mineek / sunst0rm

iOS Tether Downgrader
GNU General Public License v3.0
294 stars 46 forks source link

Error while downgrading, unable to restore [ Unable to send iBSS component: Unable to upload data to device ] #72

Open zyan910 opened 2 years ago

zyan910 commented 2 years ago

Attempted a few times, Is it possible to find the exact issue? (I removed the SEP / Baseband downloading progress in the code)

Last login: Mon Sep 19 00:43:58 on ttys000 (base) zyan910@Zyans-MBP ~ % cd /Users/zyan910/Downloads/sunst0rm-main (base) zyan910@Zyans-MBP sunst0rm-main % python3 sunstorm.py -i /Users/zyan910/Downloads/sunst0rm-main/iPhone_4.7_P3_14.8_18H17_Restore.ipsw -t /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 -r -d D201AP sunst0rm Made by mineek Some code by m1n1exploit [] Extracting IPSW [] Extracting RamDisk rdsk [] Mounting RamDisk /dev/disk4 /Users/zyan910/Downloads/sunst0rm-main/work/ramdisk [] Patching ASR in the RamDisk getting get_asr_patch() [] Image failed signature verification 0x14804c5e1 [] Image passed signature verification 0x14804c5bd [] Assembling arm64 branch [] Writing out patched file to work/patched_asr [] Extracting ASR Ents [] Resigning ASR [] Chmoding ASR [] Copying Patched ASR back to the RamDisk [] Patching Restored External file size: 1049440 getting get_skip_sealing_patch() [] Skipping sealing system volume string at 0xb22fa [] Skipping sealing system volume xref at 0x3129c [] Skipping sealing system volume branch to xref at 0x3123c [] Assembling arm64 branch [] Writing out patched file to work/restored_external_patched [] Extracting Restored External Ents [] Resigning Restored External [] Chmoding Restored External [] Copying Patched Restored External back to the RamDisk [] Detaching RamDisk "disk4" ejected. [] Creating RamDisk Reading work/ramdisk.dmg... IM4P outputted to: work/ramdisk.im4p [] Extracting Kernel Reading work/kernelcache.release.iphone10... [NOTE] Image4 payload data is LZFSE compressed, decompressing... Extracted Image4 payload data to: work/kcache.raw [] Patching Kernel main: Starting... Kernel: Adding AppleFirmwareUpdate img4 signature check patch... get_AppleFirmwareUpdate_img4_signature_check: Entering ... get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" str loc at 0x41522a get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" xref at 0x12173e0 get_AppleFirmwareUpdate_img4_signature_check: Patching "%s::%s() Performing img4 validation outside of workloop" at 0x12173ec

Kernel: Adding AMFI_get_out_of_my_way patch... get_amfi_out_of_my_way_patch: Entering ... get_amfi_out_of_my_way_patch: Kernel-7195 inputted get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x40a18e get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0x11b0270 get_amfi_out_of_my_way_patch: Patching AMFI at 0x11ac6e8 main: Writing out patched file to work/krnl.patched... main: Quitting... [] Rebuilding Kernel Reading work/krnl.patched... Compressing payload using LZSS... IM4P outputted to: work/krnl.im4p [] Done! [?] Do you want to restore the device? (y/n) y [?] Are you in pwndfu with sigchecks removed? (y/n) y [*] Restoring Device Version: v2.0.0-test(19e30c014b2736ed9a5af08d95669a2dc8044bd3-291) img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE Odysseus for 32-bit support: yes Odysseus for 64-bit support: yes [INFO] 64-bit device detected futurerestore init done reading signing ticket /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done User specified to use latest signed SEP Cached /tmp/futurerestore/sep.im4p not found, downloading a new one. Downloading SEP Checking if SEP is being signed... Sending TSS request attempt 1... response successfully received SEP is being signed! User specified to use latest signed baseband Downloading Baseband Checking if Baseband is being signed... [TSSR] User specified to request only a Baseband ticket. Sending TSS request attempt 1... response successfully received Baseband is being signed! Downloading the latest firmware components... Downloading SE firmware Finished downloading the latest firmware components! Found device in DFU mode requesting to get into pwnRecovery later Found device in DFU mode Identified device as d201ap, iPhone10,4 Extracting BuildManifest from iPSW Product version: 14.8 Product build: 18H17 Major: 18 Device supports Image4: true checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID [IMG4TOOL] checking buildidentity 0: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 1: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 2: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "AOP" OK (untrusted) [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted) [IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Multitouch" OK (untrusted) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197: commit sha =aca6cf005c94caf135023263cbb5c61a0081804f: [IMG4TOOL] checking buildidentity 3: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 4: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 5: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 6: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "AOP" OK (untrusted) [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted) [IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Multitouch" OK (untrusted) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197: commit sha =aca6cf005c94caf135023263cbb5c61a0081804f: [IMG4TOOL] checking buildidentity 7: [IMG4TOOL] checking buildidentity matches board ... NO [WARNING] NOT VALIDATING SHSH BLOBS IM4M! [Error] BuildIdentity selected for restore does not match APTicket

