cannot boot iPhone

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install latest version
2. Enable spring board helper
3. Reboot

What is the expected output? What do you see instead?
Should start fine. / Apple logo in black background.

What version of the product are you using? On what operating system?
the latest the one that supports spring board helper on 1.1.4. / iPhone 
1.1.4

Please provide any additional information below.

Original issue reported on code.google.com by d.ro...@gmail.com on 22 Apr 2008 at 6:12

[GoogleCodeExporter]

I have only one option left now - restore. This is the second time I will be 
restoring after using your product :((

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 7:07

[GoogleCodeExporter]

You do not need to restore, if you read my wiki carefully.
Just replace the springboard launch file and everything will be ok.

As to your problem, I have no idea. I have tested on several 1.0.2/1.1.4 phones
before release that build. So sorry to hear that :(

Original comment by Shawn.Ch...@gmail.com on 23 Apr 2008 at 7:51

[GoogleCodeExporter]

Hey Shawn - If you could help me a little more :) I am not able to get to the 
screen 
where I can enable WiFi and connect to iPhone. Can I SSH using the cables, if 
yes 
then with what tools?

(I use FileZilla for SSH over WiFi. And over the cables - iPhone PC Suit, but I 
gues 
that can not SSH)

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 8:53

[GoogleCodeExporter]

I am so desperate to start the phone ... or should I restore? Is there some 
problem 
with the app? Should I not install it again?

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 10:15

[GoogleCodeExporter]

SSH is working only over wi-fi. Over cable you may use pc suite browser and 
itunes.

Original comment by s7e...@gmail.com on 23 Apr 2008 at 10:19

[GoogleCodeExporter]

That means I cannot try that WiKi stuff :(

Running restore :((

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 11:39

[GoogleCodeExporter]

and will not install your app again :(

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 11:39

[GoogleCodeExporter]

Hey Shawn can you provide me the stock com.apple.SpringBoard.plist file? I can 
just 
replace the current one.

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 11:43

[GoogleCodeExporter]

I am attaching the log files, if they could help you!

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 11:52

Attachments:

• logs.zip

[GoogleCodeExporter]

Panic log file that I could not understand. I tried replacing 
com.apple.SpringBoard.plist with contents as below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 
1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>MachServices</key>
    <dict>
        <key>com.apple.springboard.migserver</key>
        <true />
    </dict>
    <key>Label</key>
    <string>com.apple.SpringBoard</string>
    <key>OnDemand</key>
    <false />
    <key>ProgramArguments</key>
    <array>

    <string>/System/Library/CoreServices/SpringBoard.app/SpringBoard</string>
    </array>
    <key>ServiceIPC</key>
    <false />
</dict>
</plist>

--- still no success :(((((

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 2:47

Attachments:

• 2008-04-23-201249.panic.plist

[GoogleCodeExporter]

Entered DFU mode running restore again :(

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 2:55

[GoogleCodeExporter]

restored to new. Shawn can we find out what could be wrong in my case? Or I 
cannot 
install your app again ? :((((

Original comment by d.ro...@gmail.com on 23 Apr 2008 at 4:09

[GoogleCodeExporter]

Hello Shawn

Original comment by d.ro...@gmail.com on 24 Apr 2008 at 11:18

[GoogleCodeExporter]

Robin,

As a programmer, I hate repeat same thing again and again.

But I have to repeat the steps again about how to fix the can't boot problem on 
your
phone :(

Before start, I have to say, I hope you have some basic idea about 
iPhone/Wifi/SCP
and the iBricker/PC Suite tool. If you're totally noob on these ideas, I'm 
sorry, I'm
afraid I cant help. But I believe google can help.

Well let's start to diagnose your problem.

1) Enable wifi and SSH server on your iPhone

2) Get some tool like Putty and secure tty and SSH into your phone, now you're 
under
the # shell

3) Run your iPhone as usual and install iSMS via installer, when completed, do 
not
restart your phone but run the following command

#/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.SpringBoard.plist
#/bin/launchctl load /System/Library/LaunchDaemons/com.apple.SpringBoard.plist
Then wait several seconds and you should see your springboard again then you're 
done.

If you could not see your springboard again, or your screen does not respond to 
any
touch, then invoke the following command to remove the iSMS helper entries from 
your
springboard launch file

#cd /Applications/iSMS.app
#./iSMS -uninstall
#/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.SpringBoard.plist
#/bin/launchctl load /System/Library/LaunchDaemons/com.apple.SpringBoard.plist

then you have removed the iSMS helper hook and your phone should work as usual.

As to your problem, I still have no idea. But I guess that might be caused by 
other
tools/hooks.

Hope that helps.

- Shawn

Original comment by Shawn.Ch...@gmail.com on 26 Apr 2008 at 3:43

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I've got the same problem since the new build. It seems the iSMS Helper isn't
compatible with Categories v1.72, as SpringBoard isn't booting anymore when i've
added a category.

I'm on v1.1.4, too.

Original comment by Walhalla...@gmail.com on 26 Apr 2008 at 7:52

[GoogleCodeExporter]

It's possible. Because we all are using the same trick. But I'm only interested 
in
the SMS related classes. Still have no idea why it's not compatible.

Original comment by Shawn.Ch...@gmail.com on 27 Apr 2008 at 4:23

[GoogleCodeExporter]

I just did some tests.

it seems to work, when you set up the category with categories BEFORE you 
install the
iSMS Hook, but when you try to create a new category the springboard doesn't 
start
anymore until you delete the newly created category.

strange strange :)

Original comment by Walhalla...@gmail.com on 27 Apr 2008 at 2:20

[GoogleCodeExporter]

As a programmer, I never hated to repeat things over! Neither to the QA guys of 
my 
team, nor to the developers who are working with me.

