search

checkra1n / BugTracker

checkra1n bug tracker
720 stars 108 forks source link

Timeout waiting for bootstrap upload when jailbreaking the T2 chip #2037

Open nima2007 opened 3 years ago

nima2007 commented 3 years ago

Tell us about your setup:

  1. What iDevice are you using? Tried both iBridge2,5 (2018 Mac Mini) & iBridge2,4 (2018 MacBook Pro 13)
  2. On what version of bridgeOS is it? Latest (5.2_18P4347)
  3. What version of checkra1n are you using? Latest (0.12.2)
  4. What is your host system (OS version? Hackintosh? VM? etc.)? Tried both 2019 Macbook Pro 10.15.7 & 2018 Macbook Pro 10.15.7
  5. How are you connecting to the device (USB-A? USB-C? Apple/3rd party cable? Through a USB hub?)? Tried both USB-C to USB-C Macbook charge cable (USB2) and a TB3 cable

What are the steps to reproduce the issue?

  1. Run checkra1n in --cli mode to jailbreak the T2 chip
  2. Notice that it times out after "Booting" ...

What do you expect, and what is happening instead? Process should finish successfully

Did you see a popup on the device stating it entered "Safe Mode" due to an error? NA

Does the issue also occur if you use "Safe Mode" -s? Yes

Any other info, error logs, screenshots, ...? Workaround is to run checkra1n a 2nd time. It continues and tends to usually finishes the job.

Output:

 - [03/19/21 16:10:12] <Info>: Waiting for DFU devices
 - [03/19/21 16:10:20] <Verbose>: DFU mode device found
 - [03/19/21 16:10:20] <Info>: Exploiting
 - [03/19/21 16:10:20] <Verbose>: Attempting to perform checkm8 on 8012 10...
 - [03/19/21 16:10:20] <Info>: Checking if device is ready
 - [03/19/21 16:10:20] <Verbose>: == Checkm8 Preparation stage ==
 - [03/19/21 16:10:20] <Verbose>: Stalled input endpoint
 - [03/19/21 16:10:21] <Verbose>: DFU device disconnected
 - [03/19/21 16:10:21] <Verbose>: DFU mode device found
 - [03/19/21 16:10:21] <Info>: Setting up the exploit (this is the heap spray)
 - [03/19/21 16:10:21] <Verbose>: == Checkm8 Setup stage ==
 - [03/19/21 16:10:21] <Info>: Right before trigger (this is the real bug setup)
 - [03/19/21 16:10:21] <Verbose>: Entered initial checkm8 state after 0 steps, issuing DFU abort..
 - [03/19/21 16:10:21] <Verbose>: DFU device disconnected
 - [03/19/21 16:10:21] <Verbose>: DFU mode device found
 - [03/19/21 16:10:21] <Verbose>: == Checkm8 Trigger stage ==
 - [03/19/21 16:10:22] <Verbose>: Checkmate!
 - [03/19/21 16:10:22] <Verbose>: DFU device disconnected
 - [03/19/21 16:10:22] <Verbose>: DFU mode device found
 - [03/19/21 16:10:22] <Verbose>: == Checkm8 Trying to run payload... ==
 - [03/19/21 16:10:22] <Verbose>: If everything went correctly, you should now have code execution.
 - [03/19/21 16:10:22] <Verbose>: DFU device disconnected
 - [03/19/21 16:10:26] <Info>: Entered download mode
 - [03/19/21 16:10:26] <Verbose>: Download mode device found
 - [03/19/21 16:10:26] <Info>: Booting...
 - [03/19/21 16:10:26] <Verbose>: Setting bootargs to: rootdev=md0 -v
 - [03/19/21 16:10:28] <Verbose>: Download mode device disconnected
 - [03/19/21 16:12:01] <Error>: Timed out waiting for bootstrap upload (error code: -20)
TheMacSpace commented 3 years ago

Running into the same issue here.

ToBiDi0410 commented 2 years ago

Same here

coreytacoh commented 2 years ago

mine doesn't even enter download mode at all. It stops right after 'DFU device disconnected' following '...code execution.' Then nothing happens for a minute or two and then I get the error message. Meanwhile the target Mac is kicked off DFU mode, and when I try to put it back into DFU mode, I get a message like this:

and then it starts over and doesn't the same thing. Ive tried different cables, I even downgraded part of my HD to Big Sur from Monterey. nothing works.

nima2007 commented 2 years ago

mine doesn't even enter download mode at all. It stops right after 'DFU device disconnected' following '...code execution.' Then nothing happens for a minute or two and then I get the error message. Meanwhile the target Mac is kicked off DFU mode, and when I try to put it back into DFU mode, I get a message like this:

  • [12/22/21 10:52:28] : DFU mode device found
  • [12/22/21 10:52:28] : Got a device in DFU that should have been waiting for bootstrap, resetting...

and then it starts over and doesn't the same thing. Ive tried different cables, I even downgraded part of my HD to Big Sur from Monterey. nothing works.

That sounds like a different issue. BridgeOS 6 is not compatible with checkra1n until iOS 15 support comes out. By upgrading to Monterey you've upgraded your T2 chip to BridgeOS 6. It doesn't matter if you downgrade partially or even fully to Big Sur at this point. The T2 chip was already upgraded and you cannot downgrade it much like you cannot downgrade an iPhone from iOS 15 to iOS 14.