12.4.5 for iPhone 5S cannot be jailbroken

[Merculous]

Tell us about your setup:

1. iPhone 5S (iPhone6,1)
2. 12.4.5
3. 0.9.8 CLI and GUI
4. MacOS Mojave 10.14.6
5. Lightning UART

What are the steps to reproduce the issue?

1. Upgraded from iOS 10.3.3 to 12.4.5
2. Use any option?
3. Upgrade checkra1n from 0.9.7 to 0.9.8 (latest atm) ...

What do you expect, and what is happening instead? Says its patches the kernel, but nothing happens afterwards, still stuck at the logo with the text from the framebuffer.

Also, using verbose boot, hangs after saying "mounted checkra1nrd..."

Does the issue also occur if you enable Safe Mode? Yes

Any other info, error logs, screenshots, ...? Boot args: debug=0x14e serial=3

"Allow to work on untested devices/versions..." was selected and nothing different happened.

LOG:

=======================================
::
:: Stage2 KJC Loader
::
::      Local boot, Board 0x0 (n51ap)/Rev 0x8
::
::      BUILD_TAG: iBoot-4513.270.14
::
::      BUILD_STYLE: RELEASE
::
::      USB_SERIAL_NUMBER: CPID:8960 CPRV:11 CPFM:03 SCEP:01 BDID:00 ECID:[uhh] IBFL:1D SRNM:[uhh]
::
=======================================

2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
2d2fa2a9625c0de:179
1766514c6672593:348
7ab90c923dae682:291
7ab90c923dae682:321
3974bfd3d441da3:853
Delaying boot for 0 seconds. Hit enter to break into the command prompt...
dce7b01f6ef60a3:340
dce7b01f6ef60a3:382
e51893b627f0e6e:1126
dce7b01f6ef60a3:964
7ab90c923dae682:401
8d3ff3cd3759614:408
8d3ff3cd3759614:408
7f08e6b5656548f:236
7f08e6b5656548f:236
7f08e6b5656548f:223
7f08e6b5656548f:223
8d3ff3cd3759614:420
8d3ff3cd3759614:420
6476b5993bf0843:87
initializing AIC 1

#==================
#
# pongoOS 1.0.1-33debb4e (EL3)
#
# https://checkra.in
#
#==================
Booted by: iBoot-4513.270.14
Built with: GCC 4.2.1 Compatible Clang 8.0.1 (Red Hat 8.0.1-1.module_el8.1.0+215+a01033fb)
Running on: s5l8960x-io
[modload_macho:i] Attempting to load a module
[modload_macho:+] Loaded module checkra1n-kpf-12.3,13.3
Found old-style rdsk!
set xnu boot arg cmdline to: [rootdev=md0 debug=0x14e serial=3]

#==================
#
# checkra1n kpf 0.9.8
#
# Proudly written in nano
# (c) 2019 Kim Jong Cracks
#
# This software is not for sale
# If you purchased this, please
# report the seller.
#
# Get it for free at https://checkra.in
#
#====  Made by  ===
# argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV

# never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza

#==== Thanks to ===
# haifisch, jndok, jonseals, xerub, lilstevie, psychotea, sferrini

