iphone-dataprotection
iphone-dataprotection copied to clipboard
nabla-c0d3
Unable to find VSVFL context for CE %d" % ce
What steps will reproduce the problem?
1. NAND image.bin successfully completed using the following: nand_dump
iphone4_nand.bin
2. Attempting to execute the ios_examiner.py script using the following:
python python_scripts/ios_examiner.py iphone4_nand.bin iphone4.plist undelete ( and without "undelete" same issue)
What is the expected output? What do you see instead?
Expecting to see outcome (recovered files) and seeing instead the following:
Loading device information from iphone4.plist
Device model: iPhone 4 GSM
UDID: 3d4e5b8a9204e5621e0355a6e974a4ae4a4a05c6
ECID: 3585307992975
Serial number: 88207F9MA4S
key835: 7776885bdf2151992a6c357060fac693
key89B: 0744dff1758f7f8c10effc3955d96486
Chip id 0x3294e798 banks per CE physical 1
NAND geometry : 16GB (4 CEs (1 physical banks/CE) of 4100 blocks of 128 pages
of 8192 bytes data, 12 bytes metdata)
Image size matches expected size, looks ok
Searching for special pages...
Found DEVICEUNIQUEINFO, NANDDRIVERSIGN, DEVICEINFOBBT special pages in CE 0
NAND signature 0x43313132 flags 0x10006 withening=1, epoch=2
Effaceable generation 42
Effaceable CRC OK
Found effaceable lockers in ce 1 block 1 page 96
Lockers : BAG1, DONE, Dkey, LwVM
Found DEVICEUNIQUEINFO, serial number=88207F9MA4S
Using VSVFL
Traceback (most recent call last):
File "python_scripts/ios_examiner.py", line 369, in <module>
main()
File "python_scripts/ios_examiner.py", line 363, in main
image = NAND(nandimagename, device_infos)
File "/Users/daron/iphone-dataprotection/python_scripts/nand/nand.py", line 124, in __init__
self.vfl = VSVFL(self)
File "/Users/daron/iphone-dataprotection/python_scripts/nand/vsvfl.py", line 86, in __init__
raise Exception("Unable to find VSVFL context for CE %d" % ce)
Exception: Unable to find VSVFL context for CE 0
What version of the product are you using? On what operating system?
Recent version of the tools python27 and OS x 10.6.7
Original issue reported on code.google.com by [email protected] on 22 Aug 2012 at 1:56
This happens to me when I try to run the script without having the ramdisk
loaded onto the phone. I load the ramdisk >>
./redsn0w.app/Contents/MacOS/redsn0w -i iphone511.ipsw -r myramdisk_n90ap.dmg
-k kernelcache.release.n90.patched -a "-v rd=md0 nand-disable=1"
and then this error goes away. I'm new to this, hope I'm right and hope this
helps.
Original comment by [email protected] on 25 Aug 2012 at 2:55
Also, a tip I learned for myself - again, I have no idea if I'm doing it right
BUT it did something, and that made me happy!
1) load the ramdisk, run the >> python python_scripts/ios_examiner.py (only if
you have taken the time to do the "nand dump" before)
the keybag will be locked still. run the >> bruteforce (by typing 'bruteforce'
at the prompt)
You already created the iphone4.plist, so type in the filename iphone4.plist
and choose N no to overwrite. The keybag will then be unlocked. You can verify
this by typing: keychain
THEN run the >> undelete
It takes a while to run and "undelete".
type >> dd FILENAME.dmg (to dump current partition to FILENAME.dmg - so you
can mount it and read it)
I haven't had succes on recovering anything yet, but I am getting there! (i
think/hope lol)
Original comment by [email protected] on 25 Aug 2012 at 3:07
Thnx for your advice! I can confirm that the second tip works well and I see
first recovered jpegs in undeleted directory, this process is very slow so it
probably will take a few days to see the whole outcome. The first tip
unfortunately doesn't work for me. Anyway thank you for your contribution.
Original comment by [email protected] on 25 Aug 2012 at 6:52
@fremanofarrakis
The error only occurs when you run ios_examiner on the nand dump file, but when
you run it without parameters (with the ramdisk loaded) there is no error ?
Original comment by [email protected] on 26 Aug 2012 at 9:30
ok, could you try to change line 42 in python_scripts/nand/image.py from
if r1 != 0x0:
to
if r1 == 0xe00002e5:
and try again the "python python_scripts/ios_examiner.py iphone4_nand.bin
iphone4.plist" command. Thanks.
Original comment by [email protected] on 26 Aug 2012 at 11:04
- Changed state: Accepted
I've already test it, unfortunately with the same upshot. Another question - I
want to recover just one type of file e.g. m4a format, so has undelete script
any data filtering option?
Original comment by [email protected] on 27 Aug 2012 at 7:10
ok, i'll have to try and figure it out but for now i cannot reproduce the issue.
there is currently no filtering option for the undelete script.