BuildIdentity selected for restore: BuildNumber : 18H17 BuildTrain : AzulSecuritySky DeviceClass : d201ap FDRSupport : YES MobileDeviceMinVersion : 1253.100.1 RestoreBehavior : Erase Variant : Customer Erase Install (IPSW)

BuildIdentity is valid for the APTicket: IM4M is not valid for any restore within the Buildmanifest This APTicket can't be used for restoring this firmware [WARNING] NOT VALIDATING SHSH BLOBS! Variant: Customer Erase Install (IPSW) This restore will erase all device data. Device found in DFU Mode. Getting firmware keys for: d201ap Patching iBSS Extracting iBSS.d20.RELEASE.im4p (Firmware/dfu/iBSS.d20.RELEASE.im4p)... payload decrypted Compression detected, uncompressing (bvx2): ok iBoot64Patch: Staring iBoot64Patch! iOS 14 iBoot detected! iBoot64Patch: Inited ibootpatchfinder64! iBoot64Patch: Added sigpatches! iBoot64Patch: Added unlock nvram patch! iBoot64Patch: Added freshnonce patch! iBoot64Patch: has_kernel_load is false! iBoot64Patch: Applying patch=0x180032878 : 000080d2 iBoot64Patch: Applying patch=0x1800328cc : 000080d2 iBoot64Patch: Applying patch=0x18001f8a8 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18001f8f8 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18006a36c : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x180038c64 : 1f2003d5 iBoot64Patch: Patches applied! [WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression Patching iBEC Extracting iBEC.d20.RELEASE.im4p (Firmware/dfu/iBEC.d20.RELEASE.im4p)... payload decrypted Compression detected, uncompressing (bvx2): ok iBoot64Patch: Staring iBoot64Patch! iOS 14 iBoot detected! iBoot64Patch: Inited ibootpatchfinder64! iBoot64Patch: Added sigpatches! iBoot64Patch: Added unlock nvram patch! iBoot64Patch: Added freshnonce patch! iBoot64Patch: has_kernel_load is true! iBoot64Patch: Added debugenabled patch! iBoot64Patch: Added bootarg patch! iBoot64Patch: Applying patch=0x180032878 : 000080d2 iBoot64Patch: Applying patch=0x1800328cc : 000080d2 iBoot64Patch: Applying patch=0x18001f8a8 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18001f8f8 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x18006a36c : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x180038c64 : 1f2003d5 iBoot64Patch: Applying patch=0x180034248 : 200080d2 iBoot64Patch: Applying patch=0x180035854 : b8df3810 iBoot64Patch: Applying patch=0x1800a7448 : 72643d6d6430206e616e642d656e61626c652d7265666f726d61743d307831202d76202d726573746f72652064656275673d30783230313465206b65657073796d733d30783120616d66693d3078666620616d66695f616c6c6f775f616e795f7369676e61747572653d30783120616d66695f6765745f6f75745f6f665f6d795f7761793d3078312063735f656e666f7263656d656e745f64697361626c653d30783100 iBoot64Patch: Patches applied! [WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression Repacking patched iBSS as IMG4 Repacking patched iBEC as IMG4 Sending iBSS (1456228 bytes)... Cleaning up... [exception]: what=ERROR: Unable to send iBSS component: Unable to upload data to device

code=43122756 line=658 file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp commit count=291: commit sha =19e30c014b2736ed9a5af08d95669a2dc8044bd3: Done: restoring failed!

zyan910 commented 2 years ago

Another attempt with a different outcome

Last login: Mon Sep 19 00:44:03 on ttys000 (base) zyan910@Zyans-MBP ~ % cd /Users/zyan910/Downloads/sunst0rm-main (base) zyan910@Zyans-MBP sunst0rm-main % python3 sunstorm.py -i /Users/zyan910/Downloads/sunst0rm-main/iPhone_4.7_P3_14.8_18H17_Restore.ipsw -t /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 -r -d D201AP sunst0rm Made by mineek Some code by m1n1exploit [] Extracting IPSW [] Extracting RamDisk rdsk [] Mounting RamDisk /dev/disk4 /Users/zyan910/Downloads/sunst0rm-main/work/ramdisk [] Patching ASR in the RamDisk getting get_asr_patch() [] Image failed signature verification 0x14804c5e1 [] Image passed signature verification 0x14804c5bd [] Assembling arm64 branch [] Writing out patched file to work/patched_asr [] Extracting ASR Ents [] Resigning ASR [] Chmoding ASR [] Copying Patched ASR back to the RamDisk [] Patching Restored External file size: 1049440 getting get_skip_sealing_patch() [] Skipping sealing system volume string at 0xb22fa [] Skipping sealing system volume xref at 0x3129c [] Skipping sealing system volume branch to xref at 0x3123c [] Assembling arm64 branch [] Writing out patched file to work/restored_external_patched [] Extracting Restored External Ents [] Resigning Restored External [] Chmoding Restored External [] Copying Patched Restored External back to the RamDisk [] Detaching RamDisk "disk4" ejected. [] Creating RamDisk Reading work/ramdisk.dmg... IM4P outputted to: work/ramdisk.im4p [] Extracting Kernel Reading work/kernelcache.release.iphone10... [NOTE] Image4 payload data is LZFSE compressed, decompressing... Extracted Image4 payload data to: work/kcache.raw [] Patching Kernel main: Starting... Kernel: Adding AppleFirmwareUpdate img4 signature check patch... get_AppleFirmwareUpdate_img4_signature_check: Entering ... get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" str loc at 0x41522a get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" xref at 0x12173e0 get_AppleFirmwareUpdate_img4_signature_check: Patching "%s::%s() Performing img4 validation outside of workloop" at 0x12173ec

