checkra1n / BugTracker

checkra1n bug tracker
730 stars 104 forks source link

A9X / iOS 14.5: Detected corrupted kerninfo #2074

Open mystrain opened 3 years ago

mystrain commented 3 years ago

Tell us about your setup:

  1. What iDevice are you using?

    Ipad Pro 1st gen

  2. On what version of iOS is it?

iOS 14.5

  1. What version of checkra1n are you using?

0.12.3

  1. What is your host system (OS version? Hackintosh? VM? etc.)?

Mac Os Catalina 10.15.7

  1. How are you connecting to the device (USB-A? USB-C? Apple/3rd party cable? Through a USB hub?)?

LIGHTNING TO USB A

What are the steps to reproduce the issue?

  1. when attempting to jailbreak error 20 shows up midway even with checkra1n in safe mode

on iPad error states: Found old-style rdsk! Detected corrupted kerninfo! Enabling usb done! pongoOS

2.RESTORED iPad and setup as new with same issue

  1. attempted other versions of checkra1n all crash midway other than latest version ...

What do you expect, and what is happening instead? jailbreak should complete

Did you see a popup on the device stating it entered "Safe Mode" due to an error?

yes and it did with same issue

Does the issue also occur if you tick "Safe Mode" in the checkra1n options?

Yes

issue still happens when safe mode is ticked!

Any other info, error logs, screenshots, ...?

Checkra1n:

error 20

on iPad error states:

Found old-style rdsk! Detected corrupted kerninfo! Enabling usb done! pongoOS

It appears a few people I know with the iPad Pro first gen have the same issue. Please checkra1n update your app and website to help!

I have updated the iOS just to get the new jailbreak, as the website states, it will work with my device and it doesn’t. So now I have lost my jailbreak. Please help!

Siguza commented 3 years ago

I have a suspicion as to what it could be... here's a debug build of Pongo:

Pongo.zip

Could you please unzip that, then run checkra1n on the command line with -k path/to/PongoConsolidated.bin?
That should print a bunch of hex values on the screen, please take a photo of those.

mystrain commented 3 years ago

I have a suspicion as to what it could be... here's a debug build of Pongo:

Pongo.zip

Could you please unzip that, then run checkra1n on the command line with -k path/to/PongoConsolidated.bin? That should print a bunch of hex values on the screen, please take a photo of those.

hi there

I've received the PongoConsolidated.bin file. When I try to unzip that file it states it's unsupported format. Unsure how to run checkra1n on a command line. can you help in explaining the process please?

Siguza commented 3 years ago

Open Terminal, Drag the checkra1n app into the window (that should auto-paste its path), then append /Contents/MacOS/checkra1n and make sure there is no space between the part you dragged in and the one you appended.
Then hit space, type -k, hit space again, then drag PongoConsolidated.bin into the window and hit enter.
The GUI should pop up at that point.

DrJapan commented 3 years ago

@Siguza I tried to load the modified Pongo, and here's the result (iPadOS 14.4.2):

IMG_0851

mystrain commented 3 years ago

/Contents/MacOS/checkra1n

thank you,

this is what i get when following your instructions.

IMG_1503

jujjja commented 3 years ago

Hi here, Same device, same release, same results ! It worked last week with ios 14.4.2 and checkra1n 0.12.2 I updated to ios 14.5 and 0.12.3 with current issues I then came back to 14.4.2 but still getting the issues mentioned in this thread with both 0.12.2 and 0.12.3...

DrJapan commented 3 years ago

I completely wiped my HighSierra iMac, and I was able to get 14.4.2 working with checkra1n 12.2.

jujjja commented 3 years ago

I completely wiped my HighSierra iMac, and I was able to get 14.4.2 working with checkra1n 12.2.

Great! Strange to see that the issue is coming from macos😕 Furthermore, I'm having this issue with Ubuntu as well.

DrJapan commented 3 years ago

@Siguza is this the output from your command when trying to load the modified Pongo?

checkra1n.zip

Siguza commented 3 years ago

Ok, I messed up the previous build. Try again with this one:

Pongo.zip

mystrain commented 3 years ago

Ok, I messed up the previous build. Try again with this one:

Pongo.zip

So follow the same instructions as before and send you a snapshot?

Siguza commented 3 years ago

Yes, please.

mystrain commented 3 years ago

Yes, please.

Thank you,

this is what I get

IMG_1506

dmatora commented 3 years ago

Having exactly the same issue

BorisYeltsin commented 3 years ago

Ok, I messed up the previous build. Try again with this one:

Pongo.zip

IMG_9376

mystrain commented 3 years ago

Ok, I messed up the previous build. Try again with this one:

Pongo.zip

Any updates?

koulak-frissons commented 3 years ago

Hi, Having exactly the same issue

jujjja commented 3 years ago

20210503_175020 same here also...

CellRichards commented 3 years ago

same thing here on 12.9" A9X as well, I'm running Big Sur (Thunderbolt to USB A Adapter>USBA-LIghtning) but also have a Catalina Mac ("Good ol'" straight USBA) and am willing to test.

Weird because I seem to recall seeing that 14.5 was preventing jailbreak from working at all via the checkra1n exploit(s), then I saw specific support for the new 0.12.3 beta and just like a robot, went and upgraded from 14.3. I hope this isn't permanent, but I dunno, seeing nothing but 00000000s where someone expected a bunch of hex readouts is never going to fill me with confidence haha

mystrain commented 3 years ago

Thanks for bringing this up people. The more people sharing this issue the more the developers can see and help.

jujjja commented 3 years ago

Thanks for bringing this up people. The more people sharing this issue the more the developers can see and help.

