Comments (2)
Another attempt with a different outcome
Last login: Mon Sep 19 00:44:03 on ttys000
(base) zyan910@Zyans-MBP ~ % cd /Users/zyan910/Downloads/sunst0rm-main
(base) zyan910@Zyans-MBP sunst0rm-main % python3 sunstorm.py -i /Users/zyan910/Downloads/sunst0rm-main/iPhone_4.7_P3_14.8_18H17_Restore.ipsw -t /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 -r -d D201AP
sunst0rm
Made by mineek
Some code by m1n1exploit
[] Extracting IPSW
[] Extracting RamDisk
rdsk
[] Mounting RamDisk
/dev/disk4 /Users/zyan910/Downloads/sunst0rm-main/work/ramdisk
[] Patching ASR in the RamDisk
getting get_asr_patch()
[] Image failed signature verification 0x14804c5e1
[] Image passed signature verification 0x14804c5bd
[] Assembling arm64 branch
[] Writing out patched file to work/patched_asr
[] Extracting ASR Ents
[] Resigning ASR
[] Chmoding ASR
[] Copying Patched ASR back to the RamDisk
[] Patching Restored External
file size: 1049440
getting get_skip_sealing_patch()
[] Skipping sealing system volume string at 0xb22fa
[] Skipping sealing system volume xref at 0x3129c
[] Skipping sealing system volume branch to xref at 0x3123c
[] Assembling arm64 branch
[] Writing out patched file to work/restored_external_patched
[] Extracting Restored External Ents
[] Resigning Restored External
[] Chmoding Restored External
[] Copying Patched Restored External back to the RamDisk
[] Detaching RamDisk
"disk4" ejected.
[] Creating RamDisk
Reading work/ramdisk.dmg...
IM4P outputted to: work/ramdisk.im4p
[] Extracting Kernel
Reading work/kernelcache.release.iphone10...
[NOTE] Image4 payload data is LZFSE compressed, decompressing...
Extracted Image4 payload data to: work/kcache.raw
[] Patching Kernel
main: Starting...
Kernel: Adding AppleFirmwareUpdate img4 signature check patch...
get_AppleFirmwareUpdate_img4_signature_check: Entering ...
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" str loc at 0x41522a
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" xref at 0x12173e0
get_AppleFirmwareUpdate_img4_signature_check: Patching "%s::%s() Performing img4 validation outside of workloop" at 0x12173ec
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-7195 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x40a18e
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0x11b0270
get_amfi_out_of_my_way_patch: Patching AMFI at 0x11ac6e8
main: Writing out patched file to work/krnl.patched...
main: Quitting...
[] Rebuilding Kernel
Reading work/krnl.patched...
Compressing payload using LZSS...
IM4P outputted to: work/krnl.im4p
[] Done!
[?] Do you want to restore the device? (y/n)
y
[?] Are you in pwndfu with sigchecks removed? (y/n)
y
[*] Restoring Device
Version: v2.0.0-test(19e30c014b2736ed9a5af08d95669a2dc8044bd3-291)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done
User specified to use latest signed SEP
Using cached SEP.
Checking if SEP is being signed...
Sending TSS request attempt 1... response successfully received
SEP is being signed!
User specified to use latest signed baseband
Downloading Baseband
Checking if Baseband is being signed...
[TSSR] User specified to request only a Baseband ticket.
Sending TSS request attempt 1... response successfully received
Baseband is being signed!
Downloading the latest firmware components...
Downloading SE firmware
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d201ap, iPhone10,4
Extracting BuildManifest from iPSW
Product version: 14.8
Product build: 18H17 Major: 18
Device supports Image4: true
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 3:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 4:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 5:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 6:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 7:
[IMG4TOOL] checking buildidentity matches board ... NO
[WARNING] NOT VALIDATING SHSH BLOBS IM4M!
[Error] BuildIdentity selected for restore does not match APTicket
BuildIdentity selected for restore:
BuildNumber : 18H17
BuildTrain : AzulSecuritySky
DeviceClass : d201ap
FDRSupport : YES
MobileDeviceMinVersion : 1253.100.1
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)
BuildIdentity is valid for the APTicket:
IM4M is not valid for any restore within the Buildmanifest
This APTicket can't be used for restoring this firmware
[WARNING] NOT VALIDATING SHSH BLOBS!
Variant: Customer Erase Install (IPSW)
This restore will erase all device data.
Device found in DFU Mode.
Sending iBSS (1456228 bytes)...
[==================================================] 100.0%
Booting iBSS, waiting for device to disconnect...
Booting iBSS, waiting for device to reconnect...
ApNonce pre-hax:
INFO: device serial number is C8QVNJWSJC67
Getting ApNonce in recovery mode... cb 61 1e 84 15 f9 08 62 bf 60 0b 89 78 98 8e 34 99 ce 54 ce e0 b6 86 11 65 26 da d2 80 20 f8 91
ApNonce from device doesn't match IM4M nonce, applying hax...
Writing generator=0x1111111111111111 to nvram!
Sending iBEC (1456228 bytes)...
[==================================================] 100.0%
Booting iBEC, waiting for device to disconnect...
Booting iBEC, waiting for device to reconnect...
APnonce post-hax:
Getting ApNonce in recovery mode... 27 32 5c 82 58 be 46 e6 9d 9e e5 7f a9 a8 fb c2 8b 87 3d f4 34 e5 e7 02 a8 b2 79 99 55 11 38 ae
Successfully set nonce generator: 0x1111111111111111
futurerestore(1217,0x305faf000) malloc: Heap corruption detected, free list is damaged at 0x600001e91b60
*** Incorrect guard value: 16629806333025528536
futurerestore(1217,0x305faf000) malloc: *** set a breakpoint in malloc_error_break to debug
[] Done!
[] Cleaning
[*] Done!
(base) zyan910@Zyans-MBP sunst0rm-main %
from sunst0rm.
You need superuser permissions
from sunst0rm.
Related Issues (20)
- ERROR: Unable to receive message from FDR 0x6000000b5580 (-7). 0/2 bytes HOT 1
- iPhone 7 (GSM) stuck on white screen HOT 1
- Possibly invalid iBSS
- iPhone X (iPhone10,6) (d221ap)(Downgrading iOS 15.5 to 14.3) Restore fail HOT 1
- iPhone 5s, iPhone 6,2 can't restore.
- Retore iPhone 7 Plus HOT 5
- Traceback (most recent call last): HOT 3
- Fugu_V0 for A10 instead of Gaster
- Update docs to indicate the need for firmware keys. Drop support for a9x. HOT 4
- taurine not work in ios 14.2 thether downgrade HOT 3
- error HOT 3
- ERROR: Unable to receive message from FDR 0x7fd691bc6060 (-7). 0/2 bytes on iPhone 7 Global HOT 3
- iPhone 7 downgraded to iOS 14.0 and don't want exit from dfu HOT 1
- Audio not working in iOS 14.3 thether downgrade HOT 1
- Add support for T2 Macs please HOT 5
- Unable to activate HOT 1
- ERROR: Unable to receive message from FDR 0x600002ef7380 (-2). 0/2 bytes HOT 1
- KeyError: 'StaticTrustCache' HOT 1
- sunstorm.py: error: argument -r/--restore: expected one argument HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sunst0rm.