Kernel: Adding AMFI_get_out_of_my_way patch... get_amfi_out_of_my_way_patch: Entering ... get_amfi_out_of_my_way_patch: Kernel-7195 inputted get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x40a18e get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0x11b0270 get_amfi_out_of_my_way_patch: Patching AMFI at 0x11ac6e8 main: Writing out patched file to work/krnl.patched... main: Quitting... [] Rebuilding Kernel Reading work/krnl.patched... Compressing payload using LZSS... IM4P outputted to: work/krnl.im4p [] Done! [?] Do you want to restore the device? (y/n) y [?] Are you in pwndfu with sigchecks removed? (y/n) y [*] Restoring Device Version: v2.0.0-test(19e30c014b2736ed9a5af08d95669a2dc8044bd3-291) img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE Odysseus for 32-bit support: yes Odysseus for 64-bit support: yes [INFO] 64-bit device detected futurerestore init done reading signing ticket /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done User specified to use latest signed SEP Using cached SEP. Checking if SEP is being signed... Sending TSS request attempt 1... response successfully received SEP is being signed! User specified to use latest signed baseband Downloading Baseband Checking if Baseband is being signed... [TSSR] User specified to request only a Baseband ticket. Sending TSS request attempt 1... response successfully received Baseband is being signed! Downloading the latest firmware components... Downloading SE firmware Finished downloading the latest firmware components! Found device in DFU mode requesting to get into pwnRecovery later Found device in DFU mode Identified device as d201ap, iPhone10,4 Extracting BuildManifest from iPSW Product version: 14.8 Product build: 18H17 Major: 18 Device supports Image4: true checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID [IMG4TOOL] checking buildidentity 0: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 1: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 2: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "AOP" OK (untrusted) [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted) [IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Multitouch" OK (untrusted) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197: commit sha =aca6cf005c94caf135023263cbb5c61a0081804f: [IMG4TOOL] checking buildidentity 3: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 4: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 5: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 6: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "AOP" OK (untrusted) [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted) [IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "Multitouch" OK (untrusted) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197: commit sha =aca6cf005c94caf135023263cbb5c61a0081804f: [IMG4TOOL] checking buildidentity 7: [IMG4TOOL] checking buildidentity matches board ... NO [WARNING] NOT VALIDATING SHSH BLOBS IM4M! [Error] BuildIdentity selected for restore does not match APTicket

BuildIdentity selected for restore: BuildNumber : 18H17 BuildTrain : AzulSecuritySky DeviceClass : d201ap FDRSupport : YES MobileDeviceMinVersion : 1253.100.1 RestoreBehavior : Erase Variant : Customer Erase Install (IPSW)

BuildIdentity is valid for the APTicket: IM4M is not valid for any restore within the Buildmanifest This APTicket can't be used for restoring this firmware [WARNING] NOT VALIDATING SHSH BLOBS! Variant: Customer Erase Install (IPSW) This restore will erase all device data. Device found in DFU Mode. Sending iBSS (1456228 bytes)... [==================================================] 100.0% Booting iBSS, waiting for device to disconnect... Booting iBSS, waiting for device to reconnect... ApNonce pre-hax: INFO: device serial number is C8QVNJWSJC67 Getting ApNonce in recovery mode... cb 61 1e 84 15 f9 08 62 bf 60 0b 89 78 98 8e 34 99 ce 54 ce e0 b6 86 11 65 26 da d2 80 20 f8 91 ApNonce from device doesn't match IM4M nonce, applying hax... Writing generator=0x1111111111111111 to nvram! Sending iBEC (1456228 bytes)... [==================================================] 100.0% Booting iBEC, waiting for device to disconnect... Booting iBEC, waiting for device to reconnect... APnonce post-hax: Getting ApNonce in recovery mode... 27 32 5c 82 58 be 46 e6 9d 9e e5 7f a9 a8 fb c2 8b 87 3d f4 34 e5 e7 02 a8 b2 79 99 55 11 38 ae Successfully set nonce generator: 0x1111111111111111 futurerestore(1217,0x305faf000) malloc: Heap corruption detected, free list is damaged at 0x600001e91b60 Incorrect guard value: 16629806333025528536 futurerestore(1217,0x305faf000) malloc: set a breakpoint in malloc_error_break to debug [] Done! [] Cleaning [*] Done! (base) zyan910@Zyans-MBP sunst0rm-main %

maxkofler commented 2 years ago

You need superuser permissions