# Cellebrite (ih8sn0w, cjori, ronyrus et al.)

#==================
KPF: Found shellcode area, copying...
KPF: Found task_conversion_eval
KPF: Found task_conversion_eval inlined
KPF: Found task_conversion_eval inlined
KPF: Found vm_map_protect
KPF: Found AMFI (Leaf)
KPF: Found AMFI (Leaf)
KPF: Found AMFI (Leaf)
KPF: Found vnode_getpath
KPF: Found mac_mount
KPF: Found vfs_context_current
KPF: Found vnode_getattr
KPF: Found rootdev filter
KPF: Found rootdev filter
KPF: Found mach traps
KPF: Found SB ops
KPF: Found tfp0
KPF: Skipped mountmd
KPF: Skipped mountmd
KPF: Found AMFI execve hook
KPF: Found AMFI mac_syscall
KPF: Found AMFI hashtype check
KPF: Found APFS rename
KPF: Found APFS mount
KPF: Disabled snapshot temporarily
done!
allocated static region for rdsk: 0x405848000, sz: 110000
iBoot version: pongoOS-1.0.1-33debb4e
corecrypto_kext_start called
                            [cckprng] Yarrow PRNG initialized with SHA-256.
                                                                           FIPSPOST_KEXT [914807454] fipspost_post:156: PASSED: (1 ms) - fipspost_post_integrity
                                                                                                                                                                FIPSPOST_KEXT [914988472] fipspost_post:162: PASSED: (0 ms) - fipspost_post_hmac
                                                                                                                                                                                                                                                FIPSPOST_KEXT [915159204] fipspost_post:163: PASSED: (0 ms) - fipspost_post_aes_ecb
                                                                           FIPSPOST_KEXT [915337127] fipspost_post:164: PASSED: (0 ms) - fipspost_post_aes_cbc
                                                                                                                                                              FIPSPOST_KEXT [916413191] fipspost_post:165: PASSED: (37 ms) - fipspost_post_rsa_sig
                                                                                                                                                                                                                                                  FIPSPOST_KEXT [916796570] fipspost_post:166: PASSED: (8 ms) - fipspost_post_ecdsa
                                                                           FIPSPOST_KEXT [917034987] fipspost_post:167: PASSED: (2 ms) - fipspost_post_ecdh
                                                                                                                                                           FIPSPOST_KEXT [917205585] fipspost_post:168: PASSED: (0 ms) - fipspost_post_drbg_ctr
                                                                                                                                                                                                                                               FIPSPOST_KEXT [917384758] fipspost_post:169: PASSED: (0 ms) - fipspost_post_aes_ccm
                                                                          FIPSPOST_KEXT [917562599] fipspost_post:171: PASSED: (0 ms) - fipspost_post_aes_gcm
                                                                                                                                                             FIPSPOST_KEXT [917740436] fipspost_post:172: PASSED: (0 ms) - fipspost_post_aes_xts
                                                                                                                                                                                                                                                FIPSPOST_KEXT [917928423] fipspost_post:173: PASSED: (0 ms) - fipspost_post_tdes_cbc
                                                                            FIPSPOST_KEXT [918110072] fipspost_post:174: PASSED: (0 ms) - fipspost_post_drbg_hmac
                                                                                                                                                                 FIPSPOST_KEXT [918290149] fipspost_post:197: all tests PASSED (146 ms)
                                                                                                                                                                                                                                       AUC[<ptr>]::init(<ptr>)
AUC[<ptr>]::probe(<ptr>, <ptr>)
AppleCredentialManager: init: called, instance = <ptr>.
