zaphodatreides
commented
1 year ago Hi, I had the same error... You have to wire the pico according to the picture, not the readme file. On a 8, openocd can attach but, I cannot halt the target...
Open danylokos opened 1 year ago
zaphodatreides
commented
1 year ago Hi, I had the same error... You have to wire the pico according to the picture, not the readme file. On a 8, openocd can attach but, I cannot halt the target...
amats211
commented
1 year ago Having the same issue, do i need to connect all 8 pins is pico?
danylokos
commented
1 year ago I think @zaphodatreides meant iPhone 8
danylokos
commented
1 year ago Looks like L0p (white) and L0n (green) pins are not needed. But I wasn't able to figure out this issue, so I'm no longer sure about anything.
blackndoor
commented
1 year ago Hi, I have the exact same error. Did you fixe yours ?
nezza
commented
1 year ago If your lightning pinout (confirmed with multimeter) is correct, and the cable orientation is 100% correct, and the device is successfully demoted it should work. The error mainly happens when the electrical connection is incorrect
blackndoor
commented
1 year ago I checked the lightning pinout with a multimeter and it is correct. For the orientation of the cable I place the GND on the left. I guess my cable is not good. I use this one: https://fr.aliexpress.com/item/32812219943.html
Edit: I checked the cable and it seems OK. There is no chip near the lightning connector. So basically, I do:
$ sudo ./ipwndfu -p --demonte
// once done, I remove the apple cable and connect the tamarin one
$ sudo ./src/openocd -s /usr/local/share/openocd/scripts -f interface/tamarin.cfg -f ../bonobo-configs/t8015.cfgOk so, I made a new cable (shorter than the first one) and checked every connections. I still have the same result:
$ sudo ../openocd/src/openocd -s /usr/local/share/openocd/scripts -f interface/tamarin.cfg -f t8015.cfg
Open On-Chip Debugger 0.10.0+dev-gc6d4abbe (2023-01-03-16:05)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : only one transport option; autoselect 'swd'
Warn : Transport "swd" was already selected
adapter speed: 5000 kHz
Warn : Interface already configured, ignoring
Warn : Transport "swd" was already selected
Info : clock speed 10000 kHz
Info : SWD DPIDR 0x00005623
openocd: src/jtag/drivers/tamarin.c:325: tamarin_swd_switch_seq: Assertion 'false' failed.
[1] 53994 IOT instruction sudo ../openocd/src/openocd -s /usr/local/share/openocd/scripts -f -fI have this error whether the iPhone is connected or not which makes me think the pinout is not OK.
I tried:
and:
After checking the code, the second choice is the correct one but still no success.
danylokos
commented
1 year ago I'm also quite sure that my cable works well. Besides testing it with a multimeter, I did not throw away a second part of the extender and also soldered the jumper cables to it. The phone is fully detectable via both - System Information->USB and libimobiledevice's utils suite using it.
btw, I'm using this lightning extender.
nezza
commented
1 year ago Does reset & DCSD work?
blackndoor
commented
1 year ago I'm not sure I understood your question. I'm unable to run openocd providing the bonobo-configs file. (Assertion 'false' failed)
The only thing I can do is:
$ sudo ../openocd/src/openocd -s /usr/local/share/openocd/scripts -f interface/tamarin.cfg
Open On-Chip Debugger 0.10.0+dev-gc6d4abbe (2023-01-12-17:18)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : only one transport option; autoselect 'swd'
Warn : Transport "swd" was already selected
adapter speed: 5000 kHz
Info : Listening on port 6666 for tcl connections
Info : Listening on port 4444 for telnet connections
Info : clock speed 5000 kHz
Warn : gdb services need one or more targets definedAnd then:
$ sudo picocom /dev/ttyACM0
Type [C-a] [C-h] to see available commands
Terminal ready
Good morning!
1: JTAG mode
2: DCSD mode
3: Reset device
4: Reset and enter DFU mode
R: Reset Tamarin cable
> In your second paste you need to chose the mode. JTAG mode, DCSD, or reset the device. Does DCSD & reset work?
nezza
commented
1 year ago Did you use the serial interface to set the Tamarin cable to JTAG mode? Is DCSD & Reset working?
