search

gymbonem / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

ldid error util/ldid.cpp(578): _assert(2:false) #32

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.  sh make_ramdisk_n88ap.sh 

What is the expected output? What do you see instead?

Found iOS SDK 4.3
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.0.1 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.2.1 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS4.3.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
device_infos device_infos.c device_info.c IOAESAccelerator.c 
AppleEffaceableStorage.c AppleKeyStore.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c 
bsdcrypto/key_wrap.c bsdcrypto/rijndael.c util.c IOKit.c registry.c
device_infos.c: In function ‘main’:
device_infos.c:9: warning: initialization discards qualifiers from pointer 
target type
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ld: warning: ignoring file 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.2.1, file was built for unsupported file format which is not the architecture 
being linked (arm)
ld: warning: ignoring file 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2, file was built for unsupported file format which is not the 
architecture being linked (arm)
ldid -S device_infos
util/ldid.cpp(578): _assert(2:false)
util/ldid.cpp(583): _assert(0:WIFEXITED(status))
make: *** [device_infos] Trace/BPT trap: 5
make: *** Deleting file `device_infos'
Archive:  
/Users/nilsschmitt/iphone-dataprotection2/iPhone2,1_5.0_9A334_Restore.ipsw
  inflating: 018-7919-343.dmg        
TAG: TYPE OFFSET 14 data_length:4
TAG: DATA OFFSET 34 data_length:1039000
TAG: SEPO OFFSET 1039040 data_length:4
TAG: KBAG OFFSET 103905c data_length:38
KBAG cryptState=1 aesType=100
TAG: KBAG OFFSET 10390a8 data_length:38
TAG: SHSH OFFSET 103910c data_length:80
TAG: CERT OFFSET 1039198 data_length:79e
Decrypting DATA section
Decrypted data seems OK : ramdisk
/dev/disk1                                              /Volumes/ramdisk
cp: ramdisk_tools/restored_external: No such file or directory
You can boot the ramdisk using the following command (fix paths)
redsn0w -i 
/Users/nilsschmitt/iphone-dataprotection2/iPhone2,1_5.0_9A334_Restore.ipsw -r 
myramdisk.dmg -k kernelcache.release.n88.patched

What version of the product are you using? On what operating system?

I installed SDK 4.3 instead of SDK 5.0 to get arm-apple-darwin10-gcc-4.0.1 
(this file does not exists in the xCode 4.2 Developer Folder)

OSX 10.7.2

Please provide any additional information below.

This is what I get with SDK 5: 
(there is no arm-apple-darwin10-gcc-4.0.1 in this folder)

make_ramdisk_n88ap.sh Found iOS SDK 5.0 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.0.1 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation? -framework Security -O3 -I. -o 
device_infos device_infos.c device_info.c IOAESAccelerator.c 
AppleEffaceableStorage?.c AppleKeyStore?.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c 
bsdcrypto/key_wrap.c bsdcrypto/rijndael.c util.c IOKit.c registry.c make: 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-gcc-
4.0.1: No such file or directory make: device_infos? Error 1 Archive: 
/Users/user/iphone-dataprotection/iPhone2,1_5.0_9A334_Restore.ipsw

inflating: 018-7919-343.dmg
TAG: TYPE OFFSET 14 data_length:4 TAG: DATA OFFSET 34 data_length:1039000 TAG: 
SEPO OFFSET 1039040 data_length:4 TAG: KBAG OFFSET 103905c data_length:38 KBAG 
cryptState=1 aesType=100 TAG: KBAG OFFSET 10390a8 data_length:38 TAG: SHSH 
OFFSET 103910c data_length:80 TAG: CERT OFFSET 1039198 data_length:79e 
Decrypting DATA section Decrypted data seems OK : ramdisk mount_fusefs: mount 
point /private/tmp/img3 is itself on a MacFUSE volume /dev/disk1 
/Volumes/ramdisk cp: ramdisk_tools/restored_external: No such file or directory 
You can boot the ramdisk using the following command (fix paths)

Original issue reported on code.google.com by m...@nils-schmitt.de on 29 Nov 2011 at 8:52

GoogleCodeExporter commented 8 years ago 
Can you try with the latest revision (run the "hg fetch" command).
The Makefile was modified so it should find the right compiler for iOS 5 SDK.
Otherwise just modifiy the Makefile to point to the right compiler.

