Tetheredboot does not work with iPhone 4 Verizon

[GoogleCodeExporter]

What steps will reproduce the problem?
1. ./tetheredboot -p cyanide_bootramdisk/payload -r myramdisk.dmg

What is the expected output? 

Initializing libpois0n
Waiting for device to enter DFU mode
Device must be in DFU mode to continue
opening device 05ac:1227...
Found device in DFU mode
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as iPhone3,1

What do you see instead?

Initializing libpois0n
Waiting for device to enter DFU mode
Device must be in DFU mode to continue
opening device 05ac:1227...
Found device in DFU mode
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as UH??AWAVAUATSH??
Sorry device is not compatible with this jailbreak
Your device in incompatible with this exploit!

What version of the product are you using? 
iPhone 4 Verizon

On what operating system?
4.2.7

Please provide any additional information below.
https://github.com/Chronic-Dev/syringe hasn't been updated in awhile and I am 
not sure where else to look.

Original issue reported on code.google.com by bl...@freenode-windows.org on 3 Jul 2011 at 4:33

[GoogleCodeExporter]

I committed a fix in the repository, can you test it and report 
success/failures ? thanks

Original comment by jean.sig...@gmail.com on 3 Jul 2011 at 9:27

• Changed state: Started
• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Thanks for the quick fix. The initial issue seems to be fixed but now I'm 
running into a new issue :

Device must be in DFU mode to continue
opening device 05ac:1227...
Found device in DFU mode
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as iPhone3,3
Preparing to upload limera1n exploit
Resetting device counters
Sending chunk headers
Sending exploit payload
Sending fake data
libusb:error [darwin_transfer_status] transfer error: device not responding 
(value = 0xe00002ed)
Exploit sent
Reconnecting to device
Waiting 2 seconds for the device to pop up...
opening device 05ac:1227...
Checking if kernelcache already exists
Fetching kernelcache.release.n92...
[==================================================] 100.0%
Preparing to upload iBSS
Checking if iBSS.n92ap already exists
Preparing to fetch DFU image from Apple's servers
Fetching Firmware/dfu/iBSS.n92ap.RELEASE.dfu...
[==================================================] 100.0%
Uploading iBSS.n92ap to device
[==================================================] 100.0%
Reconnecting to device
Waiting 10 seconds for the device to pop up...
opening device 05ac:1227...
Preparing to upload iBSS payload
[==================================================] 100.0%
Executing iBSS payload
libusb:error [darwin_transfer_status] transfer error: device not responding 
(value = 0xe00002ed)
Waiting 10 seconds for the device to pop up...
opening device 05ac:1227...
Preparing to upload devicetree
Checking if DeviceTree.n92ap already exists
Preparing to fetch firmware image from Apple's servers
Fetching Firmware/all_flash/all_flash.n92ap.production/DeviceTree.n92ap.img3...
[==================================================] 100.0%
Resetting device counters
Uploading DeviceTree.n92ap to device
[==================================================] 100.0%
libusb:error [darwin_transfer_status] transfer error: device not responding 
(value = 0xe00002ed)
Preparing to upload ramdisk
[=                                 Unable upload file0.9%
Unable to upload ramdisk
Exiting libpois0n
[=                                                 ] 1.2%

As you can see, it fails to upload the ramdisk then exits. Any suggestions? 

Thanks

Original comment by bl...@freenode-windows.org on 3 Jul 2011 at 10:25

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

OS: OSX 10.6.7

Forgot to mention, I made a new ramdisk manually doing the following :
Note: I used the following IPSW/Ramdisk
IPSW="iPhone3,3_4.2.7_8E303_Restore.ipsw"
RAMDISK="038-0974-004.dmg"

1. img3fs /tmp/img3 038-0974-004.dmg -iv 8d612fbab555c8e8f548898b0e6d3cb0 -key 
9ca594fef56655a7ad4dc1312dc4a499851d832c2eeb86f5a9ebfabe08ccedb6
2. hdiutil attach /tmp/img3/DATA.dmg
3. rm -rf /Volumes/ramdisk/usr/local/standalone/firmware/*
4. tar -C /Volumes/ramdisk/ -xP <  ssh.tar.gz
5. cp ramdisk_tools/restored_external /Volumes/ramdisk/usr/local/bin
6. cp ramdisk_tools/bruteforce ramdisk_tools/data_partition 
ramdisk_tools/dump_data_partition.sh /Volumes/ramdisk/var/root
7. hdiutil eject /Volumes/ramdisk
8. umount /tmp/img3

If I use the build_ramdisk.sh script, img3fs fails with the following error:

TAG: TYPE OFFSET 14 data_length:4
TAG: DATA OFFSET 34 data_length:ed5000
TAG: SEPO OFFSET ed5040 data_length:4
TAG: KBAG OFFSET ed505c data_length:38
Wrong length for key parameter, got 0, aesType is 100

Original comment by bl...@freenode-windows.org on 3 Jul 2011 at 10:40

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Got everything working=) Recompiled tetheredboot on windows using MinGW and was 
able to ssh into device without issue. The upload issue was probably caused by 
using OSX in a VM :/

Thanks again

Original comment by bl...@freenode-windows.org on 4 Jul 2011 at 6:00

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Great ! yes using a VM will sometimes create issues with usb. Btw, the ramdisk 
should work even if the ipsw used for building does not match the device (as 
long as it is for an armv7 device).

Original comment by jean.sig...@gmail.com on 4 Jul 2011 at 8:58

• Changed state: Fixed
• Added labels: ****
• Removed labels: ****