Closed mon0208 closed 1 year ago
if phone jailbreak with checkra1n 0.12.4 and re jailbreak with plooshra1n it work. but if i format iphone and jailbreak with plooshra1n it not work.
it is made for booting 0.12.4 on those versions. i can try to fix setting up if you tell me what the issue is (stuck in verbose, pongoOS, etc)
no stuck bro, run all step done, after jailbreak phone boot in to home screen but jailbreak unsuccessful. no apps checkra1n and can't connect ssh.
connect to SSH on port 44. checkra1n app needs a uicache which you can get by running 0.12.4 with the -c flag
C:\Users\nguye\Desktop\plooshra1n>plooshra1n.exe -c [Error] src/options.c:130 (parse_options) --> Cannot setup rootful when rootless is requested. Use -f to enable rootful mode. [Debug] src/wait_device.c:24 (wait_usb_handles) --> Waiting for devices... [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 1 succeeded [Info] openra1n.c:1027 (openra1n_checkm8) --> Setting up the exploit (this is the heap spray) [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 2 succeeded [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 3 succeeded [Info] openra1n.c:1034 (openra1n_checkm8) --> Right before trigger (this is the real bug setup) [Debug] openra1n.c:890 (checkm8_stage_patch) --> setting up stage 2 for t7000 [Debug] openra1n.c:929 (checkm8_stage_patch) --> successfully leaked data [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 0 succeeded [Info] openra1n.c:961 (checkm8_boot_pongo) --> Booting pongoOS [Debug] openra1n.c:962 (checkm8_boot_pongo) --> Appending shellcode to the top of pongoOS (512 bytes) [Debug] openra1n.c:965 (checkm8_boot_pongo) --> Compressing pongoOS [Debug] openra1n.c:969 (checkm8_boot_pongo) --> Compressed pongoOS from 254224 to 148253 bytes [Debug] openra1n.c:977 (checkm8_boot_pongo) --> Setting the compressed size into the shellcode [Debug] openra1n.c:982 (checkm8_boot_pongo) --> Reconnecting to device [Debug] openra1n.c:984 (checkm8_boot_pongo) --> Waiting for device to be ready [Debug] openra1n.c:1003 (checkm8_boot_pongo) --> Sent pongoOS (148765 bytes) [Debug] openra1n.c:1006 (checkm8_boot_pongo) --> pongoOS sent, should be booting [Debug] src/main.c:23 (main) --> Waiting for device to reconnect in pongoOS mode... [Debug] src/main.c:31 (main) --> Device connected in pongoOS mode! [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'fuse lock' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'sep auto' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 118440 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'modload' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'darwin' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'plshrain' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 1048576 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'ramdisk' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 5209403 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'overlay' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'xargs wdt=-1 rootdev=md0' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'bootx' [Info] src/pongo.c:67 (boot_device) --> Device should now be booting! [Info] src/pongo.c:72 (boot_device) --> Please wait up to 10 minutes for the fakefs to be created. [Info] src/pongo.c:73 (boot_device) --> Once the device boots up to iOS, run again without the -c (Create FakeFS) option to jailbreak.