Original comment by jean.sig...@gmail.com on 11 Dec 2011 at 10:29

GoogleCodeExporter commented 8 years ago 
I tried it and I got the following result:

Found iOS SDK 5.0
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
device_infos device_infos.c device_info.c IOAESAccelerator.c 
AppleEffaceableStorage.c AppleKeyStore.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c 
bsdcrypto/key_wrap.c bsdcrypto/rijndael.c util.c IOKit.c registry.c
device_infos.c: In function ‘main’:
device_infos.c:9: warning: initialization discards qualifiers from pointer 
target type
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -S device_infos
util/ldid.cpp(578): _assert(2:false)
util/ldid.cpp(583): _assert(0:WIFEXITED(status))
make: *** [device_infos] Trace/BPT trap: 5
make: *** Deleting file `device_infos'
Archive:  
/Users/nilsschmitt/iphone-dataprotection/iPad1,1_5.0_9A334_Restore.ipsw
  inflating: 018-7923-347.dmg        
TAG: TYPE OFFSET 14 data_length:4
TAG: DATA OFFSET 34 data_length:104b000
TAG: SEPO OFFSET 104b040 data_length:4
TAG: KBAG OFFSET 104b05c data_length:38
KBAG cryptState=1 aesType=100
TAG: KBAG OFFSET 104b0a8 data_length:38
TAG: SHSH OFFSET 104b10c data_length:80
TAG: CERT OFFSET 104b198 data_length:794
Decrypting DATA section
Decrypted data seems OK : ramdisk
mount_fusefs: mount point /private/tmp/img3 is itself on a MacFUSE volume
/dev/disk1                                              /Volumes/ramdisk
cp: ramdisk_tools/restored_external: No such file or directory
You can boot the ramdisk using the following command (fix paths)
redsn0w -i 
/Users/nilsschmitt/iphone-dataprotection/iPad1,1_5.0_9A334_Restore.ipsw -r 
myramdisk.dmg -k kernelcache.release.k48.patched

Could this be the error?
cp: ramdisk_tools/restored_external: No such file or directory

how can I fix this error?
there is a file named restored_external.c in this folder.

Original comment by m...@nils-schmitt.de on 12 Dec 2011 at 11:58

GoogleCodeExporter commented 8 years ago 
util/ldid.cpp(578): _assert(2:false)
util/ldid.cpp(583): _assert(0:WIFEXITED(status))

this seems to be the error, try using the ldid version linked in the README 
page.

Original comment by jean.sig...@gmail.com on 14 Dec 2011 at 4:09

GoogleCodeExporter commented 8 years ago 
do you mean this:
curl -O http://networkpx.googlecode.com/files/ldid
?

here is our full procedure:

Nils:~ nilsschmitt$ curl -O http://networkpx.googlecode.com/files/ldid  % Total 
   % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 32016  100 32016    0     0  30095      0  0:00:01  0:00:01 --:--:-- 45412
Nils:~ nilsschmitt$ chmod +x ldidNils:~ nilsschmitt$ sudo mv ldid 
/usr/bin/Nils:~ nilsschmitt$ curl -O -L 
https://github.com/downloads/osxfuse/osxfuse/OSXFUSE-2.3.4.dmg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 4719k  100 4719k    0     0   462k      0  0:00:10  0:00:10 --:--:--  480k
Nils:~ nilsschmitt$ hdiutil mount OSXFUSE-2.3.4.dmg
/dev/disk1                                              /Volumes/FUSE for OS X
Nils:~ nilsschmitt$ sudo installer -pkg /Volumes/FUSE\ for\ OS\ X/Install\ 
OSXFUSE\ 2.3.pkg -target /
installer: Package name is FUSE for OS X (OSXFUSE)
installer: Upgrading at base path /
installer: The upgrade was successful.
Nils:~ nilsschmitt$ hdiutil eject /Volumes/FUSE\ for\ OS\ X/
"disk1" unmounted.
"disk1" ejected.
Nils:~ nilsschmitt$ sudo ARCHFLAGS='-arch i386 -arch x86_64' easy_install 
pycrypto
Searching for pycrypto
Best match: pycrypto 2.4.1
Processing pycrypto-2.4.1-py2.7-macosx-10.7-intel.egg
pycrypto 2.4.1 is already the active version in easy-install.pth

Using 
/Library/Python/2.7/site-packages/pycrypto-2.4.1-py2.7-macosx-10.7-intel.egg
Processing dependencies for pycrypto
Finished processing dependencies for pycrypto
Nils:~ nilsschmitt$ sudo easy_install M2crypto construct progressbar
Searching for M2crypto
Best match: M2Crypto 0.21.1
Processing M2Crypto-0.21.1-py2.7-macosx-10.7-intel.egg
M2Crypto 0.21.1 is already the active version in easy-install.pth

