search

doronz88 / pymobiledevice3

Pure python3 implementation for working with iDevices (iPhone, etc...).
https://discord.gg/52mZGC3JXJ
GNU General Public License v3.0
1.34k stars 185 forks source link

12.5.5 restore fails to boot RestoreSEP #231

Closed m1stadev closed 1 year ago

m1stadev commented 2 years ago

Test environment

Describe the bug While restoring an iOS device using pymobiledevice3 restore update,

To Reproduce

  1. Restore an iOS device to iOS 12.5.5

Expected behavior A successful restore.

Logs

2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.cli.restore[13244] DEBUG searching among connected devices via lockdownd
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.cli.restore[13244] DEBUG waiting for device to be available in Recovery mode
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.irecv[13244] DEBUG set_configuration: 1
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.irecv[13244] DEBUG set_interface_altsetting: 0 0
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO connected device: <ecid: CENSORED hardware_model: n51ap image4-support: 4>
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG scanning BuildManifest.plist for the correct BuildIdentity
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO fetching TSS record
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry AppleLogo
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry BatteryCharging0
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry BatteryCharging1
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry BatteryFull
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry BatteryLow0
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry BatteryLow1
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry BatteryPlugin
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry DeviceTree
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry KernelCache
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry LLB
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry OS
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RecoveryMode
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RestoreDeviceTree
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RestoreKernelCache
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RestoreLogo
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RestoreRamDisk
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RestoreSEP
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry RestoreTrustCache
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry SEP
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry StaticTrustCache
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry iBEC
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry iBSS
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Applying restore request rules for entry iBoot
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding EPRO=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] DEBUG Adding ESEC=True to TSS entry
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] INFO Sending TSS request...
2022-02-08 20:29:56 Ryzentosh.local urllib3.connectionpool[13244] DEBUG Starting new HTTP connection (1): gs.apple.com:80
2022-02-08 20:29:56 Ryzentosh.local urllib3.connectionpool[13244] DEBUG http://gs.apple.com:80 "POST /TSS/controller?action=2 HTTP/1.1" 200 None
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.tss[13244] INFO response successfully received
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG waiting for device to reconnect...
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.irecv[13244] DEBUG set_configuration: 1
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.irecv[13244] DEBUG set_interface_altsetting: 0 0
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG connected mode: Mode.RECOVERY_MODE_2
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG ECID: CENSORED
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO device booted into recovery
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.ipsw.component[13244] DEBUG NOTE: No path for component iBEC in TSS, will fetch from build_identity
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.img4[13244] INFO Personalizing IMG4 component iBEC...
2022-02-08 20:29:56 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG tag: Tag(nr=22, typ=0, cls=0) ibec
100%|█████████████████████████████████████████| 90/90 [00:00<00:00, 3662.97it/s]
2022-02-08 20:29:57 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG waiting for device to reconnect...
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.irecv[13244] DEBUG set_configuration: 1
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.irecv[13244] DEBUG set_interface_altsetting: 0 0
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG connected mode: Mode.RECOVERY_MODE_2
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO iBoot build-version=bytearray(b'iBoot-4513.270.14\x00')
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO iBoot build-style=bytearray(b'RELEASE\x00')
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.recovery[13244] DEBUG RestoreTrustCache is loaded by iBoot
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.ipsw.component[13244] DEBUG NOTE: No path for component RestoreTrustCache in TSS, will fetch from build_identity
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.img4[13244] INFO Personalizing IMG4 component RestoreTrustCache...
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG tag: Tag(nr=22, typ=0, cls=0) trst
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG Tag found
100%|████████████████████████████████████████████| 2/2 [00:00<00:00, 1192.07it/s]
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO ramdisk-size: bytearray(b'0x10000000\x00')
2022-02-08 20:29:58 Ryzentosh.local pymobiledevice3.restore.ipsw.component[13244] DEBUG NOTE: No path for component RestoreRamDisk in TSS, will fetch from build_identity
2022-02-08 20:29:59 Ryzentosh.local pymobiledevice3.restore.img4[13244] INFO Personalizing IMG4 component RestoreRamDisk...
2022-02-08 20:29:59 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG tag: Tag(nr=22, typ=0, cls=0) rdsk
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 11183/11183 [00:02<00:00, 3866.57it/s]
2022-02-08 20:30:02 Ryzentosh.local pymobiledevice3.restore.recovery[13244] INFO ramdisk-delay: None
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.ipsw.component[13244] DEBUG NOTE: No path for component RestoreDeviceTree in TSS, will fetch from build_identity
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.img4[13244] INFO Personalizing IMG4 component RestoreDeviceTree...
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG tag: Tag(nr=22, typ=0, cls=0) dtre
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG Tag found
100%|██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 14/14 [00:00<00:00, 3843.95it/s]
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.ipsw.component[13244] DEBUG NOTE: No path for component RestoreSEP in TSS, will fetch from build_identity
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.img4[13244] INFO Personalizing IMG4 component RestoreSEP...
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG tag: Tag(nr=22, typ=0, cls=0) sepi
2022-02-08 20:30:04 Ryzentosh.local pymobiledevice3.restore.img4[13244] DEBUG Tag found
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 319/319 [00:00<00:00, 4112.15it/s]
Traceback (most recent call last):
  File "/Users/m1sta/env/lib/python3.9/site-packages/pymobiledevice3/cli/restore.py", line 155, in restore_update
    Restore(ipsw, device, tss=tss, behavior=behavior).update()
  File "/Users/m1sta/env/lib/python3.9/site-packages/pymobiledevice3/restore/restore.py", line 993, in update
    self.recovery.boot_ramdisk()
  File "/Users/m1sta/env/lib/python3.9/site-packages/pymobiledevice3/restore/recovery.py", line 326, in boot_ramdisk
    self.enter_restore()
  File "/Users/m1sta/env/lib/python3.9/site-packages/pymobiledevice3/restore/recovery.py", line 265, in enter_restore
    self.send_component_and_command('RestoreSEP', 'rsepfirmware')
  File "/Users/m1sta/env/lib/python3.9/site-packages/pymobiledevice3/restore/recovery.py", line 162, in send_component_and_command
    self.device.irecv.send_command(command)
  File "/Users/m1sta/env/lib/python3.9/site-packages/pymobiledevice3/irecv.py", line 204, in send_command
    self._device.ctrl_transfer(0x40, 0, 0, 0, cmd.encode() + b'\0', timeout=timeout)
  File "/Users/m1sta/env/lib/python3.9/site-packages/usb/core.py", line 1082, in ctrl_transfer
    ret = self._ctx.backend.ctrl_transfer(
  File "/Users/m1sta/env/lib/python3.9/site-packages/usb/backend/libusb1.py", line 893, in ctrl_transfer
    ret = _check(self.lib.libusb_control_transfer(
  File "/Users/m1sta/env/lib/python3.9/site-packages/usb/backend/libusb1.py", line 604, in _check
    raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 32] Pipe error

