:37:20] <Verbose>: DFU device disconnected
 - [01/12/21 16:37:20] <Verbose>: DFU mode device found
 - [01/12/21 16:37:20] <Verbose>: == Checkm8 Trigger stage ==
 - [01/12/21 16:37:21] <Verbose>: Checkmate!
 - [01/12/21 16:37:21] <Verbose>: DFU device disconnected
 - [01/12/21 16:37:21] <Verbose>: DFU mode device found
 - [01/12/21 16:37:22] <Verbose>: == Checkm8 Trying to run payload... ==
 - [01/12/21 16:37:22] <Verbose>: If everything went correctly, you should now have code execution.
 - [01/12/21 16:37:22] <Verbose>: DFU device disconnected
 - [01/12/21 16:37:26] <Info>: Entered download mode
 - [01/12/21 16:37:26] <Verbose>: Download mode device found
 - [01/12/21 16:37:27] <Info>: Booting...
 - [01/12/21 16:37:27] <Verbose>: Setting bootargs to: rootdev=md0
 - [01/12/21 16:37:28] <Verbose>: Download mode device disconnected
 - [01/12/21 16:38:52] <Error>: Timed out waiting for bootstrap upload (error code: -20)

[Siguza]

Hmm. I know that iOS devices require unlocking and/or pairing with the host for USB to fully work... but I don't know how bridgeOS behaves there.

@aunali1 do you know if idevicepair would help here?

[Ch3ssking]

install minaUSB run checkra1n as soon at launches or starts installing (on iPhone 8 hold down the volume up and volume down buttons) until in diagnostic mode launch minaUSB and apply patch then run Checka1n again if you get an error message "minaUSB quit unexpectedly" I installed xcode 10.0 and that fixed the minaUSB. However I am currently having issues getting the patch on iPhone 6 to work

[rickmark]

Hmm. I know that iOS devices require unlocking and/or pairing with the host for USB to fully work... but I don't know how bridgeOS behaves there.

@aunali1 do you know if idevicepair would help here?

On the T2 there is in fact a lockdownd service - but it operates very similar to the way that it does on a device in restore / recovery mode - it doesn't require a pairing relationship and doesn't support encryption. This is how we interact with com.apple.restored - For the device when fully booted usbmuxd and lockdownd are no longer relevant because USB CDC takes over and remote XPC becomes the transport.

Just as a wild hair... you mention you're using a USB-A to USB-C cable... Does the cable you are using have the USB3 pins or is it a USB2 (A) to USB-C cable??

You can identify by looking end on of the USB-A end and look if it has 4 pins (easily visible) or if it has 5 additional recessed pins...

If I remember right the ACE (USB-C port mux) only connects the USB2 full speed lanes so the USB3 lanes might be causing confusion.. As in USB3 mode the HS S+/- R+/- supersede the traditional D+/- pairs