Using 
/Library/Python/2.7/site-packages/M2Crypto-0.21.1-py2.7-macosx-10.7-intel.egg
Processing dependencies for M2crypto
Finished processing dependencies for M2crypto
Searching for construct
Best match: construct 2.06
Processing construct-2.06-py2.7.egg
construct 2.06 is already the active version in easy-install.pth

Using /Library/Python/2.7/site-packages/construct-2.06-py2.7.egg
Processing dependencies for construct
Finished processing dependencies for construct
Searching for progressbar
Best match: progressbar 2.3
Processing progressbar-2.3-py2.7.egg
progressbar 2.3 is already the active version in easy-install.pth

Using /Library/Python/2.7/site-packages/progressbar-2.3-py2.7.egg
Processing dependencies for progressbar
Finished processing dependencies for progressbar
Nils:~ nilsschmitt$ hg clone https://code.google.com/p/iphone-dataprotection/ 
warning: code.google.com certificate with fingerprint 
8f:c0:79:e8:14:77:7f:68:8b:a4:c8:07:d9:bd:67:d6:2a:f7:1a:eb not verified (check 
hostfingerprints or web.cacerts config setting)
Zielverzeichnis: iphone-dataprotection
Fordere alle Änderungen an
Füge Änderungssätze hinzu
Füge Manifeste hinzu
Füge Dateiänderungen hinzu
Fügte 33 Änderungssätze mit 1907 Änderungen an 1832 Dateien hinzu
Aktualisiere auf Zweig default
120 Dateien aktualisiert, 0 Dateien zusammengeführt, 0 Dateien entfernt, 0 
Dateien ungelöst
Nils:~ nilsschmitt$ cd iphone-dataprotection
Nils:iphone-dataprotection nilsschmitt$ make -C img3fs/
gcc -o img3fs img3fs.c -Wall -lfuse_ino64 -lcrypto -I/usr/local/include/osxfuse 
|| gcc -o img3fs img3fs.c -Wall -losxfuse_i64 -lcrypto 
-I/usr/local/include/osxfuse
img3fs.c: In function ‘img3_check_decrypted_data’:
img3fs.c:100: warning: pointer targets in passing argument 2 of ‘strncmp’ 
differ in signedness
img3fs.c:104: warning: pointer targets in passing argument 2 of ‘strncmp’ 
differ in signedness
img3fs.c:108: warning: pointer targets in passing argument 2 of ‘strncmp’ 
differ in signedness
img3fs.c: In function ‘img3_init’:
img3fs.c:284: warning: pointer targets in passing argument 3 of 
‘EVP_DecryptUpdate’ differ in signedness
img3fs.c: In function ‘img3_destroy’:
img3fs.c:310: warning: pointer targets in passing argument 3 of 
‘EVP_EncryptUpdate’ differ in signedness
Nils:iphone-dataprotection nilsschmitt$ curl -O -L 
https://sites.google.com/a/iphone-dev.com/files/home/redsn0w_mac_0.9.9b8.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 14.6M  100 14.6M    0     0   357k      0  0:00:41  0:00:41 --:--:--  379k
Nils:iphone-dataprotection nilsschmitt$ unzip redsn0w_mac_0.9.9b8.zip
Archive:  redsn0w_mac_0.9.9b8.zip
   creating: redsn0w_mac_0.9.9b8/
  inflating: redsn0w_mac_0.9.9b8/.DS_Store  
  inflating: redsn0w_mac_0.9.9b8/boot-ipt4g.command  
  inflating: redsn0w_mac_0.9.9b8/credits.txt  
   creating: redsn0w_mac_0.9.9b8/redsn0w.app/
   creating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/Info.plist  
   creating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/bn.tar.gz  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/bootlogo.png  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/bootlogox2.png  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/Cydia.tar.gz  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/Keys.plist  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/progresslogo.png  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/rd.tar  
