Undecimus icon indicating copy to clipboard operation
Undecimus copied to clipboard

Published 20 hours ago verified publisher icon pwn20wndstuff

Face ID stops working after RootFS

Open ozgureylem opened this issue 4 years ago • 4 comments

FaceID stopped working right after doing a Restore RootFS

I used to do frequent RootFS before, including the time right before I got my screen and battery replaced at Apple Store. After screen replacement I did the unc0ver JB with no problems until I did another RootFS a couple months later.

I made some research and found out that many people who did RootFS after screen replacement have the same issue. I also found out that when I try to use "View Verification Report" on 3uTools, old and new battery serial numbers are displayed but the screen serial numbers are missing from both sides. Apparently device doesn't recognize the screen.

I read somewhere something like, RootFS wipes such information. I wonder where that information is stored and if I can write a serial number back to the file system of if there's a tool that will do it for us.

I suspect that, IOS disables Face ID when the screen information is missing.

To Reproduce 1- Get your screen replaced (AppStore replaces the Speaker as well) 2. Go to Unc0ver 3. Click on Settings 4. Scroll down and enable Restore RootFS 5. Click Done 6. Click Restore RootFS 4. See error Face ID cannot be activated on this device

  • iOS Version: Currently on 13.5, I had the error 12.4.1
  • iOS Device: Iphone X
  • unc0ver Version: Currently 5.2.0 the error occurred on 4.3.1

Place an "x" between the brackets if true:

  • [x] this is a bug others will be able to reproduce
  • [x] this issue is present with all tweaks uninstalled(except for default packages) or disabled
  • [x] this issue is present after a rootfs restore
  • [ ] this issue is present on the latest version of unc0ver ***Not Sure if current version has it but doing Restore RootFS doesn't fix the issue anymore.

ozgureylem avatar Jul 15 '20 20:07 ozgureylem

Does it work when not jailbroken?

Hamlock-maneuverr avatar Jul 15 '20 22:07 Hamlock-maneuverr

Does it work when not jailbroken?

No, since the Recover RootFS it doesn't work even after DFU Restore. With our without Jailbreak, it's bricked

ozgureylem avatar Jul 15 '20 22:07 ozgureylem

This is what Electron2019 wrote ;

"The issue lies within hardware complexity. What restoreRootFS does is that it wipes out a partition previously made. In that partition contains temp data concerning Face ID. When hardware is partially broken, it is recorded as such but still functions until data partition is reset. Once data partition is reset, iOS no longer has data that Face ID is partially broken and thus doesn't allow Face ID to work at all. Same issue goes for Touch ID."

ozgureylem avatar Jul 15 '20 22:07 ozgureylem

Siguza (iOS Security/Vulnerability Researcher) responded directly to the post you are referencing:

What restoreRootFS does is that it wipes out a partition previously made. "No it doesn't, it rolls the partition back to a snapshot from before you jailbroke."

In that partition contains temp data concerning Face ID. "No it doesn't, that partition contains exactly what was in the IPSW or OTA update that was last installed. It is readonly on stock, so even a service tool couldn't alter it, and even if it did, any regular iTunes/OTA update/restore would break it."

When hardware is partially broken, it is recorded as such but still functions until data partition is reset. Once data partition is reset, iOS no longer has data that Face ID is partially broken and thus doesn't allow Face ID to work at all. Same issue goes for Touch ID. "Now you're talking about the data partition, which is NOT reset when you restore rootFS, so that's just bullshit."

drippyer avatar Mar 01 '22 22:03 drippyer