Additional context As far as I can tell, this issue only seems to be when restoring to iOS 12.5.5.

doronz88 commented 2 years ago

Thanks for the bug report! I don't have a compatible device to test this on, but it seems this bug occurs because of some race for sending the different software components. Can you verify if this happens repeatedly or just this once?

m1stadev commented 2 years ago

Thanks for the bug report! I don't have a compatible device to test this on, but it seems this bug occurs because of some race for sending the different software components. Can you verify if this happens repeatedly or just this once?

I've verified this issue persists on both devices. I plan to do more testing & find a fix when I get home.

doronz88 commented 2 years ago

@m1stadev I have fixed several stuff all around the recovery's code to support the new Apple Silicon mac updates (eventhough not arround the RestoreSEP part specifically). Can you verify if the problem persists?

m1stadev commented 2 years ago

@m1stadev I have fixed several stuff all around the recovery's code to support the new Apple Silicon mac updates (eventhough not arround the RestoreSEP part specifically). Can you verify if the problem persists?

Unfortunately doesn't look like this fixed the issue. Also, I've noticed that A10 restores no longer work (but still work when using ce971e9)

doronz88 commented 2 years ago

I'm okay with merging the drafted PR that at least fixes that issue

doronz88 commented 2 years ago

Although merging it should be a commit for fix support for >=A10, instead of <A10

doronz88 commented 2 years ago

My bad. Only now noticed you referenced the commit from the master and not from your existing PR

vadimszzz commented 1 year ago

@m1stadev I think futurerestore is better way to do it and as I know you are one of it's contributors.

doronz88 commented 1 year ago

@vadimszzz that's a pymboledevice3 error. Probably something different with the apticket generation on these devices. I would work to fix that (by simply sniffing and comparing with apple configurator) but I don't have a device to test it with.

Also, futurerestore is meant for performing the process for unsigned firmwares, so you probably meant idevicerestore (12.5.5 is still signed on older models)