Closed badger200 closed 2 months ago
tihmstar
commented
2 months ago Hi, yes, it is technically possible to boot a ramdisk and at least get a theoretical chance of recovering your data. However this is greatly out of scope of this project. I recommend looking for commercial solutions which could help you with that
badger200
commented
2 months ago @tihmstar Don't worry, I used Legacy iOS Kit which booted an SSH Ramdisk successfully! Incredible gem of a tool, that one. Also fixed my iPhone 5 that wouldn't boot due to a full disk, I was able to use ramdisk to fsck and then it booted.
I’ve got an iPad Pro 9.7” first gen A9X on 12.4 that worked great with checkra1n until I used it so heavily I wore out the NAND (NVMe SSD). It began slowing down and I saw a few bad sectors begin appearing in dmesg, and eventually it got slower and slower and during a checkra1n verbose boot it began panicking at “NVMe controller status: Fatal.” But only about 50% of the time, the rest of the time I could still boot. I backed up a lot, but like a fool I didn’t immediately back up everything and lost a ton of irreplaceable stuff not included on iCloud Backup.
Because a few days later, it stopped booting the checkra1n logo at all. checkra1n acts like it’s success and begins booting the white apple, but it never changes to the checkra1n logo, and eventually just goes to Recovery Mode about 30 sec later.
I spent 6 months trying everything possible and I have never gotten it to ever display the checkra1n logo again since it died. I am assuming there’s something in the checkra1n boot that relies upon a read/write disk0s1 existing. I need a true SSH/iproxy RAMdisk able to access apfs. I definitely have some valuable stuff on the unencrypted disk0s1s1 areas but obviously I have a bunch more on the encrypted disk0s1s2 /private/var that doesn’t get unlocked until I enter my passcode.
I recently found an impressive GitHub project for booting iOS in a fork of qemu and they simulate an iPhone 6S Plus which uses the A9 S8000 and my iPad is the A9X S8001 so I might be in luck!!
They have a brilliant way of taking the /usr/standalone/firmware/arm64SURamDisk.dmg and modifying all the LaunchDaemons so it does NOT begin erasing your user partition (!!!) but instead launches bash and SSH access, which would be perfect!
I have successfully managed to compile unmodified PongoOS “PongoConsolidated.bin” images and booted my iPhone 6S with them (which happens to use the exact A9 s8000 cpu the qemu-iOS project emulates), but they never got me to the checkra1n log.
I believe I could manage to compile this and hack away for a real chance of recovering my data but I’m really pushing the limit of my skills here and would desperately appreciate any advice, ideas, comments. Thanks!