nabla-c0d3 / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
39 stars 14 forks source link

Cannot mount data/system #119

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. built ramdisk and patched kernel
2. Booted both via redsn0w
3. Cannot mount either partitions

What is the expected output? What do you see instead?
Mount partitions 

This problems seems to only happen the iphone 4 CDMA models as I seen quite a 
few of them with this issue. 

Here is more info:

-sh-4.0# ./mount_partitions.sh
Error mounting partitions. Please try it manually
-sh-4.0# ls /dev
aes_0    btwake          cu.highland-park  mux.spi-baseband  ptyp2  ptyp8  ptype         
 tty.builtin-serial4  ttyp0  ttyp6  ttypc        uart.builtin-serial4  urandom
bpf0     console         cu.iap        null      ptyp3  ptyp9  ptypf          tty.debug        
ttyp1  ttyp7  ttypd      uart.debug        vn0
bpf1     cu.bluetooth        cu.umts           pf        ptyp4  ptypa  random         
tty.gas-gauge      ttyp2  ttyp8  ttype       uart.gas-gauge        vn1
bpf2     cu.builtin-serial4  fsevents          ptmx      ptyp5  ptypb  rmd0       
tty.highland-park    ttyp3  ttyp9  ttypf         uart.highland-park    zero
bpf3     cu.debug        klog          ptyp0         ptyp6  ptypc  tty        tty.iap          
ttyp4  ttypa  ttys000    uart.iap
btreset  cu.gas-gauge        md0           ptyp1         ptyp7  ptypd  tty.bluetooth  
tty.umts           ttyp5  ttypb  uart.bluetooth  uart.umts
-sh-4.0# ./device_infos 
FAIL: Could not get AppleEffaceableStorage service
IOConnectCallMethod on AppleEffaceableStorage selector 1 returned 10000003
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" 
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>DKey</key>
    <string>0000000000000000000000000000000000000000000000000000000000000000</string>
    <key>ECID</key>
    <integer>4079348125099</integer>
    <key>EMF</key>
    <string>0000000000000000000000000000000000000000000000000000000000000000</string>
    <key>btMac</key>
    <string>00:00:00:00:00:00</string>
    <key>dataVolumeOffset</key>
    <integer>0</integer>
    <key>dataVolumeUUID</key>
    <string>0000000000000000</string>
    <key>hwModel</key>
    <string>N92AP</string>
    <key>kern.bootargs</key>
    <string>rd=md0 pio-error=0 -v  </string>
    <key>key835</key>
    <string>70b150e5cf0c8fbbd27f83c450d13d98</string>
    <key>key89A</key>
    <string>0acf91245bcdccb7045a0b8f05240d39</string>
    <key>key89B</key>
    <string>eee3e48482ff53564824b013c3aad036</string>
    <key>nand</key>
    <dict>
        <key>#block-pages</key>
        <integer>128</integer>
        <key>#bootloader-bytes</key>
        <integer>1536</integer>
        <key>#ce</key>
        <integer>2</integer>
        <key>#ce-blocks</key>
        <integer>4128</integer>
        <key>#page-bytes</key>
        <integer>8192</integer>
        <key>#spare-bytes</key>
        <integer>32</integer>
        <key>banks-per-ce</key>
        <integer>2</integer>
        <key>bbt-format</key>
        <integer>10</integer>
        <key>boot-from-nand</key>
        <data>
        AQAAAA==
        </data>
        <key>device-readid</key>
        <integer>3298556792912</integer>
        <key>dumpedPageSize</key>
        <integer>8216</integer>
        <key>is-bfn-partitioned</key>
        <false/>
        <key>meta-per-logical-page</key>
        <integer>16</integer>
        <key>metadata-whitening</key>
        <data>
        AQAAAA==
        </data>
        <key>name</key>
        <data>
        ZGlzawA=
        </data>
        <key>partitions</key>
        <dict/>
        <key>ppn-device</key>
        <true/>
        <key>use-4k-aes-chain</key>
        <data>
        AQAAAA==
        </data>
        <key>valid-meta-per-logical-page</key>
        <integer>16</integer>
        <key>vendor-type</key>
        <integer>0</integer>
    </dict>
    <key>ramdisk compile time</key>
    <string>Dec  2 2013 00:16:55</string>
    <key>ramdisk revision</key>
    <string>4222556965e9</string>
    <key>serialNumber</key>
    <string></string>
    <key>udid</key>
    <string>4c0f5d941f0c3c01857bc27f978c16e2ff44d479</string>
    <key>wifiMac</key>
    <string>00:00:00:00:00:00</string>
</dict>
</plist>

