PyBoot icon indicating copy to clipboard operation
PyBoot copied to clipboard

Published 20 hours ago verified publisher icon MatthewPierson

No such file or directory: 'resources/Fugu_8010'

Open kushwavez opened this issue 4 years ago • 3 comments

Trying to tether-boot iOS 13.5 on iPhone 7, but it fails every time with this: ./pyboot.py -q ~/Downloads/iPhone_4.7_P3_13.5_17F75_Restore.ipsw iPhone9,1 -a

[...]
Signing boot files
Exploiting device with checkm8
Downloading latest Fugu release from LinusHenze's github...
Fugu has now been installed!
Traceback (most recent call last):
  File "/Users/kushwavez/Downloads/PyBoot/./pyboot.py", line 505, in <module>
    main()
  File "/Users/kushwavez/Downloads/PyBoot/./pyboot.py", line 429, in main
    pwn.pwndfumode()
  File "/Users/kushwavez/Downloads/PyBoot/resources/pwn.py", line 231, in pwndfumode
    pwndfumode()
  File "/Users/kushwavez/Downloads/PyBoot/resources/pwn.py", line 183, in pwndfumode
    os.mkdir("resources/Fugu_8010")
FileNotFoundError: [Errno 2] No such file or directory: 'resources/Fugu_8010'

I checked that folder, Fugu is there.

Screenshot 2021-02-28 at 15 52 16

Screenshot 2021-02-28 at 15 48 26

Also first time it ended with error: usb.core.NoBackendError: No backend available, but luckily I quickly found in #51 that it needs libusb that can be installed with brew install libusb

OS: macOS 11.2.2, MBP15,2

kushwavez avatar Feb 28 '21 14:02 kushwavez

Okay, got through that error by modifying resources/pwn.py: Line 183: if os.path.exists("resources/Fugu_8010/Fugu"): to if os.path.exists("resources/Fugu_8010"):

Now getting a new error:

[...]
Signing boot files
Exploiting device with checkm8
Exploit worked!
Traceback (most recent call last):
  File "/Users/kushwavez/Downloads/PyBoot/./pyboot.py", line 505, in <module>
    main()
  File "/Users/kushwavez/Downloads/PyBoot/./pyboot.py", line 431, in main
    if args.ios[1] == "iPhone10,1" or args.ios[1] == "iPhone10,2" or args.ios[1] == "iPhone10,3" or args.ios[1] == "iPhone10,4" or args.ios[1] == "iPhone10,5" or args.ios[1] == "iPhone10,6":
TypeError: 'NoneType' object is not subscriptable

kushwavez avatar Feb 28 '21 15:02 kushwavez

Got through that too by deleted the whole "if" statement at line 431 and line 483 and set A10A11Check=true manually in pyboot.py (of course it isn't a solution, but a very quick workaround)

After that I got error:

dyld: Library not loaded: /usr/local/lib/libirecovery-1.0.3.dylib
  Referenced from: /Users/kushwavez/Downloads/PyBoot/resources/bin/irecovery
  Reason: image not found

-> Fixed by installing libirecovery : brew install libirecovery Next:

[...]
Exploit worked!
Sending boot files to the device and booting
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
Device should be booting!

After that the device started to boot, but unfortunately stalling with

[...]
unsupported apfs_incompatible_features
hfs_mountfs returned error=22
mount(x)

After tenth or so try it restart itself, returning to the installed iOS 14.4

kushwavez avatar Feb 28 '21 16:02 kushwavez

New try, iDevice hanging with "Still waiting for root device", need to force-reset

EDIT: Now trying Divisé EDIT2: Same with Divisé:

[...]
unsupported apfs_incompatible_features
hfs_mountfs returned error=22
mount(x)

Restoring back via iTunes now. Do I need some special bootargs for a successful boot?

EDIT: Looks like AMFI patch is needed. Need to compile liboffsetfinder64, but the compilation fails. Will look into it in my free time.

EDIT2: AMFI patch always fails. Needed to replace bin/Kernel64Patcher with this Kernel64Patcher, after that the patch completed and the device started to boot. However new issue, now that AMFI out of the picture:

[...]
Emergency: Boot task failed: fsck
Emergency: Shutting down in 3 seconds

I gave up and restored 14.4 via iTunes. Waiting for Ramiel to release. That'll hopefully fix all these issues.

kushwavez avatar Feb 28 '21 16:02 kushwavez