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/redsn0w  
 extracting: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/PkgInfo  
   creating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/Resources/
  inflating: redsn0w_mac_0.9.9b8/redsn0w.app/Contents/Resources/redsn0w.icns  
Nils:iphone-dataprotection nilsschmitt$ cp 
redsn0w_mac_0.9.9b8/redsn0w.app/Contents/MacOS/Keys.plist .
Nils:iphone-dataprotection nilsschmitt$ python python_scripts/kernel_patcher.py 
/Users/nilsschmitt/iphone-dataprotection.ipad/iPad1\,1_5.0_9A334_Restore.ipsw
Decrypting kernelcache.release.k48
Unpacking ...
Doing CSED patch
Doing getxattr system patch
Doing _PE_i_can_has_debugger patch
Doing IOAESAccelerator enable UID patch
Doing AMFI patch
Patched kernel written to kernelcache.release.k48.patched
Created script make_ramdisk_k48ap.sh, you can use it to (re)build the ramdisk
Nils:iphone-dataprotection nilsschmitt$ 
/Users/nilsschmitt/iphone-dataprotection/make_ramdisk_k48ap.sh
-bash: /Users/nilsschmitt/iphone-dataprotection/make_ramdisk_k48ap.sh: 
Permission denied
Nils:iphone-dataprotection nilsschmitt$ sh 
/Users/nilsschmitt/iphone-dataprotection/make_ramdisk_k48ap.sh
Found iOS SDK 5.0
ln -s /System/Library/Frameworks/IOKit.framework/Versions/Current/Headers IOKit
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
device_infos device_infos.c device_info.c IOAESAccelerator.c 
AppleEffaceableStorage.c AppleKeyStore.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c 
bsdcrypto/key_wrap.c bsdcrypto/rijndael.c util.c IOKit.c registry.c
device_infos.c: In function ‘main’:
device_infos.c:9: warning: initialization discards qualifiers from pointer 
target type
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -S device_infos
util/ldid.cpp(578): _assert(2:false)
util/ldid.cpp(583): _assert(0:WIFEXITED(status))
make: *** [device_infos] Trace/BPT trap: 5
make: *** Deleting file `device_infos'
Downloading ssh.tar.gz from googlecode
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3022k  100 3022k    0     0   384k      0  0:00:07  0:00:07 --:--:--  442k
Archive:  
/Users/nilsschmitt/iphone-dataprotection.ipad/iPad1,1_5.0_9A334_Restore.ipsw
  inflating: 018-7923-347.dmg        
TAG: TYPE OFFSET 14 data_length:4
TAG: DATA OFFSET 34 data_length:104b000
TAG: SEPO OFFSET 104b040 data_length:4
TAG: KBAG OFFSET 104b05c data_length:38
KBAG cryptState=1 aesType=100
TAG: KBAG OFFSET 104b0a8 data_length:38
TAG: SHSH OFFSET 104b10c data_length:80
TAG: CERT OFFSET 104b198 data_length:794
Decrypting DATA section
Decrypted data seems OK : ramdisk
mount_fusefs: mount point /private/tmp/img3 is itself on a MacFUSE volume
/dev/disk1                                              /Volumes/ramdisk
cp: ramdisk_tools/restored_external: No such file or directory
You can boot the ramdisk using the following command (fix paths)
redsn0w -i 
/Users/nilsschmitt/iphone-dataprotection.ipad/iPad1,1_5.0_9A334_Restore.ipsw -r 
myramdisk.dmg -k kernelcache.release.k48.patched
Nils:iphone-dataprotection nilsschmitt$

