libirecovery icon indicating copy to clipboard operation
libirecovery copied to clipboard
verified publisher icon libimobiledevice

Add support for new taDFU mode (iPhone 14 family)

Open nikias opened this issue 3 years ago • 5 comments

This is to track implementation progress for the new taDFU mode that is uses with newer devices like iPhone 14. Thanks to some initial analysis by @siguza, we already know a few things:

  • USB VID: 0x05ac PID: 0x1881
  • Initial packet to send to pipe 6 (ep3): { 0x01, 0x10, 0xa0, 0x10, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00 }
  • read back from pipe 5 (ep 3) will yield a buffer that contains a USB descriptor, with NONC, SNON values, and CPID, BDID, etc...

nikias avatar Nov 09 '22 12:11 nikias

It seems to work. Do you know how to send files

ChinaGuCheng avatar Nov 22 '22 03:11 ChinaGuCheng

Dumping this here: main.m.gz
This reads and prints a bunch of DFU descriptors.
There's also an #if 0 block that I think correctly uploads an image to DFU, but so far I haven't been able to boot iBSS. My current theory is that there's actually something missing in the img4, possibly related to the <key>MemoryMap</key> key in BuildManifest?

Siguza avatar Jan 28 '23 17:01 Siguza

May I ask, has this problem been solved?

weikaizu avatar Mar 10 '23 06:03 weikaizu

@nikias

weikaizu avatar Mar 10 '23 06:03 weikaizu

I pushed a few commits, thanks to the work of @LinusHenze and @tihmstar we have support for it for macOS and Linux. Windows is still missing.

nikias avatar Nov 17 '23 17:11 nikias