search

tihmstar / ra1nsn0w

A tethered booter for 64bit iOS devices vulnerable to checkm8
GNU Lesser General Public License v2.1
177 stars 41 forks source link

errors out when trying to dump apticket #16

Closed m1stadev closed 2 months ago

m1stadev commented 4 years ago

On an iPhone 5s running 10.3.3, while specifying the 10.3.3 ipsw and 10.3.3 (ota) blobs, if I include --dump-apticket and a directory to dump the shsh2 to, all ra1nsn0w seems to do is boot the device with verbose output, then error out. Full log:


~ » ra1nsn0w -t 6277774322128_iPhone6,1_10.3.3-14G60_383cbac9312f7f80d7dc4f108008d3aef87e9e66.shsh2 --dump-apticket /Users/m1staawesome /Volumes/storage/Apple/IPSWs/iPhone6,1/10.3.3/iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw
ra1nsn0w version: 0.12-bcdb3b737d397ae110d9ae0c22c12b5904d52adb
img4tool version: 0.182-22a2671082a9232c180e1856dfce04eea9681315
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
Libipatcher Version: cd2ecc52ecab2c94cb679fe495978b55fdbfae55 - 71

Waiting for device...
Found device: iPhone6,1
Got local ipsw path=/Volumes/storage/Apple/IPSWs/iPhone6,1/10.3.3/iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw
Opening firmware...
Loading BuildManifest...
Getting Firmware Keys...
Found iBSS at Firmware/dfu/iBSS.iphone6.RELEASE.im4p
Found iBEC at Firmware/dfu/iBEC.iphone6.RELEASE.im4p
Found kernel at kernelcache.release.iphone6
Found DeviceTree at Firmware/all_flash/DeviceTree.n51ap.im4p
Loading iBSS...
Loading iBEC...
Loading kernel...
Loading DeviceTree...
Patching iBSS...
iBoot64Patch: Staring iBoot64Patch!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: has_kernel_load is false!
iBoot64Patch: Applying patch=0x18038b73c : 000080d2c0035fd6
iBoot64Patch: Patches applied!
Patching iBEC...
iBEC: Adding sigcheck patch...
iBEC: Adding debug_enable patch...
iBEC: Adding boot-arg patch () ...
iBEC: Applying patch=0x830009dcc : 000080d2c0035fd6
iBEC: Applying patch=0x83000b008 : 200080d2
iBEC: Applying patch=0x830039265 : 00
iBEC: Applying patch=0x83000c390 : fb0309aa
iBEC: Applying patch=0x83000c490 : bb6e1630
iBEC: Patches applied!
Patching kernel...
Compression detected, uncompressing (complzss): ok
Detected and extracted hypervisor!
Detected non-slid kernel.
Inited offsetfinder64 118 d57c4702d36992f4c2b69dff9bb0c8fd753cad47

kernel: Patches applied!
Compression requested, compressing (complzss): ok
Requested appending uncompressed buffer at the end!
Patching DeviceTree...
Sending iBSS...
Sending iBEC...
Sending DeviceTree...
Sending kernel...
Booting...
Done!
ra1nsn0w: failed with exception:
[exception]:
what=sendCommand called, but device is not in recovery mode
code=9764877
line=149
file=iOSDevice.cpp
commit count=31:
commit sha  =7267a5b510ba2d466b854d8469e716660ce66e6b:```
tihmstar commented 4 years ago

unfortunatelly this feature does not work at the moment :(

tihmstar commented 2 months ago

this feature was dropped completely :(