mineek / sunst0rm

iOS Tether Downgrader
GNU General Public License v3.0
294 stars 46 forks source link

futurerestore not working #62

Open davidluski1007 opened 2 years ago

davidluski1007 commented 2 years ago

I've been getting this error when I try to use the nightly build of futurerestore futurerestore(921,0x1168f6600) malloc: Heap corruption detected, free list is damaged at 0x600002a10580 Incorrect guard value: 13091678336542240272 futurerestore(921,0x1168f6600) malloc: set a breakpoint in malloc_error_break to debug Is there any way to fix this? Also, I'm using the latest futurerestore nightly build: Here is the log: sunst0rm Made by mineek Some code by m1n1exploit [] Extracting IPSW [] Extracting RamDisk rdsk [] Mounting RamDisk /dev/disk2 /Users/davidluski/Downloads/sunst0rm-main 4/work/ramdisk [] Patching ASR in the RamDisk getting get_asr_patch() [] Image failed signature verification 0x7fa3b004071c [] Image passed signature verification 0x7fa3b00406f8 [] Assembling arm64 branch [] Writing out patched file to work/patched_asr [] Extracting ASR Ents [] Resigning ASR [] Chmoding ASR [] Copying Patched ASR back to the RamDisk [] Patching Restored External file size: 1012752 getting get_skip_sealing_patch() [] Skipping sealing system volume string at 0xaaa17 [] Skipping sealing system volume xref at 0x326b0 [] Skipping sealing system volume branch to xref at 0x32654 [] Assembling arm64 branch [] Writing out patched file to work/restored_external_patched [] Extracting Restored External Ents [] Resigning Restored External [] Chmoding Restored External [] Copying Patched Restored External back to the RamDisk [] Detaching RamDisk "disk2" ejected. [] Creating RamDisk Reading work/ramdisk.dmg... IM4P outputted to: work/ramdisk.im4p [] Extracting Kernel Reading work/kernelcache.release.iphone10b... [NOTE] Image4 payload data is LZFSE compressed, decompressing... Extracted Image4 payload data to: work/kcache.raw [] Patching Kernel main: Starting... Kernel: Adding AMFI_get_out_of_my_way patch... get_amfi_out_of_my_way_patch: Entering ... get_amfi_out_of_my_way_patch: Kernel-7195 inputted get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x404a53 get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0x115e8d4 get_amfi_out_of_my_way_patch: Patching AMFI at 0x115afb4 main: Writing out patched file to work/krnl.patched... main: Quitting... [] Rebuilding Kernel Reading work/krnl.patched... Compressing payload using LZSS... IM4P outputted to: work/krnl.im4p [] Done! [?] Do you want to restore the device? (y/n) y [?] Are you in pwndfu with sigchecks removed? (y/n) y [*] Restoring Device Version: v2.0.0-test(https://github.com/futurerestore/futurerestore/commit/7f732140187bbcecfed3c34ac38185a4096d06d7-290) img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE Odysseus for 32-bit support: yes Odysseus for 64-bit support: yes [INFO] 64-bit device detected daemonManager: suspending invasive macOS daemons... daemonManager: findProc: found MobileDeviceUpdater! daemonManager: killing MobileDeviceUpdater. daemonManager: findProc: found AMPDevicesAgent! daemonManager: killing AMPDevicesAgent. daemonManager: findProc: found AMPDeviceDiscoveryAgent! daemonManager: killing AMPDeviceDiscoveryAgent. daemonManager: done! futurerestore init done reading signing ticket /Users/davidluski/Downloads/2587898990118970_iPhone10,6_d221ap_15.6.1-19G82_7269cf71c79667b93b60c97951c037759711d23abed03398ea8f98bbb12f3624.shsh2 is done user specified to use latest signed SEP

[TSSC] opening firmwares.json [DOWN] downloading file https://api.ipsw.me/v2.1/firmwares.json/condensed [TSSC] opening /tmp/betas_iPhone10,6.json [DOWN] downloading file https://api.m1sta.xyz/betas/iPhone10,6 [TSSC] selecting latest firmware version: 15.6.1 [TSSC] got firmwareurl for iOS 15.6.1 build 19G82 [TSSC] opening Buildmanifest for iPhone10,6_15.6.1 [DOWN] downloading file https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/BuildManifest.plist [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request downloading SEP 100 [===========================================================================] [TSSC] opening /tmp/futurerestore/sepManifest.plist [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] User specified to not request a baseband ticket. Request URL set to https://gs.apple.com/TSS/controller?action=2 Sending TSS request attempt 1... response successfully received user specified to use latest signed baseband

[TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request downloading Baseband 100 [===========================================================================] ERROR: Unable to connect to device?! [Error] Unable to find required BbGoldCertId in parameters [WARNING] using tsschecker's fallback to get BasebandGoldCertID. This might result in invalid baseband signing status information [TSSC] opening /tmp/futurerestore/basebandManifest.plist [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] User specified to request only a Baseband ticket. Request URL set to https://gs.apple.com/TSS/controller?action=2 Sending TSS request attempt 1... response successfully received Downloading the latest firmware components... [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request downloading SE firmware 100 [===========================================================================] [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request downloading Savage,B0-Prod-Patch 100 [===========================================================================077 [===========================================================================100 [===================================================================================================>] downloading Savage,B0-Dev-Patch 100 [===========================================================================077 [===========================================================================100 [===================================================================================================>] downloading Savage,B2-Prod-Patch 100 [===========================================================================097 [===========================================================================100 [===================================================================================================>] downloading Savage,B2-Dev-Patch 100 [===========================================================================097 [===========================================================================100 [===================================================================================================>] downloading Savage,BA-Prod-Patch 100 [===========================================================================100 [===================================================================================================>] downloading Savage,BA-Dev-Patch 100 [===========================================================================100 [===================================================================================================>] [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request Finished downloading the latest firmware components! Found device in DFU mode requesting to get into pwnRecovery later Found device in DFU mode Identified device as d221ap, iPhone10,6 Extracting BuildManifest from iPSW Product version: 14.3 Product build: 18C66 Major: 18 Device supports Image4: true [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID [IMG4TOOL] checking buildidentity 0: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "AOP" OK (untrusted) [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted) [IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Multitouch" OK (untrusted) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Savage,B0-Dev-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B0-Dev-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B0-Prod-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B0-Prod-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Dev-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Dev-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Prod-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Prod-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,BA-Dev-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,BA-Prod-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197: commit sha =aca6cf005c94caf135023263cbb5c61a0081804f: [IMG4TOOL] checking buildidentity 1: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 2: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "AOP" OK (untrusted) [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted) [IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Multitouch" OK (untrusted) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Savage,B0-Dev-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B0-Dev-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B0-Prod-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B0-Prod-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Dev-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Dev-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Prod-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,B2-Prod-PatchVT" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,BA-Dev-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "Savage,BA-Prod-Patch" IGN (hash not found in im4m, but ignoring since not explicitly enforced through "Trusted"="YES" tag) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197: commit sha =aca6cf005c94caf135023263cbb5c61a0081804f: [IMG4TOOL] checking buildidentity 3: [IMG4TOOL] checking buildidentity matches board ... NO [WARNING] NOT VALIDATING SHSH BLOBS IM4M! [Error] BuildIdentity selected for restore does not match APTicket

BuildIdentity selected for restore: BuildNumber : 18C66 BuildTrain : AzulC DeviceClass : d221ap FDRSupport : YES MobileDeviceMinVersion : 1253 RestoreBehavior : Erase Variant : Customer Erase Install (IPSW)