I also tried booting via nand disable flag but it still causes the same issue. 
Please let me know what I can do to correct this issue.
Thanks,

Alex

Original issue reported on code.google.com by a.alya...@gmail.com on 4 Dec 2013 at 2:36

GoogleCodeExporter commented 9 years ago
Forgot to add, iPhone running version 7.0.4 and I see this issue only on iPhone 
4 CDMA models running iOS 7(and possibly older versions as well)

Original comment by a.alya...@gmail.com on 4 Dec 2013 at 2:37

GoogleCodeExporter commented 9 years ago
Not sure about this issue, can you post the output from /dev/klog (if it doesnt 
show anything add the dmesg binary to the ramdisk and run it to get some 
output).

Original comment by jean.sig...@gmail.com on 7 Dec 2013 at 3:50

Attachments:

GoogleCodeExporter commented 9 years ago
klog doesn't show anything useful:
::validateData(): Error, unable to obtain MAC address, can't proceed any further
AppleBCMWLANProvisioningManager::processProvisionedData(): Invalid provisioning 
data, general error
AppleBCMWLANBusInterfaceSdio::start(): Failed to process provisioning data: 
general error
AppleBCMWLANBusInterfaceSdio::start() WARNING
AppleBCMWLANBusInterfaceSdio::start() WARNING: Matched the default driver 
personality "4329c0/uno.bin". Invalid OTP or unsupported module.
AppleBCMWLANBusInterfaceSdio::start() WARNING: Please file a radar in "Purple 
WiFi Drivers"; instructions at 
<http://eightball.apple.com/luna/index.php/Debugging_Wifi_Problems#Filing_Bugs>
AppleBCMWLANBusInterfaceSdio::start() WARNING
AppleBCMWLANBusInterfaceSdio::start(): Started by: IOSDIOIoCardDevice, 
AppleBCMWLANV2-91.25 Apr  8 2012 21:53:02
AppleBCMWLANProvisioningManager::validateData(): Error, unable to obtain MAC 
address, can't proceed any further
AppleBCMWLANProvisioningManager::processProvisionedData(): Invalid provisioning 
data, general error
AppleBCMWLANBusInterfaceSdio::start(): Failed to process provisioning data: 
general error
AppleMultitouchN1SPI: detected HBPP. driver will be kept alive
AppleD1815PMUPowerSource: AppleUSBCableDetect 1
AppleD1815PMUPowerSource: AppleUSBCableType USBHost
AppleSynopsysOTGDevice::init : Logging Buffer Length = 4K
AppleSynopsysOTGDevice::start : buffer-options 0x00000400
AppleSynopsysOTGDevice::start : object is 0xc0aba200, registers at 0xd367d000, 
0x86100000 physical
AppleSynopsysOTGDevice::findMaxEndpoints: in EPs: 7, out EPs: 7, max_endpoint: 
8, num_endpoints: 14
AppleSynopsysOTGDevice::handleUSBCableConnect cable connected, but don't have 
device configuration yet
AppleSynopsysOTGDevice::start : start finished
AUD10::start: 0xc08d5800, highland-park mIICNub: 0x825fa540, mIISNub: 
0x82aa5700, mSerialNub: 0x82a73300, sampleRate = 44100, ol=10, oi=12
AUD10::setPowerState() function called whereas Start() is not finished
AppleSynopsysOTGDevice - Configuration: PTP
AppleSynopsysOTGDevice          Interface: PTP
AppleSynopsysOTGDevice - Configuration: iPod USB Interface
AppleSynopsysOTGDevice          Interface: USBAudioControl
AppleSynopsysOTGDevice          Interface: USBAudioStreaming
AppleSynopsysOTGDevice          Interface: IapOverUsbHid
AppleSynopsysOTGDevice - Configuration: PTP + Apple Mobile Device
AppleSynopsysOTGDevice          Interface: PTP
AppleSynopsysOTGDevice          Interface: AppleUSBMux
AppleSynopsysOTGDevice - Configuration: PTP + Apple Mobile Device + Apple USB 
Ethernet
AppleSynopsysOTGDevice          Interface: PTP
AppleSynopsysOTGDevice          Interface: AppleUSBMux
AppleSynopsysOTGDevice          Interface: AppleUSBEthernet
AppleSynopsysOTGDevice::gated_registerFunction Register function USBAudioControl
IOAccessoryPortUSB::start
virtual bool AppleUSBDeviceMux::start(IOService*) build: Apr  8 2012 21:53:25
AppleSynopsysOTGDevice::gated_registerFunction Register function 
USBAudioStreaming
init_waste
AppleSynopsysOTGDevice::gated_registerFunction Register function AppleUSBMux
AppleSynopsysOTGDevice::gated_registerFunction Register function IapOverUsbHid
AppleSynopsysOTGDevice::gated_registerFunction Register function 
AppleUSBEthernet
AppleUSBEthernetDevice::start: Host MAC address = 02:00:00:00:00:00
AppleSynopsysOTGDevice::gated_registerFunction Register function PTP
AppleSynopsysOTGDevice::gated_registerFunction all functions registered- we are 
ready to start usb stack
AppleSynopsysOTGDevice::handleUSBReset
AppleSynopsysOTGDevice::handleUSBSuspend
AppleD1815PMUPowerSource: AppleUSBCableDetect 0
AppleD1815PMUPowerSource: AppleUSBCableType Detached
AppleSynopsysOTGDevice::handleUSBCableDisconnect
virtual IOReturn AppleUSBDeviceMux::message(UInt32, IOService*, void*) - 
kMessageInterfaceWasDeActivated
AppleUSBDeviceMux::reportStats: USB mux statistics:
USB mux: 5 reads / 0 errors, 3 writes / 0 errors
USB mux: 0 short packets, 0 dups
AppleD1815PMUPowerSource: AppleUSBCableDetect 1
AppleD1815PMUPowerSource: AppleUSBCableType USBHost
AppleSynopsysOTGDevice::handleUSBReset
AppleSynopsysOTGDevice::handleUSBReset

