Exploit Failed (Error Code -20, -10)

[JeffreyVillanueva]

Tell us about your setup:

1. What iDevice are you using? iPhone 5S (password locked/permanently disabled after 10 tries)
2. On what version of iOS is it? Unknown. 12.5.6 is the newest iOS
3. What version of checkra1n are you using? 0.12.4 (have tried others as well)
4. What is your host system (OS version? Hackintosh? VM? etc.)? Mac mini 10.15.7
5. How are you connecting to the device (USB-A? USB-C? Apple/3rd party cable? Through a USB hub?)? Apple Cable (thunderbolt to usb) What are the steps to reproduce the issue?
6. Get phone in DFU Mode
7. Run checkra1n with "/Applications/checkra1n.app/Contents/MacOS/checkra1n -c -s -v" to start it in CLI mode
8. let it run until it hits ": == Checkm8 Setup stage == - [10/20/22 18:05:25] : Right before trigger (this is the real bug setup)" then unplug cable and plug it back in. 3.5 Tried to let it run without unplugging as well in other instances

What do you expect, and what is happening instead? I expect to see the code execution on the screen and run the payload. Instead the phone stays black. Then I get an error after time passes in checkra1n. 3.5. I expect it to get to the next step, Checkm8 Trigger stage, instead the phone boots normally to the "iPhone disabled" screen.

Did you see a popup on the device stating it entered "Safe Mode" due to an error? No

Does the issue also occur if you tick "Safe Mode" in the checkra1n options? Yes

Any other info, error logs, screenshots, ...?

The first two errors I did not intervene and the phone turned on back into iPhone disabled screen. The last time I tried to unplug and replug and got the the payload part. I have to run it cli because the phone is not detected otherwise. (USB restriction?) It was detected for ~ 20 min earlier after trying checkra1n 9.5, and I tried running it non cli and I got the same outcome on both that version and checkra1n 12.5.6

• [10/20/22 19:49:11] : Waiting for DFU devices
• [10/20/22 19:49:39] : DFU mode device found
• [10/20/22 19:49:40] : Exploiting
• [10/20/22 19:49:40] : Attempting to perform checkm8 on 8960 11...
• [10/20/22 19:49:40] : Checking if device is ready
• [10/20/22 19:49:40] : == Checkm8 Preparation stage ==
• [10/20/22 19:49:40] : DFU device disconnected
• [10/20/22 19:49:41] : DFU mode device found
• [10/20/22 19:49:41] : Setting up the exploit (this is the heap spray)
• [10/20/22 19:49:41] : == Checkm8 Setup stage ==
• [10/20/22 19:49:51] : Right before trigger (this is the real bug setup)
• [10/20/22 19:49:51] : Entered initial checkm8 state after 1 steps, issuing DFU abort..
• [10/20/22 19:49:52] : DFU device disconnected
• [10/20/22 19:49:53] : DFU mode device found
• [10/20/22 19:49:53] : == Checkm8 Trigger stage ==
• [10/20/22 19:49:58] : Checkmate!
• [10/20/22 19:49:58] : DFU device disconnected
• [10/20/22 19:50:25] : Timed out in state 3, assuming we are back to square one with this device. (error code: -31)
• [10/20/22 19:50:55] : DFU mode device found
• [10/20/22 19:50:55] : Exploiting
• [10/20/22 19:50:55] : Attempting to perform checkm8 on 8960 11...
• [10/20/22 19:50:55] : Checking if device is ready
• [10/20/22 19:50:55] : == Checkm8 Preparation stage ==
• [10/20/22 19:50:55] : DFU device disconnected
• [10/20/22 19:50:55] : DFU mode device found
• [10/20/22 19:50:55] : Setting up the exploit (this is the heap spray)
• [10/20/22 19:50:55] : == Checkm8 Setup stage ==
• [10/20/22 19:51:05] : Right before trigger (this is the real bug setup)
• [10/20/22 19:51:05] : Entered initial checkm8 state after 3 steps, issuing DFU abort..
• [10/20/22 19:51:07] : DFU device disconnected
• [10/20/22 19:51:30] : Timed out in state 2, assuming we are back to square one with this device. (error code: -31)
• [10/20/22 19:51:50] : DFU mode device found
• [10/20/22 19:51:50] : Exploiting
• [10/20/22 19:51:50] : Attempting to perform checkm8 on 8960 11...
• [10/20/22 19:51:50] : Checking if device is ready
• [10/20/22 19:51:50] : == Checkm8 Preparation stage ==
• [10/20/22 19:51:50] : DFU device disconnected
• [10/20/22 19:51:50] : DFU mode device found
• [10/20/22 19:51:50] : Setting up the exploit (this is the heap spray)
• [10/20/22 19:51:50] : == Checkm8 Setup stage ==
• [10/20/22 19:52:00] : Right before trigger (this is the real bug setup)
• [10/20/22 19:52:00] : Entered initial checkm8 state after 3 steps, issuing DFU abort..
• [10/20/22 19:52:01] : DFU device disconnected
• [10/20/22 19:52:01] : DFU mode device found
• [10/20/22 19:52:01] : == Checkm8 Trigger stage ==
• [10/20/22 19:52:04] : Checkmate!
• [10/20/22 19:52:04] : DFU device disconnected
• [10/20/22 19:52:19] : DFU mode device found
• [10/20/22 19:52:19] : == Checkm8 Trying to run payload... ==
• [10/20/22 19:52:19] : If everything went correctly, you should now have code execution.
• [10/20/22 19:52:20] : DFU device disconnected
• [10/20/22 19:52:21] : DFU mode device found
• [10/20/22 19:52:21] : Unable to open device: e00002c5 (error code: -10)
• [10/20/22 19:53:49] : Timed out waiting for bootstrap upload (error code: -20)

[uzvervolf]

Use this Checkra1n v0.10.2 from #2291... It's always works))