King
King copied to clipboard
pgarba
Could not find device in DFU mode!
Linux server 5.4.0-40-generic #44-Ubuntu SMP Tue Jun 23 00:01:04 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
OS: Ubuntu 20.04 Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
============================= dmesg output
[ 373.059327] usb 2-1.5.4: new high-speed USB device number 10 using ehci-pci [ 373.269034] usb 2-1.5.4: New USB device found, idVendor=05ac, idProduct=1227, bcdDevice= 0.00 [ 373.269040] usb 2-1.5.4: New USB device strings: Mfr=2, Product=3, SerialNumber=4 [ 373.269044] usb 2-1.5.4: Product: Apple Mobile Device (DFU Mode) [ 373.269047] usb 2-1.5.4: Manufacturer: Apple Inc. [ 373.269050] usb 2-1.5.4: SerialNumber: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D
root@server:/usr/src/King/build# ./king checkm8 [] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D [] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D [] Shellcode generated ... [] stage 1, heap grooming ... [] stage 2, usb setup, send 0x800 of 'A', sends no data [] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D [*] stage 3, exploit [!] Could not find device in DFU mode!
checkra1n beta 0.10.2 iPhone 6 connected in DFU mode. ECID: 0x6410608f28226
strace ./king checkm8
fstat(6, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 fstat(6, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 read(6, "MAJOR=189\nMINOR=134\nDEVNAME=bus/"..., 4096) = 126 read(6, "", 4096) = 0 close(6) = 0 getrandom("\x22\xac\x36\x83\x98\xbd\xf0\x16\xfd\x27\xf2\x9a\xbe\xba\xc0\x60", 16, GRND_NONBLOCK) = 16 getrandom("\xc5\x41\x56\x45\xca\x1d\x22\x29\x77\xd4\x5b\xa4\xd9\xa2\x61\xfd", 16, GRND_NONBLOCK) = 16 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.2/busnum", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "2\n", 4096) = 2 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.2/devnum", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "7\n", 4096) = 2 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.2/speed", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "1.5\n", 4096) = 4 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.2/descriptors", O_RDONLY|O_CLOEXEC) = 6 read(6, "\22\1\0\2\0\0\0\10\254\5 \2i\0\1\2\0\1\t\2;\0\2\1\0\240\n\t\4\0\0\1"..., 1024) = 77 close(6) = 0 openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 6 openat(6, "sys", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 close(6) = 0 openat(7, "devices", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "pci0000:00", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 openat(7, "0000:00:1d.0", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "usb2", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 openat(7, "2-1", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "2-1.5", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 openat(7, "2-1.5.3", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "2-1.5.3.3", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 close(7) = 0 access("/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.5/2-1.5.3/2-1.5.3.3/uevent", F_OK) = 0 openat(AT_FDCWD, "/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.5/2-1.5.3/2-1.5.3.3/uevent", O_RDONLY|O_CLOEXEC) = 6 fstat(6, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 fstat(6, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 read(6, "MAJOR=189\nMINOR=135\nDEVNAME=bus/"..., 4096) = 127 read(6, "", 4096) = 0 close(6) = 0 getrandom("\xf6\xa0\xc7\x36\x1b\xf8\x10\xcc\x29\xe2\x5c\xd7\x74\x42\xd0\xad", 16, GRND_NONBLOCK) = 16 getrandom("\x5f\xd6\x84\xf5\x55\xbe\x8e\x58\x64\xc5\x2a\x49\x66\x13\x63\xe4", 16, GRND_NONBLOCK) = 16 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.3/busnum", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "2\n", 4096) = 2 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.3/devnum", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "8\n", 4096) = 2 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.3/speed", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "1.5\n", 4096) = 4 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.3.3/descriptors", O_RDONLY|O_CLOEXEC) = 6 read(6, "\22\1\20\1\0\0\0\10\254\5\4\3\10\1\1\2\0\1\t\2"\0\1\1\0\2402\t\4\0\0\1"..., 1024) = 52 close(6) = 0 openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 6 openat(6, "sys", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 close(6) = 0 openat(7, "devices", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "pci0000:00", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 openat(7, "0000:00:1d.0", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "usb2", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 openat(7, "2-1", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 openat(6, "2-1.5", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 7 fstat(7, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(6) = 0 openat(7, "2-1.5.4", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 6 fstat(6, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 close(7) = 0 close(6) = 0 access("/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.5/2-1.5.4/uevent", F_OK) = 0 openat(AT_FDCWD, "/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.5/2-1.5.4/uevent", O_RDONLY|O_CLOEXEC) = 6 fstat(6, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 