I guess any of us using ipad pro a9x has the issue, or is there somebody with the same device able to jailbreak??

Siguza commented 3 years ago

Marking this as accepted.
I'm pretty sure the issue is that the A9X iBoot overwrites a part of our payload on 14.5. That would also explain the 0% success rate.

jujjja commented 3 years ago

Marking this as accepted. I'm pretty sure the issue is that the A9X iBoot overwrites a part of our payload on 14.5. That would also explain the 0% success rate.

Great to see that you seem to understand the issue ! :D Would that mean that you already know how to fix it? I would be happy to help if you don't have an a9x close to you !

DrJapan commented 3 years ago

Same here!

mooneyalan4 commented 3 years ago

Same issue here, IPad Pro 1st gen. tried everything.

mystrain commented 3 years ago

Marking this as accepted. I'm pretty sure the issue is that the A9X iBoot overwrites a part of our payload on 14.5. That would also explain the 0% success rate.

Does this mean we will have an update soon?

Siguza commented 3 years ago

Experimental build. Please try this:

checkra1n.app.tar.gz

jetblackrx89 commented 3 years ago

Experimental build. Please try this:

checkra1n.app.tar.gz

1st gen iPad 12.9" user here. Unfortunately, it didn't work. It went right from DFU mode to a normal boot with no sign anything was actually injected.

mystrain commented 3 years ago

Experimental build. Please try this:

checkra1n.app.tar.gz

Hi Siguza

didn’t work for me either. After I follow the guide to DFU, within seconds my iPad starts up as normal without installing anything.

jujjja commented 3 years ago

I confirm, it reboots normally after DFU without going to usual jailbreak state. No ssh root possible

kasiimh1 commented 3 years ago

I have the same problem on AppleTV 4K, fails with --force-revert option too. Doesn't even init KPF unless ran through the app with no options either.

Device is now stuck in blinking mode, cannot boot into tvOS

https://imgur.com/a/3mlm6aA

mystrain commented 3 years ago

I have the same problem on AppleTV 4K, fails with --force-revert option too. Doesn't even init KPF unless ran through the app with no options either.

Device is now stuck in blinking mode, cannot boot into tvOS

https://imgur.com/a/3mlm6aA

Hi kasiimh1

not sure this is the same issue we are all experiencing. I recommend trying to open a new issue for this as it would help a lot of people experiencing similar issues to you:)

Lekomia commented 3 years ago

Hi, same error (Detected corrupted kerninfo) here with the iPad Pro 1.Gen. A9X but with iOS 14.5.1

Euogen commented 3 years ago

Hello! Same issue - iPad Pro 9.7 1st gen, iOS 14.5, checkra1n 0.12.3 through odysseyra1n. Backup to iOS 14.4.2 doesn’t work.

kasiimh1 commented 3 years ago

I have the same problem on AppleTV 4K, fails with --force-revert option too. Doesn't even init KPF unless ran through the app with no options either. Device is now stuck in blinking mode, cannot boot into tvOS https://imgur.com/a/3mlm6aA

Hi kasiimh1

not sure this is the same issue we are all experiencing. I recommend trying to open a new issue for this as it would help a lot of people experiencing similar issues to you:)

if anyone has issues with Apple TV 4K (A10X) on 14.5 post in this thread: https://github.com/checkra1n/BugTracker/issues/2083

BorisYeltsin commented 3 years ago

Experimental build. Please try this:

checkra1n.app.tar.gz

doesn't work. Same thing. Just boots up normally. Console version doesn't work either

BorisYeltsin commented 3 years ago

It seems that A9X will always be a pain in the butt

Siguza commented 3 years ago

Another experimental build:

checkra1n.app.tar.gz

jetblackrx89 commented 3 years ago

Another experimental build:

checkra1n.app.tar.gz

This one does properly attempt to inject the jailbreak, but the behavior is back to the initially reported one: It gets stuck at "PongoOS>".

Siguza commented 3 years ago

@jetblackrx89 with the same issue? Corrupted kerninfo?

jetblackrx89 commented 3 years ago

@jetblackrx89 with the same issue? Corrupted kerninfo?

Yes, it's identical to the logs the original report indicated. Nothing new. No new debug log events. Gets stuck in the same place.

Found old-style rdsk!
Detected corrupted kerninfo!
Enabling usb
done!
pongoOS
jujjja commented 3 years ago

@jetblackrx89 with the same issue? Corrupted kerninfo?

Yes, it's identical to the logs the original report indicated. Nothing new. No new debug log events. Gets stuck in the same place.

Found old-style rdsk!
Detected corrupted kerninfo!
Enabling usb
done!
pongoOS

Yep, same for me ! :(

drmeas commented 3 years ago

Has anyone tried the new 14.5.1.

koulak-frissons commented 3 years ago

7278FC12-BBEF-49FC-8385-A512009FB7C5

same issue for me

jujjja commented 3 years ago

No, and honnestly i don't think new ios releases will change anything. It seems that Apple has updated iBoot for A9x and as far as i understood checkra1n needs to be updated :/

Lekomia commented 3 years ago

Has anyone tried the new 14.5.1.

I've tried the new 14.5.1 on my iPad pro 1 Gen. and got the same error.

DrJapan commented 3 years ago

I'm staying on 14.4.2, until this is fixed. :) I managed to downgrade while it was still signed.

koulak-frissons commented 3 years ago

Me too!

mystrain commented 3 years ago

@jetblackrx89 with the same issue? Corrupted kerninfo?

Yes same issue

jujjja commented 3 years ago

@Siguza you said that you expect iboot to overwrite you payload. Is the payload address offset set in pongoOs code? Can we try to find the right offset, compile and test on our side to help you?