Darwin Image4 Validation Extension Version 1.3.0: Mon Aug 19 22:47:57 PDT 2019; root:AppleImage4-1.260.7~410/AppleImage4/RELEASE_ARM64
ACMRM-S: init: called, .
ACMRM-C: init: called, .
ACMRM-C: _loadAccCacheSize: acc-cache size = 16 (from 'acm_trm_acc_cache_size' boot-arg: NO).
ACMRM-C: _loadAccCacheExAppleS5L8960XIO::start: chip-revision: B1
                                                                 AppleS5L8960X: PIO and AF errors enabled
                                                                                                         piration: acc-cache expiration = 2592000 (from 'acm_trm_acc_cache_expiration' boot-arg: NO).
ACMRM: init: called, EN=YES, KB_OBS=YES.
ACMRM: _loadRestrictedModeForceEnable: restricted mode force-enabled = 0 .
ACMRM-A: init: called, .
ACMRM-A: _loadAnalyticsCollectionPeriod: analytics collection period = 86400 .
ACMRM: _loadStandardModeTimeout: standard mode timeout = 259200 .
AppleARMBacklight::start: Using new Backlight Architecture 1
AppleARMBacklight::start: no DBV offset data
ACMRM-A: notifyStandardModeTimeoutChanged: called, value = 259200 (modified = YES).
ACMRM: _loadGracePeriodTimeout: device lock timeout = 3600 .
AppleARMBacklight::start: no DBV max data
AppleARMBacklight::start: _calibratedMaxCurrent=19130
ACMRM-A: notifyGracePeriodTimeoutChanged: called, value = 3600 (modified = YES).
ACMRM: _AppleInterruptController::start: _aicVersion = 1 _aicBaseAddress = 0x<ptr> _aicNumExtInts = 0x000000c0 _aicNumIPIs = 0x00000004
                                                                                                                                       AppleS5L8960XGPIOIC::start: this: <ptr>, _gpioicBaseAddress: <ptr>
                                                                                                                                                                                                         mapAndPublishTRM: set TRM_PolicyTimeout = 259200.
AppleARMBacklight::start: _calibratedMidCurrent=5740
AppleARMBacklight::start: mA2Nits2ndOrderCoef=-1
ACMRM: _mapAndPublishTRM: set TRM_GracePeriodTimeout = 3600.
ACMRM: _mapAndPublishTRM: sending kIOMessageServicePropertyChange(n=2) while DISABLED, TRM: 259200 -/ff 3600 -/ff miss=ff (CUR: 259200 -/ff 3600 -/ff).
AppleInterruptController::start: Num Shared Timestamps == 16
AppleARMBacklight::start: mA2Nits1stOrderCoef=58
AppleCredentialManager: init: returning, result = true, instance = <ptr>.
AppleS5L8960XMemCacheController::start: this: <ptr>, virt addr: <ptr>, phys addr: 0x200000000
                                                                                             AppleARMBacklight::start: no mA2Nits0thOrderCoef data, use zero
AppleARMBacklight::start: nits2mAmps2ndOrderCoefAppleS5L8960XPlatformErrorHandler::start: this: <ptr>, AMC virt addr: <ptr>, AMC phys addr: 0x200000000
                                                                                                                                                                        CP virt addr: <ptr>, CP phys addr: 0x200d10000
                                                                                                                                                                                                                      AppleS5L8920XPWM::start: _pwmBaseAddress: <ptr>
             AppleSamsungSPIController::start: spi1: _spiBaseAddress = 0x20a084000:<ptr>, _spiVersion = 1 _spiInternalCS = 0
                                                                                                                            AppleSamsungSPIController::start: spi2: _spiBaseAddress = 0x20a088000:<ptr>, _spiVersion = 1 _spiInternalCS = 0
                                                                                                                                                                                                                                           AppleSamsungSPIController::start: spi3: _spiBaseAddress = 0x20a08c000:<ptr>, _spiVersion = 1 _spiInternalCS = 0
                                                                                                  =3328
AppleS5L8960XUSBPhy::start: hsic disabled
AppleS5L8940XI2CController::start: i2c0 this: <ptr> _i2cBaseAddress: <ptr>
AppleS5L8960XMemCacheController::start: MCC max configs = 4
                                                           AppleARMBacklight::start: nits2mAmps1stOrderCoef=16773
AppleARMBacklight::start: no nits2mAmps0thOrderCoef data, use zero
AppleARMBacklight::start: _lMaxProduct=30474240
