kpwn / yalu

incomplete ios 8.4.1 jailbreak by Kim Jong Cracks (8.4.1 codesign & sandbox bypass w/ LPE to root & untether)
384 stars 187 forks source link

Error: zcat: can't stat: ./data/bootstrap.tgz #30

Open schnabelnator opened 8 years ago

schnabelnator commented 8 years ago

Hi, got quite far with the process but now I'm stuck here :(

Copying files to device...
Error opening local file for reading: PhotoData/KimJongCracks/Library/PrivateFrameworks/GPUToolsCore.framework/GPUToolsCore - No such file or directory
Uploaded 92912 bytes to drugs
zcat: can't stat: ./data/bootstrap.tgz (./data/bootstrap.tgz.Z): No such file or directory
Uploaded 0 bytes to PhotoData/KimJongCracks/bootstrap.tar
Uploaded 324288 bytes to PhotoData/KimJongCracks/tar
Tap on the jailbreak icon to crash the kernel (or 0wn it if you're in luck!)

Anyone know how to fix this? Looks to me like it somewhere fails to extract the bootstrap.tgz in the correct directory.... Any help would be appreciated! Thanks

spotlightishere commented 8 years ago

Yep, that's a known issue. There is a pull request open at #29 that should fix it.

Sent from everywhere and nowhere at once.

On Sun, Oct 18, 2015 at 5:54 PM, schnabelnator notifications@github.com wrote:

Hi, got quite far with the process but now I'm stuck here :(

Copying files to device...
Error opening local file for reading: PhotoData/KimJongCracks/Library/PrivateFrameworks/GPUToolsCore.framework/GPUToolsCore - No such file or directory
Uploaded 92912 bytes to drugs
zcat: can't stat: ./data/bootstrap.tgz (./data/bootstrap.tgz.Z): No such file or directory
Uploaded 0 bytes to PhotoData/KimJongCracks/bootstrap.tar
Uploaded 324288 bytes to PhotoData/KimJongCracks/tar
Tap on the jailbreak icon to crash the kernel (or 0wn it if you're in luck!)

Anyone know how to fix this? Looks to me like it somewhere fails to extract the bootstrap.tgz in the correct directory.... Any help would be appreciated!

Thanks

Reply to this email directly or view it on GitHub: https://github.com/kpwn/yalu/issues/30

schnabelnator commented 8 years ago

Unfortunately doesn't fix it for me :( exactly the same error...

spotlightishere commented 8 years ago

Which repo did you try? This one, or @qfdk's fork?

qfdk commented 8 years ago

i think the make.sh is filed, so if you don'thave a magic.dylib, normal GPUToolsCore is missing...

schnabelnator commented 8 years ago

I'm using @qfdk's fork, but I probably cna't get further because I am only trying on a 32-bit device... Thought yalu was ready for all devices after this tweet https://twitter.com/qwertyoruiop/status/655825775850078208 but looks like I'm wrong...

bolo1981 commented 8 years ago

yep, Cydia bootstrap is missing, but u can use openssh bootstrap for gain root acces.

schnabelnator commented 8 years ago

Would it then be possible to install cydia via ssh? If so could you guide me in the right direction, I'm fairly new at this... thanks!

kpwn commented 8 years ago

You can install cydia if you install the untether. For SSH (on your mac):

cd /tmp sudo su

mkdir bootstrap cd bootstrap tar xf find . | grep patcyh | while read x; do rm $x; touch $x; done dpkg-deb -e dpkg-deb -e > sbin/reboot nano sbin/reboot -\- Enter this: #!/bin/sh launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist exit 0 -\- Exit from nano & save the file > usr/bin/uicache tar cf ../bootstrap.tar * You will now have a (hopefully good) SSH bootstrap in /tmp Tap the Jailbreak icon to install the bootstrap. To start SSH, just use idevicediagnostics restart (which execves /sbin/reboot) after doing the kernel exploit by tapping on Jailbreak. To install the untether (via SSH): move /usr/libexec/amfid to /usr/libexec/amfid_ copy /usr/libexec/UserEventAgent to /usr/libexec/amfid copy /usr/libexec/UserEventAgent to your Mac Open up an hex editor, search for "UserEventPlugins", replace with UserEventPluginz ldid the binary, copy to your phone into /usr/libexec/UserEventAgent, chmod +x mv /System/Library/UserEventPlugins /System/Library/UserEventPluginz mkdir /System/Library/UserEventPlugins copy a plugin from UEPluginz to UEPlugins compile dyldmagic_amfid, replace the plugin mach-o with the resulting dylib. Move all launchdeamons except jetsamproperties / mobilefileintegrity / crashhousekeeper to /Library/LaunchDeamons Copy the crashhousekeeper plist to /Library/LaunchDeamons Edit it so it uses a different identifier & exec path Copy /usr/libexec/CrashHousekeeper to the new exec path Replace /usr/libexec/CrashHousekeeper with a symlink to the untether This may brick your device, so I don't suggest using it. I am on XMPP at protectyourneck at jabber dot ccc dot de if you want me to do it for you (so I can also carry out tests to check compatibility with your device).
qfdk commented 8 years ago

Question .

yalubreak iso841 - Kim Jong Cracks Research
Credits:
qwertyoruiop - sb escape & codesign bypass & initial kernel exploit
panguteam: kernel vulns
windknown: kernel exploit & knows it's stuff
_Morpheus_: this guy knows stuff
jk9356: kim jong cracks anthem
JonSeals: crack rocks supply (w/ Frank & haifisch)
ih8sn0w: <3
posixninja: <3
xerub <3
its_not_herpes because thanks god it wasnt herpes
eric fuck off
Kim Jong Un for being Dear Leader.
RIP TTWJ / PYTECH / DISSIDENT
SHOUT OUT @ ALL THE OLD GANGSTAS STILL IN THE JB SCENE
HEROIN IS THE MEANING OF LIFE

BRITTA ROLL UP [no its not pythech!] 
[i] iomasterport: 0x0000070b / gasgauge user client: 0x0000050b
jk++
ret: 28868000
ret: 00000000
ret: 0000000d

i have got this log 5 days ago. I have tried upload bootstrap(ssh), i use tar -czvf bootstrap.tgz * for archiver, but i can't use SSH. Is it the problem of the bootstrap.tar ? i have downloaded (openssh.deb&openssl.deb)==>bootstrap.tgz. i know it will be placed to "/", but i can't connect it. i will try it ,so just add "something " in sbin/reboot?

kpwn commented 8 years ago

ret: 28868000 ret: 00000000 ret: 0000000d

This means the kernel exploit failed to execute, and it's supposed to happen randomly. Just try again until you see more than 5-6 "ret"s being printed

qfdk commented 8 years ago

thx,i have tried it several time, but some time i dont have this log. it means the kernel exploit failed, too?

kpwn commented 8 years ago

I've heard about reports on how using fetchsymbols to dump the dyld cache may increase the reliability of the kernel exploit. Try to do that before running the Jailbreak app.