Thanks!
blackndoor
commented
1 year ago Thank you ! I had not understood that you should enable JTAG first, then run openocd cmd !
blackndoor
commented
1 year ago Well...
$ sudo ../openocd/src/openocd -s /usr/local/share/openocd/scripts -f interface/tamarin.cfg -f t8015.cfg
Open On-Chip Debugger 0.10.0+dev-gc6d4abbe (2023-01-12-17:18)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : only one transport option; autoselect 'swd'
Warn : Transport "swd" was already selected
adapter speed: 5000 kHz
Warn : Interface already configured, ignoring
Warn : Transport "swd" was already selected
Info : clock speed 10000 kHz
Info : SWD DPIDR 0x03000067
Error: iphone.ecore0: missing UTT configuration, halt may not work
Info : iphone.ecore0: hardware has 2 breakpoints, 3 watchpoints
Error: iphone.ecore1: missing UTT configuration, halt may not work
Error: iphone.ecore1 powered down!
Error: iphone.ecore2: missing UTT configuration, halt may not work
Error: iphone.ecore2 powered down!
Error: iphone.ecore3: missing UTT configuration, halt may not work
Error: iphone.ecore3 powered down!
Error: iphone.pcore0: missing UTT configuration, halt may not work
Error: iphone.pcore0 powered down!
Error: iphone.pcore1: missing UTT configuration, halt may not work
Error: iphone.pcore1 powered down!
Error: iphone.sep: missing UTT configuration, halt may not work
Info : Listening on port 3333 for gdb connections
Info : Listening on port 3334 for gdb connections
Info : Listening on port 3335 for gdb connections
Info : Listening on port 3336 for gdb connections
Info : Listening on port 3337 for gdb connections
Info : Listening on port 3338 for gdb connections
Info : Listening on port 3339 for gdb connections
Info : Listening on port 6666 for tcl connections
Info : Listening on port 4444 for telnet connections
Info : accepting 'gdb' connection on tcp/3333
Error: Timeout waiting for target iphone.ecore0 halt
Error executing event gdb-attach on target iphone.ecore0:
Info : New GDB Connection: 1, Target iphone.ecore0, state: running
Info : dropped 'gdb' connectionThe GDB connection is dropped instantly :(
danylokos
commented
1 year ago +1 didn't understand at first that you have to set JTAG mode over a serial interface like this, thanks for the clarification!
Now I'm also stuck with gdb dropping the connection:
openocd side:
Info : New GDB Connection: 1, Target iphone.cpu0, state: running
Info : dropped 'gdb' connectionand this how it loos form gdb:
(gdb) target remote :3333
Remote debugging using :3333
warning: Architecture rejected target-supplied description
warning: No executable has been specified and target does not support
determining executable automatically. Try using the "file" command.
Truncated register 8 in remote 'g' packet
xakermonkey
commented
1 year ago Hi. I understand correctly that only id0, l1n and l1p are involved in the code. id1, l0n and l0p are not involved in any way?
d34d633f
commented
11 months ago Well...
$ sudo ../openocd/src/openocd -s /usr/local/share/openocd/scripts -f interface/tamarin.cfg -f t8015.cfg Open On-Chip Debugger 0.10.0+dev-gc6d4abbe (2023-01-12-17:18) Licensed under GNU GPL v2 For bug reports, read http://openocd.org/doc/doxygen/bugs.html Info : only one transport option; autoselect 'swd' Warn : Transport "swd" was already selected adapter speed: 5000 kHz Warn : Interface already configured, ignoring Warn : Transport "swd" was already selected Info : clock speed 10000 kHz Info : SWD DPIDR 0x03000067 Error: iphone.ecore0: missing UTT configuration, halt may not work Info : iphone.ecore0: hardware has 2 breakpoints, 3 watchpoints Error: iphone.ecore1: missing UTT configuration, halt may not work Error: iphone.ecore1 powered down! Error: iphone.ecore2: missing UTT configuration, halt may not work Error: iphone.ecore2 powered down! Error: iphone.ecore3: missing UTT configuration, halt may not work Error: iphone.ecore3 powered down! Error: iphone.pcore0: missing UTT configuration, halt may not work Error: iphone.pcore0 powered down! Error: iphone.pcore1: missing UTT configuration, halt may not work Error: iphone.pcore1 powered down! Error: iphone.sep: missing UTT configuration, halt may not work Info : Listening on port 3333 for gdb connections Info : Listening on port 3334 for gdb connections Info : Listening on port 3335 for gdb connections Info : Listening on port 3336 for gdb connections Info : Listening on port 3337 for gdb connections Info : Listening on port 3338 for gdb connections Info : Listening on port 3339 for gdb connections Info : Listening on port 6666 for tcl connections Info : Listening on port 4444 for telnet connections Info : accepting 'gdb' connection on tcp/3333 Error: Timeout waiting for target iphone.ecore0 halt Error executing event gdb-attach on target iphone.ecore0: Info : New GDB Connection: 1, Target iphone.ecore0, state: running Info : dropped 'gdb' connectionThe GDB connection is dropped instantly :(
Hello, I have encountered the same problem as you, did you solve it? I also tried iPhone7, but there is no way to halt the cpu. According to this article, our steps should be correct, and the value of DPIDR = 0x03000067 is also correct, but the CPU cannot be halted. I don't know what is wrong. Through the measurement of the voltmeter, I found that my configuration is consistent with that in README, I can use reset and dcsd normally, and the usb communication is also normal.