BuildIdentity is valid for the APTicket: IM4M is not valid for any restore within the Buildmanifest This APTicket can't be used for restoring this firmware [WARNING] NOT VALIDATING SHSH BLOBS! [TSSR] Checking BuildIdentity 0 [TSSR] Selected BuildIdentity for request Variant: Customer Erase Install (IPSW) This restore will erase all device data. Device found in DFU Mode. Getting firmware keys for: d221ap Patching iBSS Extracting iBSS.d22.RELEASE.im4p (Firmware/dfu/iBSS.d22.RELEASE.im4p)... payload decrypted Compression detected, uncompressing (bvx2): ok iBoot64Patch: Staring iBoot64Patch! iOS 14 iBoot detected! iBoot64Patch: Inited ibootpatchfinder64! iBoot64Patch: Added sigpatches! iBoot64Patch: Added unlock nvram patch! iBoot64Patch: Added freshnonce patch! iBoot64Patch: has_kernel_load is false! iBoot64Patch: Applying patch=0x180032914 : 000080d2 iBoot64Patch: Applying patch=0x180032960 : 000080d2 iBoot64Patch: Applying patch=0x18001f908 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18001f958 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18006ba84 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x180038c58 : 1f2003d5 iBoot64Patch: Patches applied! [WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression Patching iBEC Extracting iBEC.d22.RELEASE.im4p (Firmware/dfu/iBEC.d22.RELEASE.im4p)... payload decrypted Compression detected, uncompressing (bvx2): ok iBoot64Patch: Staring iBoot64Patch! iOS 14 iBoot detected! iBoot64Patch: Inited ibootpatchfinder64! iBoot64Patch: Added sigpatches! iBoot64Patch: Added unlock nvram patch! iBoot64Patch: Added freshnonce patch! iBoot64Patch: has_kernel_load is true! iBoot64Patch: Added debugenabled patch! iBoot64Patch: Added bootarg patch! iBoot64Patch: Applying patch=0x180032914 : 000080d2 iBoot64Patch: Applying patch=0x180032960 : 000080d2 iBoot64Patch: Applying patch=0x18001f908 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18001f958 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18006ba84 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x180038c58 : 1f2003d5 iBoot64Patch: Applying patch=0x18003443c : 200080d2 iBoot64Patch: Applying patch=0x180035828 : 29535230 iBoot64Patch: Applying patch=0x1800da28d : 72643d6d6430206e616e642d656e61626c652d7265666f726d61743d307831202d76202d726573746f72652064656275673d30783230313465206b65657073796d733d30783120616d66693d3078666620616d66695f616c6c6f775f616e795f7369676e61747572653d30783120616d66695f6765745f6f75745f6f665f6d795f7761793d3078312063735f656e666f7263656d656e745f64697361626c653d30783100 iBoot64Patch: Applying patch=0x180035834 : f30309aa iBoot64Patch: Applying patch=0x180035924 : 534b5230 iBoot64Patch: Patches applied! [WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression Repacking patched iBSS as IMG4 Repacking patched iBEC as IMG4 Sending iBSS (1471381 bytes)... [==================================================] 100.0% Booting iBSS, waiting for device to disconnect... Booting iBSS, waiting for device to reconnect... ApNonce pre-hax: INFO: device serial number is F2MVP4DZJCLH Getting ApNonce in recovery mode... 72 69 cf 71 c7 96 67 b9 3b 60 c9 79 51 c0 37 75 97 11 d2 3a be d0 33 98 ea 8f 98 bb b1 2f 36 24 Sending iBEC (1471381 bytes)... [==================================================] 100.0% Booting iBEC, waiting for device to disconnect... Booting iBEC, waiting for device to reconnect... APNonce from device already matches IM4M nonce, no need for extra hax... Successfully set nonce generator: 0x3a76563e7dde61d8 Extracting filesystem from iPSW [==================================================] 100.0% Getting SepNonce in recovery mode... c5 8a 7f 81 ff 27 5c 7f a2 f9 66 11 d0 fe a3 cd 4b 2b ad e2 Getting ApNonce in recovery mode... 72 69 cf 71 c7 96 67 b9 3b 60 c9 79 51 c0 37 75 97 11 d2 3a be d0 33 98 ea 8f 98 bb b1 2f 36 24 Recovery Mode Environment: iBoot build-version=iBoot-6723.62.3 iBoot build-style=RELEASE Sending RestoreLogo... Extracting applelogo@3xiphone.im4p (Firmware/all_flash/applelogo@3xiphone.im4p)... Personalizing IMG4 component RestoreLogo... Sending RestoreLogo (20651 bytes)... ramdisk-size=0x20000000 1337 CUSTOM RAMDISK! Personalizing IMG4 component RestoreRamDisk... Sending RestoreRamDisk (104124681 bytes)... Extracting adc-nike-d22.im4p (Firmware/isp_bni/adc-nike-d22.im4p)... Personalizing IMG4 component ISP... Sending ISP (13269959 bytes)... Extracting 038-83284-083.dmg.trustcache (Firmware/038-83284-083.dmg.trustcache)... Personalizing IMG4 component RestoreTrustCache... Sending RestoreTrustCache (12226 bytes)... Extracting DeviceTree.d221ap.im4p (Firmware/all_flash/DeviceTree.d221ap.im4p)... Personalizing IMG4 component RestoreDeviceTree... Sending RestoreDeviceTree (40676 bytes)... 1337 CUSTOM KERNEL! Personalizing IMG4 component RestoreKernelCache... Sending RestoreKernelCache (18721165 bytes)... getting SEP ticket Trying to fetch new SHSH blob futurerestore(921,0x1168f6600) malloc: Heap corruption detected, free list is damaged at 0x600002a10580 Incorrect guard value: 13091678336542240272 futurerestore(921,0x1168f6600) malloc: set a breakpoint in malloc_error_break to debug [] Done! [] Cleaning [*] Done!

Beast9265 commented 2 years ago

imagine getting malloc error lol

Baftastic commented 2 years ago

U can tell your setup? what do you used, what do you tried, what hardware? usbc, or usba?