fstat(6, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 read(6, "MAJOR=189\nMINOR=140\nDEVNAME=bus/"..., 4096) = 126 read(6, "", 4096) = 0 close(6) = 0 getrandom("\x56\xf6\x1d\x56\x47\xcd\x0d\x27\x40\x08\x90\x47\x98\xa3\xbe\xda", 16, GRND_NONBLOCK) = 16 getrandom("\x88\x85\x3f\xd2\x2d\xe7\xa6\xf7\xd1\x1b\x7f\xa7\xec\xe3\x27\x87", 16, GRND_NONBLOCK) = 16 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.4/busnum", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "2\n", 4096) = 2 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.4/devnum", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "13\n", 4096) = 3 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.4/speed", O_RDONLY|O_CLOEXEC) = 6 fcntl(6, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat(6, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0 read(6, "480\n", 4096) = 4 close(6) = 0 openat(AT_FDCWD, "/sys/bus/usb/devices/2-1.5.4/descriptors", O_RDONLY|O_CLOEXEC) = 6 read(6, "\22\1\0\2\0\0\0@\254\5'\22\0\0\2\3\4\1\t\2\31\0\1\1\5\200\372\t\4\0\0\0"..., 1024) = 43 close(6) = 0 pipe2([6, 7], O_CLOEXEC) = 0 fcntl(7, F_GETFL) = 0x1 (flags O_WRONLY) fcntl(7, F_SETFL, O_WRONLY|O_NONBLOCK) = 0 write(7, "\1", 1) = 1 timerfd_create(CLOCK_MONOTONIC, TFD_CLOEXEC|TFD_NONBLOCK) = 8 recvmsg(3, {msg_namelen=128}, 0) = -1 EAGAIN (Resource temporarily unavailable) openat(AT_FDCWD, "/dev/bus/usb/002/013", O_RDWR|O_CLOEXEC) = 9 ioctl(9, USBDEVFS_GET_CAPABILITIES, 0x56540f0d4ebc) = 0 ioctl(9, USBDEVFS_CLAIMINTERFACE, 0x7ffca148652c) = 0 timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=633, tv_nsec=220218000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0c4570) = 0 read(6, "\1", 1) = 1 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca14861e0) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca14861e0) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=633, tv_nsec=220668000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0c4570) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca14861e0) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca14861e0) = -1 EAGAIN (Resource temporarily unavailable) fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0 write(1, "[] Device Serial Number: CPID:7"..., 98[] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D ) = 98 ioctl(9, USBDEVFS_RELEASEINTERFACE, 0x7ffca1486d2c) = 0 write(7, "\1", 1) = 1 close(9) = 0 recvmsg(3, {msg_namelen=128}, 0) = -1 EAGAIN (Resource temporarily unavailable) openat(AT_FDCWD, "/dev/bus/usb/002/013", O_RDWR|O_CLOEXEC) = 9 ioctl(9, USBDEVFS_GET_CAPABILITIES, 0x56540f0d4ebc) = 0 ioctl(9, USBDEVFS_CLAIMINTERFACE, 0x7ffca1485ebc) = 0 timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=633, tv_nsec=221868000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0c4570) = 0 read(6, "\1", 1) = 1 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=633, tv_nsec=222254000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0c4570) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = -1 EAGAIN (Resource temporarily unavailable) write(1, "[] Device Serial Number: CPID:7"..., 98[] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D ) = 98 openat(AT_FDCWD, "bin/usb_0xA1_2_arm64.bin", O_RDONLY) = 10 lseek(10, 0, SEEK_END) = 528 lseek(10, 0, SEEK_CUR) = 528 lseek(10, 0, SEEK_SET) = 0 read(10, " \0 \324 \0 \324\2\0@y_\204\nq\201\377\377T\375{\277\251\375\3\0\221\364O\277\251"..., 8191) = 528 read(10, "", 8191) = 0 close(10) = 0 openat(AT_FDCWD, "bin/checkm8_nopaddingcorruption_arm64.bin", O_RDONLY) = 10 lseek(10, 0, SEEK_END) = 312 lseek(10, 0, SEEK_CUR) = 312 lseek(10, 0, SEEK_SET) = 0 read(10, "\23\0\200\322\375{\277\251\375\3\0\221`\7\0X\0\4@\251\202\5\0\20C\20@\251C\20A\251"..., 8191) = 312 read(10, "", 8191) = 0 close(10) = 0 write(1, "[] Shellcode generated ...\n", 28[] Shellcode generated ... ) = 28 write(1, "[] stage 1, heap grooming ...\n", 31[] stage 1, heap grooming ... ) = 31 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0e8df0) = 0 ioctl(9, USBDEVFS_DISCARDURB, 0x56540f0e8df0) = 0 timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=229100000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=229533000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=230094000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=230518000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=231041000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=231520000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=232015000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=232526000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=233016000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=233524000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=234021000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=234521000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=235094000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=235549000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=236047000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=236581000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=237077000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=237549000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=238044000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=238620000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=239255000