Closed realrodri closed 2 years ago
realrodri
commented
2 years ago The iPad was originally on iOS 10.3.3, but I failed to jailbreak it with Totally not Spyware and wanted to restore it. Wasn't able to install Succession by the same thing. Updated the iPad to the latest iOS 12 version available and still the same error.
Edit: Tried 2.1 version and it passes the exploit message. However, it loops into sending files. Doesn't work either tho, but regarding the "Exploiting with checkm8".
realrodri
commented
2 years ago Solved! Exploited with checkm8 using LeetDown 1.0.5_v2 and repeated the process using the latest 2.2_REV_A.
Steps I've taken:
Install 1.0.5_v2 and try to downgrade it. It exploited it but not downgraded. Kept stuck at sending stuff and canceled the process on the Mac. Downloaded latest version and replaced with the one in the Application folder of the Mac. Repeated the process but with the iPad pwned and succeeded!
ATM the iPad is erasing itself, and hopefully it's downgraded. Plus, the console tells me "Restore succeeded", so might be a time to celebrate, huh? Just kidding, might celebrate when I get to the home screen ;D
Describe the bug It doesn't even exploit my device with checkm8. Years ago I indeed restored using another tool.
What is your macOS version? e.g. macOS 10.14.6
What is the device you're trying to downgrade? e.g. iPad Mini 2 j85ap
What is the LeetDown version you're using? e.g. 2.2_REV_A (1)
Enable debugging in LeetDown's settings and copy and paste LDLog.txt here.
initial device scan started attempting to connect 1/5 connected 1/5 2022-08-31 13:26:39.776 LeetDown[1013:23794] 8206240889400 attempting to connect 1/5 connected 1/5 objc[1013]: Class FIFinderSyncExtensionHost is implemented in both /System/Library/PrivateFrameworks/FinderKit.framework/Versions/A/FinderKit (0x7fff9c0353d8) and /System/Library/PrivateFrameworks/FileProvider.framework/OverrideBundles/FinderSyncCollaborationFileProviderOverride.bundle/Contents/MacOS/FinderSyncCollaborationFileProviderOverride (0x110a2cf50). One of the two will be used. Which one is undefined. [main] Waiting for device in DFU mode... [main] CONNECTED [read_serial_number] Found serial number! [main] CPID: 0x8960, BDID: 0x0a, STRG: [iBoot-1704.10] ** exploiting with checkm8 [checkm8_s5l8960x] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [checkm8_s5l8960x] running set_global_state() [set_global_state] (1/3) sent: 0, val: 5c0 [set_global_state] (2/3) e000404f [set_global_state] running heap_spray() [heap_spray] (1/3) e000404f [heap_spray] (2/3) 0 [heap_spray] (3/3) e0004051 [set_global_state] (3/3) e00002ed [checkm8_s5l8960x] reconnecting [checkm8_s5l8960x] USBDeviceReEnumerate: 0 [checkm8_s5l8960x] running heap_occupation() [heap_occupation] (1/3) e000404f [heap_occupation] (2/3) e0004051 [heap_occupation] (3/3) e000404f [checkm8_s5l8960x] reconnecting [checkm8_s5l8960x] USBDeviceReEnumerate: 0 [checkm8_s5l8960x] ERROR: Failed to reconnect to device attempting to connect 1/5 attempting to connect 2/5 attempting to connect 3/5 attempting to connect 4/5 attempting to connect 5/5
Mac Mini 2018 running latest Mojave version. SIP disabled. I did not install Homebrew and all the previous libraries because I installed the app drag-and-dropping to Applications.