I found that when I use openocd, the serial port doesn't have any logs about jtag. When I use forced jtag mode, the serial port still doesn't have any logs. Does this mean that entering jtag mode failed?
I would be very grateful if someone could give me a little hint.
danylokos
commented
10 months ago Hi, nope, unfortunately, no.
I just tried one more time on iPhone 7 as well, unfortunately, I don't see the message saying that CPU has been halted successfully, halt command doesn't do anything for me.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> targets iphone.cpu0
> targets
TargetName Type Endian TapName State
-- ------------------ ---------- ------ ------------------ ------------
0 iphone.dbg mem_ap little iphone.cpu running
1 iphone.mem mem_ap little iphone.cpu running
2* iphone.cpu0 aarch64 little iphone.cpu running
3 iphone.cpu1 aarch64 little iphone.cpu poweroff
4 iphone.sep cortex_a little iphone.cpu unknown
> halt
> halt
> halt
nvm, turned out I was using a newer version of Pico SDK, once I switched to 4fe995d as literally the first line of the README states 🫠it finally worked for me 🥳
> targets
TargetName Type Endian TapName State
-- ------------------ ---------- ------ ------------------ ------------
0 iphone.dbg mem_ap little iphone.cpu running
1 iphone.mem mem_ap little iphone.cpu running
2* iphone.cpu0 aarch64 little iphone.cpu running
3 iphone.cpu1 aarch64 little iphone.cpu poweroff
4 iphone.sep cortex_a little iphone.cpu unknown
> halt
target halted in AArch64 state due to debug-request, current mode: EL1T
cpsr: 0x800002c4 pc: 0x100000508
MMU: enabled, D-Cache: enabled, I-Cache: enabled(gdb) target remote :3333
Remote debugging using :3333
warning: No executable has been specified and target does not support
determining executable automatically. Try using the "file" command.
0x0000000100000508 in ?? ()
(gdb) x/5i $pc
=> 0x100000508: ret
0x10000050c: hint #0x45
0x100000510: b 0x100000510
0x100000514: stp x28, x27, [sp, #-96]!
0x100000518: stp x26, x25, [sp, #16]
(gdb) x/s 0x100000200
0x100000200: "SecureROM for t8010si, Copyright 2007-2015, Apple Inc."
(gdb) x/s 0x100000280
0x100000280: "iBoot-2696.0.0.1.33"(The above output is from iPhone 7., still can't halt IPhone X tho due to some timeout issue.)
Don't know what to do with all of this from this point on, but it was a fun experiment, thanks folks!
Hi, watched the Defcon talk, and it got me really excited, so I decided to try the project for myself. Unfortunately, I'm a complete noob in all of these - pico, soldering, and kernel debugging 😅 So, I'm not sure what I am doing wrong here.
I made the cable out of this LIghtning extension adapter, soldered the jumping wires and verified it for continuity using a multimeter. Just in case, I made two of those.
