dora2ios / ipwnder_lite

lightweight ipwnder
90 stars 23 forks source link

Does not work on A9 (iPhone 6S) #6

Closed nick-botticelli closed 2 years ago

nick-botticelli commented 2 years ago

Last time I used this, it did work on the 5C I had, however I cannot get it to work with my 6S (N71mAP). Here is a log:

nick@Nicks-MacBook-Air Other % ipwnder_macosx -p
[main] Waiting for device in DFU mode...
[io_get_serial] Found serial number!
[main] CONNECTED
[main] CPID: 0x8003, BDID: 0x04, STRG: [iBoot-2234.0.0.2.22]
[checkm8_payload] making checkm8 payload with ipwndfu-a9 style
** exploiting with checkm8
[checkm8_s8000] reconnecting
[io_reset] ResetDevice: 0
[io_reset] USBDeviceReEnumerate: 0
[checkm8_s8000] running heap_spray()
[heap_spray] (1/3) e0004051, 10
[heap_spray] (2/3) e0004051
[heap_spray] (3/3) e0004051
[checkm8_s8000] reconnecting
[io_reset] ResetDevice: 0
[io_reset] USBDeviceReEnumerate: 0
[checkm8_s8000] ERROR: Failed to reconnect to device

I have tried restarting my computer, only leaving command prompt on (no other conflicting applications), and tried multiple times without restarting without success. checkra1n does work.

My environment is macOS 12.2 on an M1 MacBook Air (Late 2020).

dora2-iOS commented 2 years ago

I don't have a mac with an m1 chip, so I'm not aware of the problem. but, what happens if use the -e flag? I feel that the problem does not occur with this method.

nick-botticelli commented 2 years ago

I don't have a mac with an m1 chip, so I'm not aware of the problem. but, what happens if use the -e flag? I feel that the problem does not occur with this method.

Looks like -e finished without errors, but Ramiel does not detect it as being in pwndfu mode. That's most likely a different issue (ipwndfu and PyBoot do not work either), so I'm not sure how to test it, but should be good for now. Closing issue.