Thanks for your patience.

I have basic idea of iPhone/Wifi/SCP and iBrikr/iPhone PC suite. No I am not a 
n00b, 
so please dont be sorry. I am a C++ / VC++ / Win32 / ATL/COM dedveloper and 
have 
hands on C# . NET technology. I have also worked on Delphi projects; Also have 
more 
than basic exposure on the Linux platform.

Thanks for those steps and having patience, I will use them as a last resort 
when 
you say your product is stable and I am stuck. For now I am happy with weTools.

The problem could be because of other apps I am not sure, I have installed the 
PC 
suite's daemon as it asks me to when I first run the app with iPhone.

Thank you,
Robin.

Original comment by d.ro...@gmail.com on 27 Apr 2008 at 3:03

[GoogleCodeExporter]

Robin,

So what's your diagnostic result according to the steps I typed in previous 
reply ?

Original comment by Shawn.Ch...@gmail.com on 28 Apr 2008 at 1:37

[GoogleCodeExporter]

Well, I took some time to have a look at your crash report on Springboard. And 
one of
your crash is inside the Class0Message handling. It's crashed while reading 
something
from a Dictionary instance.
And the strange problem is, iSMS had never ever handle/hook that routines.

Below is the crash stack and the disassembly code of the related methods.
I hope you can understand it.

Exception Type:  EXC_BAD_ACCESS
Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000
Crashed Thread:  0

Thread 0 Crashed:
0   CoreFoundation                  0x3050ce40 0x304ff000 + 56896
1   SpringBoard                     0x00054500 0x1000 + 341248
2   CoreFoundation                  0x3053b93e 0x304ff000 + 248126
3   CoreFoundation                  0x3052a6da 0x304ff000 + 177882
4   CoreFoundation                  0x305364b8 0x304ff000 + 226488
5   CoreTelephony                   0x30938a50 0x30932000 + 27216
6   CoreTelephony                   0x309495cc 0x30932000 + 95692
...

And the disassembly code at offset of 0x00054500 in SB binary(1.1.4) is:
=========================================================================
sub_544E4

var_8= -8
arg_0=  0

LDR     R1, =_kCTSMSClass0String_ptr
STMFD   SP!, {R4,R5,R7,LR}
ADD     R7, SP, #0x10+var_8
LDR     R1, [R1]
LDR     R0, [SP,#0x10+arg_0]
MOV     R5, R2
LDR     R1, [R1]
BL      _CFDictionaryGetValue  <== Crashed here!!!
LDR     R3, =_kCTSMSClass0StringReceivedNotification_ptr
LDR     R3, [R3]
LDR     R3, [R3]
CMP     R3, R5
MOVNE   R2, #0

The above method is a callback method for Class0Alert and is registered in 
method

And the method SBSMSClass0Alert::(void)registerForAlerts;   // IMP=0x00054588
=========================
sub_54588

var_14= -0x14
var_10= -0x10
var_8= -8

STMFD   SP!, {R4,R7,LR}
ADD     R7, SP, #0xC+var_8
SUB     SP, SP, #8
MOV     R4, R0
BL      _CTTelephonyCenterGetDefault
LDR     R3, =_kCTSMSClass0StringReceivedNotification_ptr
MOV     R2, #0
STR     R2, [SP,#0x14+var_14]
LDR     R3, [R3]
ADD     R2, R2, #4
STR     R2, [SP,#0x14+var_10]
LDR     R3, [R3]
MOV     R1, R4
LDR     R2, =sub_544E4 <== Using this fp as callback method param
BL      _CTTelephonyCenterAddObserver
SUB     SP, R7, #4
LDMFD   SP!, {R4,R7,PC}

Original comment by Shawn.Ch...@gmail.com on 28 Apr 2008 at 1:54

[GoogleCodeExporter]

I have few questions regarding the log file

The log looks like the following text

Exception Type:  EXC_BAD_ACCESS
Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000
Crashed Thread:  0

Thread 0 Crashed:
0   CoreFoundation                  0x3050ce40 0x304ff000 + 56896
1   SpringBoard                     0x00054500 0x1000 + 341248
2   CoreFoundation                  0x3053b93e 0x304ff000 + 248126
...
...
16  UIKit                           0x328c92ec 0x328bc000 + 53996
17  SpringBoard                     0x000055f0 0x1000 + 17904
18  SpringBoard                     0x000054f4 0x1000 + 17652

I dont know how to read this file, some point of observations (I may be wrong) 
- 
In Thread 0 crash springboard is referenced 3 times, 1, 17 and 18.

Now my query is that did the first reference (at 1 ) got crashed? or the 17 or 
18th?

If the "1 springboard" crashed finally (top of the callstack) then to me it 
looks 
like that "0 corefoundation" crashed! Am I interpreting incorrectly?

If there is anything else that you want me to look at? do tell me.

Original comment by d.ro...@gmail.com on 2 May 2008 at 8:14

[GoogleCodeExporter]

this is the call stack of the crashing thread, frame 0 is the place where 
trigger the
kernel protection error.

From the crash report I'm suspecting that you received a special message called
Class0 message, and seems that the first argument passed in([SP,#0x10+arg_0]) 
is nil.
So my question will be, why the notification data is null ? No idea :(

Original comment by Shawn.Ch...@gmail.com on 2 May 2008 at 12:58

[GoogleCodeExporter]

Original comment by Shawn.Ch...@gmail.com on 30 May 2008 at 6:18

• Changed state: Invalid