Joshua Hill

yea they changed some things and removed dload mode from iphone5. after baseband reset it expects to be in sahara mode sending dbl stuff On Mon, 19 Nov 2018 at...

the only real trick is figuring out which file_id numbers it requests and match which firmware you can bruteforce them, or interpose some functions and mitm them On Mon, 19...

yea, they changed some things on new devices. unfortunately my iphone5 I was using to develop updated version magically vanished. on newer device there is no dload mode. resetting baseband...

yes, you got the general idea. instrument the read/write pipe and control message functions to dump the contents and see how commcenter is doing it. at least on iphone6 I...

this resulted in me bricking my device... whooops... that's the end of that story ;P

my only guess would be perhaps the size of the USB buffer has changed. try doubling it and see if that helps. I wouldn't be surprised if a malformed usb...

my recommendation is to download DBLTool, alter the USB vid/pid so it matches the one in dloadtool (yes I know it's really really annoying!!) and then give it a shot

same vid and pid as dload mode, but SAH protocol

can you give me the output of iosusbenum? it looks like dload mode, but it's not. dbl protocol has no control requests, it's only bulk pipes

yea, you can see it only exposes 2 bulk endpoints, no control messages (although technically that's just endpoint 0 iirc)