Original comment by [email protected] on 29 Aug 2012 at 7:14
I made a setup using Linux Debian and MacOSX Mountain Lion 10.8.1 with Xcode
4.3.3.
Same error on both environments.
My solution was : make another nand_dump from ios_examiner (IOS 5.1.1 - Iphone
4 32GB)
(iPhone4-data) / bruteforce
Enter passcode or leave blank for bruteforce:
(iPhone4-data) / nand_dump iphone4_nand.bin
Dumping 32GB NAND to iphone4_nand.bin
100% |########################################################################|
NAND dump time : 1:35:13.450000
SHA1: 0000000000000000000000000000000000000000
(iPhone4-data) / exit
Thanks
Regards
Original comment by [email protected] on 6 Sep 2012 at 2:32
I'm getting this error after every dump, tried about 4 dumps and all of them I
get this error.
When I try to run python python_scripts/ios_examiner.py without parameters I
see the following message on iOS device:
FAIL: Could not get AppleEffaceableStorage service
IOConnectCallMethod on AppleEffaceableStorage selector 1 returned 10000003
AppleIOPFMI: ERROR: First Failing CE: 0
I can access system and data partitions without problems via SSH.
The dand_dump run OK but running python_scripts/ios_examiner.py nand_dump.bin
iphone4.plist fail returning Unable to find VSVFL context for CE 0.
Some idea ?
Thanks
Regards
Original comment by [email protected] on 15 Oct 2012 at 11:47
Hi, havin' same issue. (iPhone 4, iOS 6) Here's my output:
Using VSVFL
Traceback (most recent call last):
File "python_scripts/ios_examiner.py", line 366, in <module>
main()
File "python_scripts/ios_examiner.py", line 361, in main
image = NAND(nandimagename, device_infos)
File "/Users/giovi/src/iphone-dataprotection/python_scripts/nand/nand.py", line 124, in __init__
self.vfl = VSVFL(self)
File "/Users/giovi/src/iphone-dataprotection/python_scripts/nand/vsvfl.py", line 86, in __init__
raise Exception("Unable to find VSVFL context for CE %d" % ce)
Exception: Unable to find VSVFL context for CE 0
Comment 6 didn't help too... Any ideas?
Original comment by [email protected] on 18 Oct 2012 at 3:06
Can you apply the attached patch to add debug output, run ios_examiner.py with
the nand dump and plist file as parameters and post the output here ? Thanks.
Original comment by [email protected] on 21 Oct 2012 at 12:21
Attachments:
Patch applied, output attached. Thank you!
Original comment by [email protected] on 22 Oct 2012 at 9:13
Attachments:
Great, can you also apply this patch to debug the checksum issues ? just run
the same command, also if you still have the device that was dumped and you can
run ios_examiner.py with no parameters (with the ramdisk booted) and post the
two outputs. Thanks a lot.
Original comment by [email protected] on 22 Oct 2012 at 8:58
Attachments:
python python_scripts/ios_examiner.py iphone4_nand.bin iphone4.plist
Loading device information from iphone4.plist
Device model: iPhone 4 GSM
UDID:
ECID:
Serial number:
key835:
key89B:
Chip id 0x32956845 banks per CE physical 2
NAND geometry : 32GB (4 CEs (2 physical banks/CE) of 8192 blocks of 128 pages
of 8192 bytes data, 12 bytes metdata)
Image size matches expected size, looks ok
Searching for special pages...
Found DEVICEUNIQUEINFO, NANDDRIVERSIGN, DEVICEINFOBBT special pages in CE 0
NAND signature 0x43313131 flags 0x10005 withening=1, epoch=1
Effaceable generation 76
Effaceable CRC OK
Found effaceable lockers in ce 3 block 1 page 96
Lockers : BAG1, DONE, Dkey, LwVM
Found DEVICEUNIQUEINFO, serial number=
Using VSVFL
vfl checksum got c886a3ab 8f887c55 expected 2832bae0 28092eea
vfl checksum got af259746 2f99e614 expected 545385db e09a24cf
vfl checksum got fa813816 deb892d6 expected 7eccc8cb 5a5d9d9e
vfl checksum got 730eabd1 4539a7f7 expected ebc15f0 ffff1b2c
vfl checksum got 1c05e901 2f4cda83 expected 6977d829 bdc74bce
Traceback (most recent call last):
File "python_scripts/ios_examiner.py", line 366, in <module>
main()
File "python_scripts/ios_examiner.py", line 361, in main
image = NAND(nandimagename, device_infos)
File "/Users/gabriel/Desktop/iphone-dataprotection/python_scripts/nand/nand.py", line 124, in __init__
self.vfl = VSVFL(self)
File "/Users/gabriel/Desktop/iphone-dataprotection/python_scripts/nand/vsvfl.py", line 86, in __init__
raise Exception("Unable to find VSVFL context for CE %d" % ce)
Exception: Unable to find VSVFL context for CE 0
python python_scripts/ios_examiner.py
Connecting to device :
Device model: iPhone 4 GSM
UDID:
ECID:
Serial number:
key835:
key89B:
Chip id 0x32956845 banks per CE physical 2
NAND geometry : 32GB (4 CEs (2 physical banks/CE) of 8192 blocks of 128 pages
of 8192 bytes data, 12 bytes metdata)
Searching for special pages...
