Repeated crashes when a device currently in recovery mode is plugged in

[kylefmohr]

Hello! LiNUZE seems like a cool idea and I'm interested to see where it goes.

I'm running into a bug when running the latest version of LiNUZE from https://ra9stuff.github.io/repo/

I was able to use my jailbroken iPad Pro 11in 2nd Gen running iOS 14.2 to connect to my iPhone 14 Pro Max, and successfully put the device into recovery mode, and then the app immediately crashed. It then continued to crash every time I tried to open it until I unplugged the iPhone from USB, and then when I had the app back open again, I plugged in the iPhone 14ProMax in recovery mode, in hopes to kick it out of recovery mode, but instead the app immediately crashed. I've attached a crash log generated by Cr4shed from my iPad.

text-A979DA075A19-1.txt

If anybody else experiences this issue and needs to get their device out of recovery mode, I was able to do so on my Mac by running brew install libirecovery and then irecovery -n.

[rA9stuff]

Thank you for the crash log. Could you also provide /var/mobile/Media/LiNUZE/LiNUZE_Log.txt with your issue?

Also, I'm pretty sure I've identified this bug before and fixed it locally (which should go live today or tomorrow) but your LiNUZE_Log.txt file is still appreciated to better understand what's going on 🙂

[kylefmohr]

Sure, the log files didn't have much info, I'm assuming they got overwritten at some point, so I deleted them and then retriggered the bug.

LiNUZE_Log.txt:

[*] Ready, waiting for a device
[*] [LiNUZE_VC.mm] maindevptr: 0x104a64480
[sanityCheck]: /var/mobile/Media/LiNUZE exists
[sanityCheck]: /var/mobile/Media/LiNUZE/LiNUZE_stdoutwrapper.txt exists
[sanityCheck]: /usr/lib/libimobiledevice-1.0.6.dylib exists
[sanityCheck]: /usr/lib/libcrypto.1.1.dylib exists
[sanityCheck]: /usr/lib/libirecovery.3.dylib exists
[sanityCheck]: /usr/lib/libplist.3.dylib exists
[sanityCheck]: /usr/lib/libusb-1.0.0.dylib exists
[sanityCheck]: /usr/lib/libusbmuxd.6.dylib exists
[sanityCheck]: all checks have passed
Running on iPad8,9 on iOS 14.2
[*] view did reload
[*] waiting for a device
[*] New USB device: iPhone
[*] iDevice in normal mode detected, things will fail if usbmuxd daemon is not running!
[*] Connected: iP14ProMax
[*] New USB device: iPhone
[*] iDevice in normal mode detected, things will fail if usbmuxd daemon is not running!
[*] Connected: iP14ProMax
-[USBUtils detectTrapRemoval] Device switched state!
[*] enterRecovery got called from <UITapGestureRecognizer: 0x107c1d9f0; state = Ended; view = <UIView 0x107e16ac0>; target= <(action=enter_rec_ipad_act:, target=<ViewController 0x10900a800>)>>
[*] Lost USB device: iPhone
[*] waiting for a device
[*] Attempting to free lost device at 0x0 with LDD pair at 0x2831ff040
[*] New USB device: Apple Mobile Device (Recovery Mode)
[*] Attempting to establish a connection...

LiNUZE_stdoutwrapper.txt:

[sanityCheck]: /var/mobile/Media/LiNUZE exists
[sanityCheck]: /var/mobile/Media/LiNUZE/LiNUZE_stdoutwrapper.txt exists
[sanityCheck]: /usr/lib/libimobiledevice-1.0.6.dylib exists
[sanityCheck]: /usr/lib/libcrypto.1.1.dylib exists
[sanityCheck]: /usr/lib/libirecovery.3.dylib exists
[sanityCheck]: /usr/lib/libplist.3.dylib exists
[sanityCheck]: /usr/lib/libusb-1.0.0.dylib exists
[sanityCheck]: /usr/lib/libusbmuxd.6.dylib exists
[sanityCheck]: all checks have passed
Running on iPad8,9 on iOS 14.2
-[USBUtils detectTrapRemoval] Device switched state!
[openConnection]: attempting to connect 1/10
[openConnection]: attempting to connect 2/10
[openConnection]: connected 2/10

[rA9stuff]

I think the problem is that libimobiledevice libraries of Elucubratus (or Procursus?) are not up to date and they don’t support newer devices such as iPhone 14 series. If you have an older device, could you try connecting it to your iPad and confirm whether it works or not?

[kylefmohr]

I just tried it with my iPhone 12 Pro Max, it still crashes as soon as it's recognized in recovery mode.

I'll try an even older device, I have an iPad mini 4, just waiting for it to charge, I'll let you know if the result is any different.

[kylefmohr]

Actually you might be onto something, I was able to enter and then exit recovery mode with no crashes when doing this with my iPad mini 4. Not sure if a log of a successful attempt helps, but just in case, here it is:

[*] New USB device: iPad
[*] iDevice in normal mode detected, things will fail if usbmuxd daemon is not running!
[*] Connected: iPad (2)
-[USBUtils detectTrapRemoval] Device switched state!
[*] enterRecovery got called from <UITapGestureRecognizer: 0x102e1a8f0; state = Ended; view = <UIView 0x102e1e7a0>; target= <(action=enter_rec_ipad_act:, target=<ViewController 0x108029c00>)>>
[*] Lost USB device: iPad
[*] waiting for a device
[*] Not attempting to free lost device...
[*] New USB device: Apple Mobile Device (Recovery Mode)
[*] Attempting to establish a connection...
[openConnection]: attempting to connect 1/10
[openConnection]: attempting to connect 2/10
[*] OK
[*] Done, LDD created at 0x282b8bb00

Model Name: iPad Mini 4 (WiFi)
Hardware Model: j96ap
ECID: <redacted>
Serial Tag: (null)
APNonce:<redacted>
SEPNonce:<redacted>
CPID: 7000
Pwned: No

[*] masterDFUDevice: 0x282bec840
[openConnection]: connected 2/10
[*] exitRecovery got called from <UITapGestureRecognizer: 0x102e1ab30; state = Ended; view = <UIView 0x102e1dfc0>; target= <(action=exit_rec_ipad_act:, target=<ViewController 0x108029c00>)>>
[*] LDD object at 0x282bec840
[*] sendCommand() returned with 0
[*] sendCommand() returned with 0
[*] sendCommand() returned with 0
[*] Lost USB device: Apple Mobile Device (Recovery Mode)
[*] waiting for a device
[*] Attempting to free lost device at 0x0 with LDD pair at 0x282bec840

[rA9stuff]

Yeah, it's due to outdated libraries then. Which jailbreak are you running on your iPad?

[kylefmohr]

It's iOS 14.2 using unc0ver 8.0.2, Elucubratus

[rA9stuff]

I see. Procursus repo generally offers more up-to-date packages and libraries, and it's what I use to develop LiNUZE. Nevertheless, I'll create a custom, auto-updating repo for Elucubratus users to grab libraries from, which should fix this issue. Closing this issue if you don't have any other problems.