It might be an issue with FTL driver. I notice when trying to use a patched ios 
6 kernel the FTL driver loads and creates the partition. But it doesn't load 
ssh server and eventually causes a kernel panic. I do not notice the driver 
loading with the ios5 kernel. 

I tried creating an ios6 ramdisk but there is an issue with the size (9mb vs 
17mb on ios 5). 

Please let me know what I can do to correct this issue.
Thanks for your help.
Alex

Original comment by a.alya...@gmail.com on 7 Dec 2013 at 10:00

GoogleCodeExporter commented 9 years ago
ha ok i see now, ios 6 introduced a new format for the nand partitioning, which 
ios 5 cannot handle. i assume this new format is only used if the device was 
fully restored to ios >= 6 (not upgraded from ios 4/5).

how did you patch the ios 6 kernel ?
try adding "amfi=0xff cs_enforcement_disable=1" to the redsn0w bootargs command 
line, it might help loading the ssh server (the ramdisk mad from an ios5 ipsw 
should be fine).

Original comment by jean.sig...@gmail.com on 8 Dec 2013 at 12:57

GoogleCodeExporter commented 9 years ago
redsn0w patched the kernel and stores it in the temp directory(windows) so I 
got it from there. I tried adding that those bootargs but still the same issue. 
It stops at:
LwVM::_partitionsFromConfig - loaded configuration from 2 partitions 
Maybe the kernel I have is not the correct one. 

Original comment by a.alya...@gmail.com on 8 Dec 2013 at 10:35

GoogleCodeExporter commented 9 years ago
This issue was updated by revision 70a150167027.

update issue 103

Original comment by jean.sig...@gmail.com on 14 Dec 2013 at 2:08

GoogleCodeExporter commented 9 years ago
Just pushed a fix to create kernel/ramdisk from ios6 ipsw, let me know if it 
works for you. thanks.

Original comment by jean.sig...@gmail.com on 14 Dec 2013 at 2:10