Found DEVICEUNIQUEINFO, NANDDRIVERSIGN, DEVICEINFOBBT special pages in CE 0
NAND signature 0x43313131 flags 0x10005 withening=1, epoch=1
Effaceable generation 76
Effaceable CRC OK
Found effaceable lockers in ce 3 block 1 page 96
Lockers : BAG1, DONE, Dkey, LwVM
Found DEVICEUNIQUEINFO, serial number=
Using VSVFL
vfl checksum got 20a234e b6b3c670 expected 20a234e b6b3c670
vfl checksum got 2332361 b69ac675 expected 2332361 b69ac675
vfl checksum got 8609ca0e bcd2d874 expected 8609ca0e bcd2d874
vfl checksum got 863cca25 bce5d875 expected 863cca25 bce5d875
vfl checksum got bfd6f566 aef3c46c expected bfd6f566 aef3c46c
vfl checksum got c021f58b aed0c47b expected c021f58b aed0c47b
vfl checksum got 8078828a b701cedc expected 8078828a b701cedc
vfl checksum got 80968298 b71fced2 expected 80968298 b71fced2
VSVFL context open OK
YaFTL context OK, version=CX01 maxIndexUsn=775909 context usn=775909
LwVM header CRC OK
cprotect version : 4 (iOS 5)
iOS version: 5.1.1
Keybag state: locked
Original comment by [email protected] on 24 Oct 2012 at 3:41
Can you move this line
hexdump(d[:1024])
out of the if statement so that it shows the hexdump in the case where it works
(ios_examiner without parameters)
Thanks.
Original comment by [email protected] on 24 Oct 2012 at 8:17
ok, sorry for the multiple tries to get this right, but could you change the
hexdump(d[:1024])
to
hexdump(d)
exit(0)
and repost both outputs. Thanks a lot.
Original comment by [email protected] on 24 Oct 2012 at 8:40
easy, thank you for the support :) here's the adapted output...
Original comment by [email protected] on 25 Oct 2012 at 9:38
Attachments:
ok i see where the bug is coming from, can you just post the contents of the
"nand" dictionnary in the plist file ? Thanks.
<key>nand</key>
<dict>
...
</dict>
Original comment by [email protected] on 25 Oct 2012 at 4:37
i haven't had a chance yet to try and reproduce the issue. I assume you tried
to redump the nand image on the same device and still had the same issue ?
Original comment by [email protected] on 7 Nov 2012 at 8:51
ok, heres a temporary patch for the nand dumper, you have to rebuild the
ramdisk with the new ioflashstoragekit binary and redump the nand. based on the
hexdumps it should fix the error but i'm still not quite sure how this happens.
thanks
Original comment by [email protected] on 22 Nov 2012 at 9:09
Attachments:
Should I update all Comment patch for every files?like vsvfl.debug.patch,
vsvfl_checksum_debug.patch ....
I update all the patch files,but it still doesn't work.
or I just need to patch some of Comment patch,not all of it?
can you provider all fix files for this issue in source->Changes, because the
hp clone files is still old.
thks.
Original comment by [email protected] on 9 Jan 2013 at 3:18
This bug is not yet fixed. Did you try applying the ioflash_debug1.patch and
redump the nand ? However i dont think this patch will work. I now have a good
idea of the root cause, just need to implement missing code and testing it
properly. Hopefully i will update this issue soon and commit a proper patch.
Original comment by [email protected] on 14 Jan 2013 at 3:21
Also, if you can post the first 0x600 bytes of the nand dump, that would be
very helpful. Thanks.
Original comment by [email protected] on 14 Jan 2013 at 3:25
Hi jean, tried again to redump with no luck. Here's the first 0x600 bytes of my
nand... Hope it helps. Thanks.
Original comment by [email protected] on 28 May 2013 at 3:39
Attachments:
here is another patch that i believe has a chance of fixing the issue ;) you'll
have to redump again.
if it still does not work and you have spare time, you can try running the
script from this comment :
https://code.google.com/p/iphone-dataprotection/issues/detail?id=86#c17
it will not fix the issue but should help understand it better.
thanks.
Original comment by [email protected] on 28 May 2013 at 4:57
Attachments:
Applied the patch, but no luck... I also receive the same error if I run the
script from the other comment (see attached output). The errors refer to the
same lines in nand.py and vsvfl.py...
Original comment by [email protected] on 30 May 2013 at 8:55
Attachments: