search

mineek / sunst0rm

iOS Tether Downgrader
GNU General Public License v3.0
294 stars 45 forks source link

Possibly invalid iBSS #70

Open The-God-coder opened 1 year ago

The-God-coder commented 1 year ago

I was trying to downgrade my iphone 7 to IOS 14 but i keep getting an error "Device did not reconnect. Possibly invalid iBSS. Reset device and try again" Heres my full output

python3 sunstorm.py -i iPhone_4.7_P3_14.0_18A373_Restore.ipsw -t 7381211341759782_iPhone9,1_d10ap_15.6.1-19G82_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 -r -d d10ap
sunst0rm
Made by mineek
Some code by m1n1exploit
[*] Extracting IPSW
[*] Extracting RamDisk
rdsk
[*] Mounting RamDisk
/dev/disk2                                              /Users/aniketkokate/Downloads/sunst0rm/work/ramdisk
[*] Patching ASR in the RamDisk
getting get_asr_patch()
[*] Image failed signature verification 0x7f901b04077d
[*] Image passed signature verification 0x7f901b040759
[*] Assembling arm64 branch
[*] Writing out patched file to work/patched_asr
[*] Extracting ASR Ents
[*] Resigning ASR
[*] Chmoding ASR
[*] Copying Patched ASR back to the RamDisk
[*] Patching Restored External
file size: 825664
getting get_skip_sealing_patch()
[*] Skipping sealing system volume string at 0x821b4
[*] Skipping sealing system volume xref at 0x2fac8
[*] Skipping sealing system volume branch to xref at 0x2fa6c
[*] Assembling arm64 branch
[*] Writing out patched file to work/restored_external_patched
[*] Extracting Restored External Ents
[*] Resigning Restored External
[*] Chmoding Restored External
[*] Copying Patched Restored External back to the RamDisk
[*] Detaching RamDisk
"disk2" ejected.
[*] Creating RamDisk
Reading work/ramdisk.dmg...
IM4P outputted to: work/ramdisk.im4p
[*] Extracting Kernel
Reading work/kernelcache.release.iphone9...
[NOTE] Image4 payload data is LZFSE compressed, decompressing...
Extracted Image4 payload data to: work/kcache.raw
[*] Patching Kernel
main: Starting...
main: Detected fat macho kernel
Kernel: Adding AppleFirmwareUpdate img4 signature check patch...
get_AppleFirmwareUpdate_img4_signature_check: Entering ...
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" str loc at 0x950585
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" xref at 0x116092c
get_AppleFirmwareUpdate_img4_signature_check: Patching "%s::%s() Performing img4 validation outside of workloop" at 0x1160938

Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-7195 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x8b42cb
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xf57bfc
get_amfi_out_of_my_way_patch: Patching AMFI at 0xf52db4
main: Writing out patched file to work/krnl.patched...
main: Quitting...
[*] Rebuilding Kernel
Reading work/krnl.patched...
Compressing payload using LZSS...
IM4P outputted to: work/krnl.im4p
[*] Done!
[?] Do you want to restore the device? (y/n)
y
[?] Are you in pwndfu with sigchecks removed? (y/n)
y
[*] Restoring Device
Version: v2.0.0-test(7f732140187bbcecfed3c34ac38185a4096d06d7-290)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
[INFO] 64-bit device detected
daemonManager: suspending invasive macOS daemons...
daemonManager: findProc: found MobileDeviceUpdater!
daemonManager: killing MobileDeviceUpdater.
daemonManager: findProc: found AMPDeviceDiscoveryAgent!
daemonManager: killing AMPDeviceDiscoveryAgent.
daemonManager: done!
futurerestore init done
reading signing ticket 7381211341759782_iPhone9,1_d10ap_15.6.1-19G82_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done
user specified to use latest signed SEP

[TSSC] opening firmwares.json
[DOWN] downloading file https://api.ipsw.me/v2.1/firmwares.json/condensed
[TSSC] opening /tmp/betas_iPhone9,1.json
[DOWN] downloading file https://api.m1sta.xyz/betas/iPhone9,1
[TSSC] selecting latest firmware version: 15.7
[TSSC] got firmwareurl for iOS 15.7 build 19H12
[TSSC] opening Buildmanifest for iPhone9,1_15.7
[DOWN] downloading file https://updates.cdn-apple.com/2022FallFCS/fullrestores/012-38914/C7764173-5CC4-4D58-8F8B-F093F9A060F0/BuildManifest.plist
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
downloading SEP
100 [===================================================================================================>]
[TSSC] opening /tmp/futurerestore/sepManifest.plist
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] User specified to not request a baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1... response successfully received
user specified to use latest signed baseband

[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
downloading Baseband
100 [===================================================================================================>]
ERROR: Unable to connect to device?!
[Error] Unable to find required BbGoldCertId in parameters
[WARNING] using tsschecker's fallback to get BasebandGoldCertID. This might result in invalid baseband signing status information
[TSSC] opening /tmp/futurerestore/basebandManifest.plist
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] User specified to request only a Baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1... response successfully received
Downloading the latest firmware components...
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d10ap, iPhone9,1
Extracting BuildManifest from iPSW
Product version: 14.0
Product build: 18A373 Major: 18
Device supports Image4: true
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP"                     OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo"               BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BasebandFirmware"        IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0"        BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1"        BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin"           BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree"              BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Homer"                   OK (untrusted)
[IMG4TOOL] checking hash for "KernelCache"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB"                     BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid"                  BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "OS"                      BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode"            BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree"       BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache"      BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk"          BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP"              BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache"       BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,Bootloader"           IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SE,Firmware"             IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SE,MigrationOS"          IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SE,OS"                   IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP"                     BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache"        BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume"            BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC"                    BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS"                    BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot"                   BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts"                    IGN (no digest in BuildManifest)

failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha  =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 3:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 4:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 5:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP"                     OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo"               BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BasebandFirmware"        IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0"        BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1"        BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin"           BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree"              BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Homer"                   OK (untrusted)
[IMG4TOOL] checking hash for "KernelCache"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB"                     BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid"                  BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "OS"                      BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode"            BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree"       BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache"      BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo"             BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk"          BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP"              BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache"       BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,Bootloader"           IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SE,Firmware"             IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SE,MigrationOS"          IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SE,OS"                   IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP"                     BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache"        BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume"            BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC"                    BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS"                    BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot"                   BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts"                    IGN (no digest in BuildManifest)

failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha  =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 6:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 7:
[IMG4TOOL] checking buildidentity matches board ... NO
[WARNING] NOT VALIDATING SHSH BLOBS IM4M!
[Error] BuildIdentity selected for restore does not match APTicket

BuildIdentity selected for restore:
BuildNumber : 18A373
BuildTrain : Azul
DeviceClass : d10ap
FDRSupport : YES
MobileDeviceMinVersion : 1253
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)

BuildIdentity is valid for the APTicket:
IM4M is not valid for any restore within the Buildmanifest
This APTicket can't be used for restoring this firmware
[WARNING] NOT VALIDATING SHSH BLOBS!
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
Variant: Customer Erase Install (IPSW)
This restore will erase all device data.
Device found in DFU Mode.
Sending iBSS (522513 bytes)...
[==================================================] 100.0%
Booting iBSS, waiting for device to disconnect...
Booting iBSS, waiting for device to reconnect...
Cleaning up...
[exception]:
what=Device did not reconnect. Possibly invalid iBSS. Reset device and try again
code=46792772
line=714
file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp
commit count=290:
commit sha  =7f732140187bbcecfed3c34ac38185a4096d06d7:
Done: restoring failed!
[*] Done!
[*] Cleaning
[*] Done!

where the error occurs at the bottom here

BuildIdentity is valid for the APTicket:
IM4M is not valid for any restore within the Buildmanifest
This APTicket can't be used for restoring this firmware
[WARNING] NOT VALIDATING SHSH BLOBS!
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Selected BuildIdentity for request
Variant: Customer Erase Install (IPSW)
This restore will erase all device data.
Device found in DFU Mode.
Sending iBSS (522513 bytes)...
[==================================================] 100.0%
Booting iBSS, waiting for device to disconnect...
Booting iBSS, waiting for device to reconnect...
Cleaning up...
[exception]:
what=Device did not reconnect. Possibly invalid iBSS. Reset device and try again
code=46792772
line=714
file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp
commit count=290:
commit sha  =7f732140187bbcecfed3c34ac38185a4096d06d7:
Done: restoring failed!
[*] Done!
[*] Cleaning
[*] Done!

I have an IPhone 7 (9,1) btw and im trying to downgrade to 14.0

Any help would be appreciated i really want to jailbreak because i need to downgrade