AppleARMBacklight::start: _lMidProduct=9175040
AppleARMBacklight::start: _lMinProduct=380941
AppleS5L8940XI2CController::start: i2c1 this: <ptr> _i2cBaseAddress: <ptr>
AppleARMBacklight::start: Backlight calibration data 90
AppleARMBacklight::start: vers=1.0, iMid=5320, iMax=20000, nitsAt20mA=568
AppleARMBacklight::start: _lMaxProduct=30474240, _lMidProduct=9175040, _lMinProduct=380941, _lMaxPanel=37124480, _lMidPanel=11072024, _lMinPanel=463942, _milliAmps2NitsScaleFactor=568000
AppleM2ScalerCSCDriver[<ptr>]::start(provider <ptr>)
virtual bool IOMobileFramebuffer::start(IOService *)
AppleARMBacklight::start: _minDACLevel=471 _maxDACLevel=1973
AppleSamsungMIPIDSIController::start: _dsimBaseAddress = <ptr>
                                                              virtual bool AppleM2ScalerCSCDriver::start(IOService *) MSR Driver Waiting for IOSurfaceRoot
AUC[<ptr>]::start(<ptr>)
AGXk: Starting GPU driver. Available features: release
IOMFB: driver commit:
AppleS5L8960XMemCacheController::start: finished
                                                AppleDieTempController::start:
AppleDieTempController::setupLegacyControlLoop: Setting up legacy style (single loop) fast die control
virtual bool AppleARMLightEmUp::start(IOService *): starting...
AppleS5L8940XDWI::start v1 _dwiBaseAddress: <ptr>, buck mask = 0x00000000
                                                                         mca0:_initVersion:1448: configured mcaVersion 0x1 != reg 0x10001
                                                                                                                                         mca1:_initVersion:1448: configured mcaVersion 0x1 != reg 0x10001
                                                                                                                                                                                                         mca2:_initVersion:1448: configured mcaVersion 0x1 != reg 0x10001
                 mca3:_initVersion:1448: configured mcaVersion 0x1 != reg 0x10001
                                                                                 mca4:_initVersion:1448: configured mcaVersion 0x1 != reg 0x10001
                                                                                                                                                 AppleKeyStore starting (BUILT: Aug 19 2019 23:12:13)
AppleSEPKeyStore::start: _sep_enabled = 1
AppleCredentialManager: start: called, instance = <ptr>.
AppleDieTempController::initLoopConfig: Successfully configured 1 loops
ACMRM: _publishIOResource: AppleUSBRestrictedModeTimeout = 259200.
AppleCredentialManager: start: initializing power management, instance = <ptr>.
AppleDieTempController::handleBootArgs: In handleBootArgs routine
AppleDieTempContAppleS5L8900XMIPIDSIController::start: Slow Adaptive Clocking enabled with 19 frequencies
                                                                                                         roller::cpuPerfControllerArrivalHandler: boot_dvd_factor 0x00010000
AppleCredentialManager: start: started, instance = <ptr>.
AGXk: Probing - Detected G3 B1 [1MGPUs4Cores 1Frags 1GTPSlots 1FRGSlots 1CDMSlots]
AGXk: Probing - AGXAcceleratorG3_B0 supports G3 B1, selecting with score 10000
AppleCredentialManager: start: returning, result = true, instance = <ptr>.
AGXk: AGXAcceleratorG3_B0: Starting as G3 B1 [1MGPUs4Cores 1Frags 1GTPSlots 1FRGSlots 1CDMSlots] on N51AP
AppleARMPE::getGMTTimeOfDay can not provide time of day: RTC did not show up
                                                                            apfs_module_start:1393: load: com.apple.filesystems.apfs, v945.272.3, apfs-945.272.3, 2019/08/19
com.apple.AppleFSCompressionTypeZlib kmod start
IOSurfaceRoot::installMemoryRegions()
                                     IOSurface disallowing global lookups
                                                                         apfs_sysctl_register:929: done registering sysctls.
com.apple.AppleFSCompressionTypeZlib load succeeded
virtual bool AppleM2ScalerCSCDriver::start(IOService *) DONE Waiting for IOSurfaceRoot
virtual bool AppleM2ScalerCSCHal::mapRegisterMemory(IOService *): Scaler 0 RegisterMemoryMap[<ptr>]: base=<ptr> physical address = 0x207900000 length = 16384
L2TP domain init
L2TP domain init complete
PPTP domain init
BSD root: md0, major 2, minor 0
apfs_vfsop_mountroot:1549: apfs: mountroot called!
apfs_vfsop_mount:1279: unable to root from devvp <ptr> (root_device): 2
apfs_vfsop_mountroot:1553: apfs: mountroot failed, error: 2
hfs: mounted checkra1nrd on device b(2, 0)