This Log when i run plooshra1n on windows bro. after phone reboot phone still not jailbreak
C:\Users\nguye\Desktop\plooshra1n>plooshra1n.exe -c [Error] src/options.c:130 (parse_options) --> Cannot setup rootful when rootless is requested. Use -f to enable rootful mode. [Debug] src/wait_device.c:24 (wait_usb_handles) --> Waiting for devices... [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 1 succeeded [Info] openra1n.c:1027 (openra1n_checkm8) --> Setting up the exploit (this is the heap spray) [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 2 succeeded [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 3 succeeded [Info] openra1n.c:1034 (openra1n_checkm8) --> Right before trigger (this is the real bug setup) [Debug] openra1n.c:890 (checkm8_stage_patch) --> setting up stage 2 for t7000 [Debug] openra1n.c:929 (checkm8_stage_patch) --> successfully leaked data [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 0 succeeded [Info] openra1n.c:961 (checkm8_boot_pongo) --> Booting pongoOS [Debug] openra1n.c:962 (checkm8_boot_pongo) --> Appending shellcode to the top of pongoOS (512 bytes) [Debug] openra1n.c:965 (checkm8_boot_pongo) --> Compressing pongoOS [Debug] openra1n.c:969 (checkm8_boot_pongo) --> Compressed pongoOS from 254224 to 148253 bytes [Debug] openra1n.c:977 (checkm8_boot_pongo) --> Setting the compressed size into the shellcode [Debug] openra1n.c:982 (checkm8_boot_pongo) --> Reconnecting to device [Debug] openra1n.c:984 (checkm8_boot_pongo) --> Waiting for device to be ready [Debug] openra1n.c:1003 (checkm8_boot_pongo) --> Sent pongoOS (148765 bytes) [Debug] openra1n.c:1006 (checkm8_boot_pongo) --> pongoOS sent, should be booting [Debug] src/main.c:23 (main) --> Waiting for device to reconnect in pongoOS mode... [Debug] src/main.c:31 (main) --> Device connected in pongoOS mode! [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'fuse lock' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'sep auto' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 118440 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'modload' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'darwin' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'plshrain' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 1048576 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'ramdisk' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 5209403 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'overlay' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'xargs wdt=-1 rootdev=md0' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'bootx' [Info] src/pongo.c:67 (boot_device) --> Device should now be booting! [Info] src/pongo.c:72 (boot_device) --> Please wait up to 10 minutes for the fakefs to be created. [Info] src/pongo.c:73 (boot_device) --> Once the device boots up to iOS, run again without the -c (Create FakeFS) option to jailbreak.
This Log when i run plooshra1n on windows bro. after phone reboot phone still not jailbreak
this i run with flag -c
run with -f -c
Same result sir
remove -c after it reboots
remove -c after it reboots
i don't understand bro.
first run plooshra1n -f -c second run plooshra1n -f again ?
yep
yep
C:\Users\nguye\Desktop\plooshra1n>plooshra1n -f -c [Debug] src/wait_device.c:24 (wait_usb_handles) --> Waiting for devices... [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 1 succeeded [Info] openra1n.c:1027 (openra1n_checkm8) --> Setting up the exploit (this is the heap spray) [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 2 succeeded [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 3 succeeded [Info] openra1n.c:1034 (openra1n_checkm8) --> Right before trigger (this is the real bug setup) [Debug] openra1n.c:890 (checkm8_stage_patch) --> setting up stage 2 for t7000 [Debug] openra1n.c:929 (checkm8_stage_patch) --> successfully leaked data [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 0 succeeded [Info] openra1n.c:961 (checkm8_boot_pongo) --> Booting pongoOS [Debug] openra1n.c:962 (checkm8_boot_pongo) --> Appending shellcode to the top of pongoOS (512 bytes) [Debug] openra1n.c:965 (checkm8_boot_pongo) --> Compressing pongoOS [Debug] openra1n.c:969 (checkm8_boot_pongo) --> Compressed pongoOS from 254224 to 148253 bytes [Debug] openra1n.c:977 (checkm8_boot_pongo) --> Setting the compressed size into the shellcode [Debug] openra1n.c:982 (checkm8_boot_pongo) --> Reconnecting to device [Debug] openra1n.c:984 (checkm8_boot_pongo) --> Waiting for device to be ready [Debug] openra1n.c:1003 (checkm8_boot_pongo) --> Sent pongoOS (148765 bytes) [Debug] openra1n.c:1006 (checkm8_boot_pongo) --> pongoOS sent, should be booting [Debug] src/main.c:23 (main) --> Waiting for device to reconnect in pongoOS mode... [Debug] src/main.c:31 (main) --> Device connected in pongoOS mode! [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'fuse lock' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'sep auto' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 118440 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'modload' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'darwin' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'palera1n_flags 0x4000005' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 1048576 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'ramdisk' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 5209403 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'overlay' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'xargs wdt=-1 rootdev=md0' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'bootx' [Info] src/pongo.c:67 (boot_device) --> Device should now be booting! [Info] src/pongo.c:72 (boot_device) --> Please wait up to 10 minutes for the fakefs to be created. [Info] src/pongo.c:73 (boot_device) --> Once the device boots up to iOS, run again without the -c (Create FakeFS) option to jailbreak.
C:\Users\nguye\Desktop\plooshra1n>plooshra1n -f [Debug] src/wait_device.c:24 (wait_usb_handles) --> Waiting for devices... [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 1 succeeded [Info] openra1n.c:1027 (openra1n_checkm8) --> Setting up the exploit (this is the heap spray) [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 2 succeeded [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 3 succeeded [Info] openra1n.c:1034 (openra1n_checkm8) --> Right before trigger (this is the real bug setup) [Debug] openra1n.c:890 (checkm8_stage_patch) --> setting up stage 2 for t7000 [Debug] openra1n.c:929 (checkm8_stage_patch) --> successfully leaked data [Debug] openra1n.c:1039 (openra1n_checkm8) --> Stage 0 succeeded [Info] openra1n.c:961 (checkm8_boot_pongo) --> Booting pongoOS [Debug] openra1n.c:962 (checkm8_boot_pongo) --> Appending shellcode to the top of pongoOS (512 bytes) [Debug] openra1n.c:965 (checkm8_boot_pongo) --> Compressing pongoOS [Debug] openra1n.c:969 (checkm8_boot_pongo) --> Compressed pongoOS from 254224 to 148253 bytes [Debug] openra1n.c:977 (checkm8_boot_pongo) --> Setting the compressed size into the shellcode [Debug] openra1n.c:982 (checkm8_boot_pongo) --> Reconnecting to device [Debug] openra1n.c:984 (checkm8_boot_pongo) --> Waiting for device to be ready [Debug] openra1n.c:1003 (checkm8_boot_pongo) --> Sent pongoOS (148765 bytes) [Debug] openra1n.c:1006 (checkm8_boot_pongo) --> pongoOS sent, should be booting [Debug] src/main.c:23 (main) --> Waiting for device to reconnect in pongoOS mode... [Debug] src/main.c:31 (main) --> Device connected in pongoOS mode! [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'fuse lock' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'sep auto' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 118440 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'modload' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'darwin' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'palera1n_flags 0x4000001' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 1048576 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'ramdisk' [Debug] src/pongo.c:162 (upload_pongo_file) --> Uploaded 5209403 bytes [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'overlay' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'xargs rootdev=md0' [Debug] src/pongo.c:103 (issue_pongo_command) --> Executing PongoOS command: 'bootx' [Info] src/pongo.c:67 (boot_device) --> Device should now be booting!
after phone booting not jailbreak bro. i tryed 6 ios 12.5.7, 6 plus not work
can you run this: plooshra1n --help
can you run this: plooshra1n --help
C:\Users\nguye\Desktop\plooshra1n>plooshra1n -help Usage: plooshra1n [-RDhSpPs] [-BcCfl] [-b boot arguments] Made by Ploosh, using palera1n resources (for now) iOS/iPadOS 12.0-17.0 jailbreak for arm64 devices
-R, --force-revert Remove jailbreak
-b, --boot-args <boot arguments> XNU boot arguments
-D, --dfuhelper Exit after entering DFU
-h, --help Show this help
-S, --serial Log to serial console
-p, --pongo-shell Boots to PongoOS shell
-P, --pongo-full Boots to a PongoOS shell with default images already uploaded
-s, --safe-mode Enter safe mode
iOS 15+ specific options: -B, --setup-bindfs Setup bindfs -c, --setup-fakefs Setup fakefs -C, --clean-fakefs Clean fakefs -f, --fakefs Boots fakefs -l, --rootless Boots rootless. This is the default
okay, so you're using a relatively recent build with the auto-detection feature... i think you'll just need to use checkra1n -c to fix the checkra1n app not appearing.
I use windows bro, checkra1n only work mac and linux. Hope you fix plooshra1n soon. I tryed only plooshra1n -c not work too. there is one strange thing: if before the iphone jailbreaked with checkra1n usb, after reboot device and i jailbreak with plooshra1n it work. But if i fresh restore iphone and jailbreak with plooshra1n only it not work.
yes, because springboard doesn't know about the checkra1n app.
ssh not work too :(, hope you fix it soon
even using
iproxy 4444 44
ssh root@localhost -p 4444
?
yes not work, iproxy 4444 44 ssh root@localhost -p 4444
and
iproxy 2222 44 ssh root@localhost -p 2222 not work too
odd. should be working fine..
any update :( i tryed all model old ios not work
i test on iphone 6 plus send payload all done but phone not jailbreak?