Original comment by m...@nils-schmitt.de on 14 Dec 2011 at 4:21

GoogleCodeExporter commented 8 years ago 
Can you try running this command:
whereis codesign_allocate
And post the output, thanks

Original comment by jean.sig...@gmail.com on 14 Dec 2011 at 4:46

GoogleCodeExporter commented 8 years ago 
here is it:

nils:~ nilsschmitt$ whereis codesign_allocate
nils:~ nilsschmitt$ 

it gives no output.

Original comment by m...@nils-schmitt.de on 14 Dec 2011 at 5:20

GoogleCodeExporter commented 8 years ago 
ok, maybe its because you did not install "unix tools" with xcode.
Can you try the command 
sudo ln -s 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate 
/usr/bin

(from http://blog.widmann.org.uk/2011/11/24/4676/)

Original comment by jean.sig...@gmail.com on 14 Dec 2011 at 5:24

GoogleCodeExporter commented 8 years ago 
nils:~ nilsschmitt$ sudo ln -s 
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate 
/usr/bin
Password:
nils:~ nilsschmitt$ 

i double-check the Xcode installation now

Original comment by m...@nils-schmitt.de on 14 Dec 2011 at 9:05

GoogleCodeExporter commented 8 years ago 
I think that worked for me!

Found iOS SDK 5.0
ln -s /System/Library/Frameworks/IOKit.framework/Versions/Current/Headers IOKit
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
device_infos device_infos.c device_info.c IOAESAccelerator.c 
AppleEffaceableStorage.c AppleKeyStore.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c 
bsdcrypto/key_wrap.c bsdcrypto/rijndael.c util.c IOKit.c registry.c
device_infos.c: In function ‘main’:
device_infos.c:9: warning: initialization discards qualifiers from pointer 
target type
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -S device_infos
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
restored_external restored_external.c device_info.c remote_functions.c 
plist_server.c AppleKeyStore.c AppleEffaceableStorage.c IOKit.c 
IOAESAccelerator.c util.c registry.c AppleKeyStore_kdf.c bsdcrypto/pbkdf2.c 
bsdcrypto/sha1.c bsdcrypto/rijndael.c bsdcrypto/key_wrap.c
restored_external.c: In function ‘init_usb’:
restored_external.c:34: warning: implicit declaration of function 
‘IOUSBDeviceDescriptionCopyInterfaces’
restored_external.c:34: warning: initialization makes pointer from integer 
without a cast
restored_external.c:89: warning: value computed is not used
restored_external.c:91: warning: value computed is not used
restored_external.c:93: warning: value computed is not used
restored_external.c:95: warning: value computed is not used
restored_external.c:97: warning: value computed is not used
remote_functions.c: In function ‘keybag_get_passcode_key’:
remote_functions.c:140: warning: pointer targets in passing argument 2 of 
‘AppleKeyStore_getPasscodeKey’ differ in signedness
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
AppleKeyStore_kdf.c: In function ‘AppleKeyStore_getPasscodeKey’:
AppleKeyStore_kdf.c:31: warning: pointer targets in passing argument 3 of 
‘pkcs5_pbkdf2’ differ in signedness
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -Skeystore_device.xml restored_external
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
bruteforce systemkb_bruteforce.c AppleKeyStore.c AppleEffaceableStorage.c 
IOKit.c IOAESAccelerator.c util.c registry.c AppleKeyStore_kdf.c 
bsdcrypto/pbkdf2.c bsdcrypto/sha1.c bsdcrypto/rijndael.c bsdcrypto/key_wrap.c 
device_info.c
systemkb_bruteforce.c: In function ‘saveKeybagInfos’:
systemkb_bruteforce.c:27: warning: implicit declaration of function 
‘device_info’
systemkb_bruteforce.c:27: warning: initialization makes pointer from integer 
without a cast
systemkb_bruteforce.c: In function ‘main’:
systemkb_bruteforce.c:202: warning: implicit declaration of function 
‘AppleKeyStore_getClassKeys’
systemkb_bruteforce.c:202: warning: initialization makes pointer from integer 
without a cast
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
AppleKeyStore_kdf.c: In function ‘AppleKeyStore_getPasscodeKey’:
AppleKeyStore_kdf.c:31: warning: pointer targets in passing argument 3 of 
‘pkcs5_pbkdf2’ differ in signedness
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -Skeystore_device.xml bruteforce
Downloading ssh.tar.gz from googlecode
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3022k  100 3022k    0     0   712k      0  0:00:04  0:00:04 --:--:--  739k
Archive:  
/Users/nilsschmitt/iphone-dataprotection/iPad1,1_5.0_9A334_Restore.ipsw
  inflating: 018-7923-347.dmg        
TAG: TYPE OFFSET 14 data_length:4
TAG: DATA OFFSET 34 data_length:104b000
TAG: SEPO OFFSET 104b040 data_length:4
TAG: KBAG OFFSET 104b05c data_length:38
KBAG cryptState=1 aesType=100
TAG: KBAG OFFSET 104b0a8 data_length:38
TAG: SHSH OFFSET 104b10c data_length:80
TAG: CERT OFFSET 104b198 data_length:794
Decrypting DATA section
Decrypted data seems OK : ramdisk
/dev/disk1                                              /Volumes/ramdisk
"disk1" unmounted.
"disk1" ejected.
myramdisk.dmg created
You can boot the ramdisk using the following command (fix paths)
redsn0w -i 
/Users/nilsschmitt/iphone-dataprotection/iPad1,1_5.0_9A334_Restore.ipsw -r 
myramdisk.dmg -k kernelcache.release.k48.patched
nils:iphone-dataprotection nilsschmitt$ 

I just booted the device with the myramdisk.dmg and it works!

this command is not found:
python python_scripts/demo_bruteforce.py

but i just typed
./bruteforce 

and this worked fine!

JEAN, THANK YOU FOR YOUR HELP!!

Original comment by m...@nils-schmitt.de on 14 Dec 2011 at 9:44

GoogleCodeExporter commented 8 years ago

Original comment by jean.sig...@gmail.com on 15 Dec 2011 at 9:46