checkra1n / BugTracker

checkra1n bug tracker
729 stars 104 forks source link

Exploit Failed (Error code: -31) on iPhone X 13.2.2 #77

Closed Nanorithm closed 4 years ago

Nanorithm commented 4 years ago

What device + iOS version are you on? iPhone X iOS 13.2.2

What are the steps to reproduce the issue?

  1. Enter DFU mode
  2. Start Checkra1n
  3. Expoit Failed (Error code: -26) then Exploit Failed (Error code: -31) ...

What do you expect, and what is happening instead? Jailbreak successful

Any other info, error logs, screenshots, ...? Running on Macbook Pro (15-inch, 2019) on MacOS Mojave 10.14.6.

iPhone connected via lightning cable through USB-C dongle (https://www.apple.com/shop/product/MUF82AM/A/usb-c-digital-av-multiport-adapter)

Edit: After closing all apps on my mbp except iTunes and Checkra1n and re-entering DFU, now I'm getting Timed out waiting for bootstrap upload (Error code: -20). Making progress?

Edit 2: I just got it to work, apparently on iPhone X you HAVE to be in restore mode first before going into DFU mode, going straight into DFU mode doesn't work. I managed to get into restore/DFU mode via the installer but the instructions weren't accurate and I just had to do the timings myself. But once I got it into DFU mode it worked fine. I suggest updating the instructions for DFU.

Abbasm234 commented 4 years ago

HI,

I tried same procedure and successful in getting my phone into DFU mode via installer but it stucks at checking if device is ready . I am using Macos high Sierra on Virtual Machine? any help you can do bro?

TheNoim commented 4 years ago

Edit 2: I just got it to work, apparently on iPhone X you HAVE to be in restore mode first before going into DFU mode, going straight into DFU mode doesn't work. I managed to get into restore/DFU mode via the installer but the instructions weren't accurate and I just had to do the timings myself. But once I got it into DFU mode it worked fine. I suggest updating the instructions for DFU.

I would suggest closing the issue if you were able to jailbreak. This repo is already full of duplicated issues.

Nanorithm commented 4 years ago

I closed it but there's still an issue with the documentation, hopefully they get it fixed so it'll be more clear.

unlocktech commented 4 years ago

Still have the same error -31 I am using MacOS high Sierra on virtual machine. It runs the stop. Any help?

jayk1961 commented 4 years ago

Same issue.

Catalina OSX 10.15, 10.15.1, and 10.15.2 (tried all 3)

Here's the logging output:

bash-3.2# ./checkra1n -l /tmp/checkra1n/cr.log
#
# Checkra1n beta 0.9.6
#
# Proudly written in nano
# (c) 2019 Kim Jong Cracks
#
#========  Made by  =======
# argp, axi0mx, danyl931, jaywalker, kirb, littlelailo
# nitoTV, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza
#======== Thanks to =======
# haifisch, jndok, jonseals, xerub, lilstevie, psychotea, sferrini
# Cellebrite (ih8sn0w, cjori, ronyrus et al.)
#==========================

 - [12/04/19 13:54:34] <Info>: Waiting for DFU devices
 - [12/04/19 13:54:47] <Verbose>: DFU mode device found
 - [12/04/19 13:54:47] <Info>: Exploiting
 - [12/04/19 13:54:47] <Verbose>: Attempting to perform checkm8 on 8003 1...
 - [12/04/19 13:54:47] <Info>: Checking if device is ready
 - [12/04/19 13:54:47] <Verbose>: == Checkm8 Preparation stage ==
 - [12/04/19 13:54:48] <Verbose>: DFU device disconnected
 - [12/04/19 13:54:48] <Verbose>: DFU mode device found
 - [12/04/19 13:54:48] <Info>: Setting up the exploit (this is the heap spray)
 - [12/04/19 13:54:48] <Verbose>: == Checkm8 Setup stage ==
 - [12/04/19 13:56:40] <Error>: [EXPLOIT:!] Failed issuing asynchronous upload! e00002d8 (error code: -27)
 - [12/04/19 13:56:40] <Info>: Right before trigger (this is the real bug setup)
 - [12/04/19 13:56:40] <Verbose>: Entered initial checkm8 state after 1913 steps, issuing DFU abort..
 - [12/04/19 13:56:40] <Error>: Timed out in state 1, assuming we are back to square one with this device. (error code: -31)
 - [12/04/19 13:56:40] <Verbose>: DFU device disconnected

bash-3.2# 

Suggestions? I believe it is USB controller/cable related. I am using a brand new cable as well as an old cable (tried both), tried different ports, and tried USB mode 2.0 and USB 3.0.

I tried USB 1.1, but Catalina gives an error message that says It'll try to connect it to the appropriate USB controller/device. This method also failed.

NOT using AMD NOT using MSI or Mortar or B350M

I am Intel based.

Model: iPhone SE with Genuine Apple cables. iOS version: 13.1.3

Nanorithm commented 4 years ago

What hardware are you running? Is it a hackintosh or official apple hardware? If it's a hackintosh then it's possible one of your driver kexts may not be correct.

Unrelated to hardware, I realized my checkrain would fail unless I had everything completely closed except the checkrain app and iTunes. My theory was that my windows WM was messing with my USB passthrough but I'm not 100% sure and haven't looked into it further.

If ANYTHING has the potential to use the USB controller, I'd close it. Make sure you're following the UI instructions, the hack needs recovery before DFU. I've tried manual DFU via CLI and it's worked like once and every other time I got error -31.

From what I've seen, error -31 has to do with not having a stable connection throughout the process or the connection was interrupted shortly at some point. Anyone can feel free to correct me if I'm wrong.