Closed baltpeter closed 1 year ago
baltpeter
commented
1 year ago We're using blobsaver. Starting with the A12 chip, the process is more complicated but since we're using iPhone X, we don't need to worry about APNonce and generator.
These are the settings I used:
baltpeter
commented
1 year ago I'm storing the blobs and device info in: https://git.my-server.in/tweasel/iphones
Here's the structure:
devices
<model>-<serial>: output of ideviceinfoshsh-blobs
blobsaver.xml: exported blobsaver config<model>-<serial>
baltpeter
commented
1 year ago I've also setup daily automatic blob saving in blobsaver. We'll see whether that works.
baltpeter
commented
1 year ago I just got this error when trying to save the blobs for the new phone:
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $
at com.google.gson@2.10/com.google.gson.Gson.fromJson(Unknown Source)
at com.google.gson@2.10/com.google.gson.Gson.fromJson(Unknown Source)
at com.google.gson@2.10/com.google.gson.Gson.fromJson(Unknown Source)
at com.google.gson@2.10/com.google.gson.Gson.fromJson(Unknown Source)
at airsquared.blobsaver@3.4.1/airsquared.blobsaver.app.TSS.saveBlobsSHSHHost(Unknown Source)
at airsquared.blobsaver@3.4.1/airsquared.blobsaver.app.TSS.call(Unknown Source)
at airsquared.blobsaver@3.4.1/airsquared.blobsaver.app.TSS.call(Unknown Source)
at javafx.graphics@19/javafx.concurrent.Task$TaskCallable.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $
at com.google.gson@2.10/com.google.gson.stream.JsonReader.beginObject(Unknown Source)
at com.google.gson@2.10/com.google.gson.internal.bind.MapTypeAdapterFactory$Adapter.read(Unknown Source)
at com.google.gson@2.10/com.google.gson.internal.bind.MapTypeAdapterFactory$Adapter.read(Unknown Source)
... 12 moreDisabling "Also save to SHSH Host" solved the problem (see https://github.com/airsquared/blobsaver/issues/530).
baltpeter
commented
1 year ago I haven't tried it yet but here's a guide for how the downgrading using the blobs would work: https://gist.github.com/0xallie/aac55c97f7925cddcf5ec3167f85dfe8
baltpeter
commented
1 year ago I also tried to save the onboard blobs using Deverser according to https://ios.cfw.guide/saving-blobs/#using-deverser:
git clone https://github.com/joshuah345/deverser.git && cd deverserchmod +x deverser.sh./deverser.sh
YesOn the iPhone X with iOS 16, this produced the following error (dump.raw is 0 bytes):
❯ ./deverser.sh
[!] Welcome to Déverser, a simple script to dump onboard SHSH (Blobs) with a valid Generator for iOS devices...
[!] This script will allow you to use dumped blobs with futurerestore at a later date (depending on SEP compatibility)...
[!] Linux detected!
[!] Found img4tool at /usr/local/bin/img4tool!
[!] Please enter your device's IP address (Found in wifi settings)...
10.0.0.232
Device's IP address is 10.0.0.232
[*] Assuming given IP to be correct, if connecting to the device fails ensure you entered the IP correctly and have OpenSSh installed...
[!] Please enter the device's root password (Default is 'alpine')...
(root@10.0.0.232) Password for root@Vanessas-iPhone-2:
[!] Dumped onboard SHSH to device, about to copy to this machine...
[!] Please enter the device's root password again (Default is 'alpine')...
(root@10.0.0.232) Password for root@Vanessas-iPhone-2:
[!] Copied dump.raw to this machine, about to convert to SHSH...
[#] Error: Failed to create SHSH from 'dump.raw'...On the other iPhone X with iOS 15, it worked:
❯ ./deverser.sh
[!] Welcome to Déverser, a simple script to dump onboard SHSH (Blobs) with a valid Generator for iOS devices...
[!] This script will allow you to use dumped blobs with futurerestore at a later date (depending on SEP compatibility)...
[!] Linux detected!
[!] Found img4tool at /usr/local/bin/img4tool!
[!] Please enter your device's IP address (Found in wifi settings)...
10.0.0.181
Device's IP address is 10.0.0.181
[*] Assuming given IP to be correct, if connecting to the device fails ensure you entered the IP correctly and have OpenSSh installed...
[!] Please enter the device's root password (Default is 'alpine')...
(root@10.0.0.181) Password for root@Vanessas-iPhone:
[!] Dumped onboard SHSH to device, about to copy to this machine...
[!] Please enter the device's root password again (Default is 'alpine')...
(root@10.0.0.181) Password for root@Vanessas-iPhone:
[!] Copied dump.raw to this machine, about to convert to SHSH...
[!] SHSH should be dumped successfully at '375809719377966.dumped.shsh' (The number in the filename is your devices ECID)!
[!] Your Generator for the dumped SHSH is: 0xf71fe6aa1dde214f
[@] Originally Written by Matty (@mosk_i), Modified by joshuah345 / Superuser#1958 - Enjoy!I've saved the blob, console output and dump.raw in the iphones repo.
baltpeter
commented
1 year ago Looking into the problem. dump.raw is created here:
https://github.com/joshuah345/deverser/blob/f151b1d540a186faf9eb31eaad5d4fe55d679ee6/deverser.sh#L69
Running that manually on the device without supressing errors:
Vanessas-iPhone-2:~ root# cat /dev/disk1 | dd of=dump.raw bs=256 count=$((0x4000))
cat: /dev/disk1: Resource busy
0+0 records in
0+0 records out
0 bytes copied, 3.5e-05 s, 0.0 kB/s
See https://www.theiphonewiki.com/wiki/SHSH for why.