Next, I soldered the pins to the Pico and flashed the firmware. I tried connecting the pins to the Pico the way it's described in the README, starting with
L1n(Purple) toGPIO1and in another way like it was shown on the slides -L1n(Purple) toGPIO0. I'm not sure which way is correct, but the pins on the Pico start withGPIO0.I'm using a demoted iPhone 7+ and
t8010.cfgbonobo config for it. (openocd was also built from your fork.)Unfortunatly I'm getting this error:
Here is a more verbose output with `-d` flag
``` $ ../src/openocd -f interface/tamarin.cfg -f ~/test/bonobo-configs/t8010.cfg -d Open On-Chip Debugger 0.10.0+dev-gc6d4abbe (2022-11-05-17:54) Licensed under GNU GPL v2 For bug reports, read http://openocd.org/doc/doxygen/bugs.html User : 13 8 options.c:60 configuration_output_handler(): debug_level: 3 User : 14 8 options.c:60 configuration_output_handler(): Debug: 15 8 options.c:184 add_default_dirs(): bindir=/usr/local/bin Debug: 16 8 options.c:185 add_default_dirs(): pkgdatadir=/usr/local/share/openocd Debug: 17 8 options.c:186 add_default_dirs(): exepath=/Users/danylokos/test/openocd/src Debug: 18 8 options.c:187 add_default_dirs(): bin2data=../share/openocd Debug: 19 8 configuration.c:42 add_script_search_dir(): adding /Users/danylokos/.openocd Debug: 20 8 configuration.c:42 add_script_search_dir(): adding /Users/danylokos/test/openocd/src/../share/openocd/site Debug: 21 8 configuration.c:42 add_script_search_dir(): adding /Users/danylokos/test/openocd/src/../share/openocd/scripts Debug: 22 8 configuration.c:97 find_file(): found interface/tamarin.cfg Debug: 23 9 command.c:143 script_debug(): command - interface interface tamarin Info : 25 9 transport.c:117 allow_transports(): only one transport option; autoselect 'swd' Debug: 26 9 command.c:355 register_command_handler(): registering 'swd'... Debug: 27 9 command.c:143 script_debug(): command - transport transport select swd Warn : 28 9 transport.c:297 jim_transport_select(): Transport "swd" was already selected Debug: 29 9 command.c:143 script_debug(): command - adapter_khz adapter_khz 5000 Debug: 31 9 core.c:1636 jtag_config_khz(): handle jtag khz Debug: 32 9 core.c:1599 adapter_khz_to_speed(): convert khz to interface specific speed value Debug: 33 9 core.c:1599 adapter_khz_to_speed(): convert khz to interface specific speed value User : 34 9 options.c:60 configuration_output_handler(): adapter speed: 5000 kHz User : 35 9 options.c:60 configuration_output_handler(): Debug: 36 10 configuration.c:97 find_file(): found /Users/danylokos/test/bonobo-configs/t8010.cfg Debug: 37 10 command.c:143 script_debug(): command - interface interface bonobo Warn : 39 10 adapter.c:108 handle_interface_command(): Interface already configured, ignoring Debug: 40 10 command.c:143 script_debug(): command - transport transport select swd Warn : 41 10 transport.c:297 jim_transport_select(): Transport "swd" was already selected Debug: 42 10 command.c:143 script_debug(): command - adapter_khz adapter_khz 10000 Debug: 44 10 core.c:1636 jtag_config_khz(): handle jtag khz Debug: 45 10 core.c:1599 adapter_khz_to_speed(): convert khz to interface specific speed value Debug: 46 10 core.c:1599 adapter_khz_to_speed(): convert khz to interface specific speed value Debug: 47 10 command.c:143 script_debug(): command - reset_config reset_config srst_only Debug: 49 10 configuration.c:97 find_file(): found target/swj-dp.tcl Debug: 50 10 command.c:143 script_debug(): command - transport transport select Debug: 51 10 command.c:143 script_debug(): command - transport transport select Debug: 52 10 command.c:143 script_debug(): command - transport transport select Debug: 53 10 command.c:143 script_debug(): command - transport transport select Debug: 54 10 command.c:143 script_debug(): command - transport transport select Debug: 55 10 command.c:143 script_debug(): command - swd swd newdap iphone cpu -irlen 6 -ircapture 0x1 -irmask 0xf -expected-id 0x4ba02477 Debug: 56 10 tcl.c:567 jim_newtap_cmd(): Creating New Tap, Chip: iphone, Tap: cpu, Dotted: iphone.cpu, 8 params Debug: 57 10 core.c:1304 jtag_tap_init(): Created Tap: iphone.cpu @ abs position 0, irlen 0, capture: 0x0 mask: 0x0 Debug: 58 10 command.c:143 script_debug(): command - dap dap create iphone.dap -chain-position iphone.cpu Debug: 59 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 60 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 61 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 62 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 63 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 64 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 65 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 66 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 67 11 command.c:355 register_command_handler(): registering 'iphone.dap'... Debug: 68 11 command.c:143 script_debug(): command - target target create iphone.dbg mem_ap -endian little -dap iphone.dap -ap-num 1 Debug: 69 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 70 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 71 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 72 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 73 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 74 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 75 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 76 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 77 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 78 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 79 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 80 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 81 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 82 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 83 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 84 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 85 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 86 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 87 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 88 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 89 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 