[macbloke]

IP5s on 12.4.4 also stuck at this line hfs: mounted checkra1nrd on device b(2, 0)

[billabongbruno]

Ok, I can help you with this, if you want to. I posted a guide this morning on how to do it, but it got taken down for "piracy". Funny, because there wasn't a single pirated mention, link or whatever in there.

Let me know if you need help with the workaround and we'll find some other way to communicate.

Best regards, Bruno.

[Logankun]

I also want to know the answer to how to fix it.

Ok, I can help you with this, if you want to. I posted a guide this morning on how to do it, but it got taken down for "piracy". Funny, because there wasn't a single pirated mention, link or whatever in there.

Let me know if you need help with the workaround and we'll find some other way to communicate.

Best regards, Bruno.

I also want to know the answer to how to fix it.

[billabongbruno]

@Logankun , does ANY version of checkra1n work for you at all?

[Logankun]

checkra1n 0.9.8 - Kali Linux 2

[ddsFs1]

@Logankun I have exactly the same problem, exactly the same conditions, all versions go through jailbreak normally, and only the problem is with 0.9.8

[Logankun]

@Logankun I have exactly the same problem, exactly the same conditions, all versions go through jailbreak normally, and only the problem is with 0.9.8

You need to try a different version

[tonydope]

Ok, I can help you with this, if you want to. I posted a guide this morning on how to do it, but it got taken down for "piracy". Funny, because there wasn't a single pirated mention, link or whatever in there.

Let me know if you need help with the workaround and we'll find some other way to communicate.

Best regards, Bruno.

i also want to know how to fix that. upd: Found your solution in google cache)

[Logankun]

Ok, I can help you with this, if you want to. I posted a guide this morning on how to do it, but it got taken down for "piracy". Funny, because there wasn't a single pirated mention, link or whatever in there. Let me know if you need help with the workaround and we'll find some other way to communicate. Best regards, Bruno.

i also want to know how to fix that. upd: Found your solution in google cache)

What was written in the search?

[tonydope]

Ok, I can help you with this, if you want to. I posted a guide this morning on how to do it, but it got taken down for "piracy". Funny, because there wasn't a single pirated mention, link or whatever in there. Let me know if you need help with the workaround and we'll find some other way to communicate. Best regards, Bruno.

i also want to know how to fix that. upd: Found your solution in google cache)

What was written in the search?

@billabongbruno profile page -> contributions -> copy link of "Workaround for -20, -31, "Right before trigger", etc - iOS 12.4.5 iPad Mini 3 (and related)" -> paste to the google

[RoyTimes]

i have the same issue

[dskrish]

Worked with Checkra1n version 0.9.7 with Verbose Boot - ON

[kenoButler]

version 0.9.2 worked

[boxofdeath]

Turning off passcode in settings and using version 0.9.6 worked for my iPad Mini 2.

Edit: On my second and third iPad Mini 2 I was having issues with 0.9.6 as well. However, I managed to get a successful load after launching checkra1n and clicking Start while it was still in the boot process.

[masbog]

On My iPad Mini 2 3g, use 0.9.7 version, and enable "safe mode" it's done ☺️

[Siguza]

This is being tracked over at #984, so I'll mark this as a dupe.

[minzique]

Ok, I can help you with this, if you want to. I posted a guide this morning on how to do it, but it got taken down for "piracy". Funny, because there wasn't a single pirated mention, link or whatever in there.

Let me know if you need help with the workaround and we'll find some other way to communicate.

Best regards, Bruno.

Can you tell me how you did it, I've been tryna solve this for hours now and I still can't find a way