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=239835000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=240337000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=240836000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=241490000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=242042000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=242547000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=243084000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=243530000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=244047000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=244520000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=245027000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=245513000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=246025000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=246526000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=247057000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=247531000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=248025000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=248512000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=249027000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=249511000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486400) = -1 EAGAIN (Resource temporarily unavailable) ioctl(9, USBDEVFS_RELEASEINTERFACE, 0x7ffca14866cc) = 0 ioctl(9, USBDEVFS_RESET, 0) = 0 ioctl(9, USBDEVFS_DISCONNECT_CLAIM, 0x7ffca14865c0) = 0 ioctl(9, USBDEVFS_RELEASEINTERFACE, 0x7ffca14866bc) = 0 write(7, "\1", 1) = 1 close(9) = 0 write(1, "[] stage 2, usb setup, send 0x8"..., 57[] stage 2, usb setup, send 0x800 of 'A', sends no data ) = 57 recvmsg(3, {msg_namelen=128}, 0) = -1 EAGAIN (Resource temporarily unavailable) openat(AT_FDCWD, "/dev/bus/usb/002/013", O_RDWR|O_CLOEXEC) = 9 ioctl(9, USBDEVFS_GET_CAPABILITIES, 0x56540f0d4ebc) = 0 ioctl(9, USBDEVFS_CLAIMINTERFACE, 0x7ffca1485ebc) = 0 timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=633, tv_nsec=645648000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 read(6, "\1", 1) = 1 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = -1 EAGAIN (Resource temporarily unavailable) timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=633, tv_nsec=646187000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0d6f00) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1485b70) = -1 EAGAIN (Resource temporarily unavailable) write(1, "[] Device Serial Number: CPID:7"..., 98[] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1D ) = 98 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0dbc30) = 0 ioctl(9, USBDEVFS_DISCARDURB, 0x56540f0dbc30) = 0 timerfd_settime(8, TFD_TIMER_ABSTIME, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=632, tv_nsec=750010000}}, NULL) = 0 ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0c4570) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486420) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486420) = 0 timerfd_settime(8, 0, {it_interval={tv_sec=0, tv_nsec=0}, it_value={tv_sec=0, tv_nsec=0}}, NULL) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486420) = -1 EAGAIN (Resource temporarily unavailable) ioctl(9, USBDEVFS_SUBMITURB, 0x56540f0c4570) = 0 poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLOUT}], 3, 60000) = 1 ([{fd=9, revents=POLLOUT}]) ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486420) = 0 ioctl(9, USBDEVFS_REAPURBNDELAY, 0x7ffca1486420) = -1 EAGAIN (Resource temporarily unavailable) ioctl(9, USBDEVFS_RELEASEINTERFACE, 0x7ffca14866bc) = 0 write(7, "\1", 1) = 1 close(9) = 0 clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=500000000}, NULL) = 0 write(1, "[] stage 3, exploit\n", 21[] stage 3, exploit ) = 21 recvmsg(3, {msg_namelen=128}, 0) = -1 EAGAIN (Resource temporarily unavailable) write(1, "[!] Could not find device in DFU"..., 39[!] Could not find device in DFU mode! ) = 39 exit_group(1) = ? +++ exited with 1 +++
iPhone 6. Will try these steps first: https://github.com/pgarba/King/issues/8#issuecomment-590712421
Changing sleep timer to 3000 before stage 3 as mentioned above gets me further but exploit failed! Clean iPhone 6 reboot into DFU mode. Just failed exploit :(
[] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1C SRTG:[iBoot-1992.0.0.1.19] [] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1C SRTG:[iBoot-1992.0.0.1.19] [] Shellcode generated ... [] stage 1, heap grooming ... [] stage 2, usb setup, send 0x800 of 'A', sends no data [] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1C SRTG:[iBoot-1992.0.0.1.19] [] stage 3, exploit [] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1C SRTG:[iBoot-1992.0.0.1.19] [*] Device Serial Number: CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0006410608F28226 IBFL:1C SRTG:[iBoot-1992.0.0.1.19] [!] Exploit failed! :(
changed sleep_ms from 500 to 3000 everywhere in main.cpp and still exploit failed. Reset DFU, reboot computer, etc. Unplug other USB cables. Direct, with extension cable, etc. Different USB ports, even tried USB 3.0.
Run lsusb and see if it shows up. Even if dmesg shows the device it won't necessarily be working. If it's not there, try restarting with the device plugged in. If you see errors on boot (non-fatal, booting should continue) then something needs to be fixed with Linux.