90 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 91 11 command.c:355 register_command_handler(): registering 'iphone.dbg'... Debug: 92 11 command.c:143 script_debug(): command - target target create iphone.mem mem_ap -endian little -dap iphone.dap -ap-num 4 Debug: 93 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 94 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 95 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 96 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 97 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 98 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 99 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 100 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 101 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 102 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 103 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 104 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 105 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 106 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 107 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 108 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 109 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 110 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 111 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 112 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 113 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 114 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 115 11 command.c:355 register_command_handler(): registering 'iphone.mem'... Debug: 116 11 command.c:143 script_debug(): command - cti cti create iphone.cpu0.cti -dap iphone.dap -ap-num 1 -ctibase 0xc2020000 Debug: 117 11 command.c:355 register_command_handler(): registering 'iphone.cpu0.cti'... Debug: 118 11 command.c:355 register_command_handler(): registering 'iphone.cpu0.cti'... Debug: 119 11 command.c:355 register_command_handler(): registering 'iphone.cpu0.cti'... Debug: 120 11 command.c:355 register_command_handler(): registering 'iphone.cpu0.cti'... Debug: 121 11 command.c:355 register_command_handler(): registering 'iphone.cpu0.cti'... Debug: 122 11 command.c:143 script_debug(): command - target target create iphone.cpu0 aarch64 -endian little -dap iphone.dap -ap-num 1 -dbgbase 0xc2010000 -cti iphone.cpu0.cti -coreid 0 -apple-utt 4 0x202040000 64 Debug: 123 11 command.c:355 register_command_handler(): registering 'catch_exc'... Debug: 124 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 125 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 126 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 127 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 128 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 129 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 130 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 131 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 132 11 command.c:355 register_command_handler(): registering 'aarch64'... Debug: 133 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 134 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 135 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 136 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 137 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 138 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 139 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 140 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 141 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 142 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 143 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 144 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 145 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 146 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 147 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 148 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 149 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 150 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 151 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 152 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 153 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 154 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 155 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 156 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 157 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 158 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 159 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 160 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 161 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 162 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 163 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 164 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 165 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 166 11 command.c:355 register_command_handler(): registering 'iphone.cpu0'... Debug: 167 11 command.c:143 script_debug(): command - cti cti create iphone.cpu1.cti -dap iphone.dap -ap-num 1 -ctibase 0xc2120000 Debug: 168 11 command.c:355 register_command_handler(): registering 'iphone.cpu1.cti'... Debug: 169 11 command.c:355 register_command_handler(): registering 'iphone.cpu1.cti'... Debug: 170 11 command.c:355 register_command_handler(): registering 'iphone.cpu1.cti'... Debug: 171 11 command.c:355 register_command_handler(): registering 'iphone.cpu1.cti'... Debug: 172 11 command.c:355 register_command_handler(): registering 'iphone.cpu1.cti'... Debug: 173 11 command.c:143 script_debug(): command - target target create iphone.cpu1 aarch64 -endian little -dap iphone.dap -ap-num 1 -dbgbase 0xc2110000 -cti iphone.cpu1.cti -coreid 1 -apple-utt 4 0x202140000 64 Debug: 174 11 command.c:377 register_command(): command 'catch_exc' is already registered in 'Because there are so many parts involved in to this process, I honestly don't know where to start debugging it, would appriciate any suggestion. And thanks again for the talk. It was very inspiring!