rA9stuff / LeetDown

a macOS app that downgrades A6 and A7 iDevices to OTA signed firmwares
GNU General Public License v3.0
547 stars 64 forks source link

Exploit failed in iPhone 5 #100

Closed ijiki16 closed 2 years ago

ijiki16 commented 2 years ago

Describe the bug A clear and concise description of what the bug is.

What is your macOS version? macOS 12.2.1

What is the device you're trying to downgrade? iPhone 5 (A6)

What is the LeetDown version you're using? 2.2

Additional info (optional)

Model Name: iPhone 5 (Global) Hardware Model: n42ap ECID: 3701843272590 Serial Tag: iBoot-1145.3 APNonce:2fee82d963558bbe936062ddcf52cef055771ea1 CPID: 8950 Destination Firmware: 8.4.1 Pwned: No

===================================== [+] Verifying iPSW [+] Checking md5 of the iPSW... [+] Successfully verified the iPSW [+] Exploiting device... [+] Exploit failed, please re-enter DFU mode to try again

LeetDown from terminal


initial device scan started
attempting to connect 1/5
connected 1/5
2022-02-14 18:30:29.056 LeetDown[12241:295043] 3701843272590
[main] Waiting for device in DFU mode...
[io_get_serial] Found serial number!
[main] CONNECTED
[main] CPID: 0x8950, BDID: 0x02, STRG: [iBoot-1145.3]
[main] Making directory: image3/
[dl_file] Downloading image: image3/ibss.n42 ...
** exploiting with checkm8
[checkm8_s5l8950x] reconnecting
[io_reset] ResetDevice: 0
[io_reset] USBDeviceReEnumerate: 0
[checkm8_s5l8950x] running heap_spray()
[heap_spray] (1/3) e000404f
[heap_spray] (2/3) e0004051
[heap_spray] (3/3) e0004051
[checkm8_s5l8950x] reconnecting
[io_reset] ResetDevice: 0
[io_reset] USBDeviceReEnumerate: 0
[checkm8_s5l8950x] running set_global_state()
[set_global_state] (1/3) sent: 0, val: 640
[set_global_state] (2/3) e000404f
[set_global_state] (3/3) 0
[checkm8_s5l8950x] reconnecting
[checkm8_s5l8950x] running heap_occupation()
[heap_occupation] (1/3) e000404f
[heap_occupation] (2/3) 0
[heap_occupation] (3/3) e00002ed
[checkm8_s5l8950x] reconnecting
[checkm8_s5l8950x] USBDeviceReEnumerate: 0
[io_get_serial] Found serial number!
[checkm8_s5l8950x] ERROR: Failed to reconnect to device
attempting to connect 1/5
attempting to connect 2/5
attempting to connect 3/5
attempting to connect 4/5
attempting to connect 5/5```
rA9stuff commented 2 years ago

Try again please.

ijiki16 commented 2 years ago

I tried same steps about 10 times with same results. Solutuon for me was to enter to DFU mode again (after entering ios 10 setup screen) without disconeting iphone from imac.

[+]  iPhone 5 (Global) is supported

============= DEVICE INFO =============

Model Name: iPhone 5 (Global)
Hardware Model: n42ap
ECID: 3701843272590
Serial Tag: iBoot-1145.3
APNonce:f36bea3569435ef9a5b40f152480896222ad1b25
CPID: 8950
Destination Firmware: 8.4.1
Pwned: No

=====================================
[+]  Verifying iPSW
[+]  Checking md5 of the iPSW...
[+]  Successfully verified the iPSW
[+]  Exploiting device...
[+]  Exploit failed, please re-enter DFU mode to try again
[+]  Exploiting device...
[+]  Exploit succeeded!
[+]  Uploading pwned iBoot...
[+]  Fetching OTA blob
[+]  Saved blob to file:///Users/imac/Documents/blobs%202.2. Keep it safe!
[+]  Restoring device
[+]  Restore succeeded!

I will close issues if you thing this is normal?

rA9stuff commented 2 years ago

You need to re-enter DFU mode if it fails. Yes, you can close it if it worked for you.