Problem creating fakefs

[JamesD4]

Device

iPad 6

Version

iOS 17.4.1

Passcode?

• Passcode is enabled.

Start going into detail..

Host: Macbook Pro 2017 / macOS Ventura 13.6.5
Device: iPad 6 / iOS 17.4.1

Executing 'palera1n -c -f' following a DFU restore on an iPad 6 running 17.4.1 results in either a hang or an error that suggests that a fakefs already exists. "cannot create fakefs over an existing one".

Interestingly, the error appears on device after unplugging it from USB. If I do not unplug the device, it appears to hang (forever?)

I then tried executing 'palera1n --force-revert -cf' which resulted in an error - (I have typed up an extract of the log):

mount(...)
hfs: mounted palera1n on device disk3
mounting loader
IOServiceOpen: 0
disk4
mount(...)
hfs: mounted palera1nloader on device disk4
found apfs volume role: 0x0002
this operation is not permitted. (this apfs volume role is not recovery role [0x0002 != 0x0004])
cannot delete fakefs disk1s8: 53 (os/kern) denied by security policy
Assertion failed: (0), function create_remove_fakefs, file fakefs.c, line 271.

Rootless mode appears to work correctly.

Additional logs:

`palera1n -c -f -Vv':

# == palera1n-c == 
#
# Made by: Nick Chan, Ploosh, Samara, Mineek, staturnz, kok3shidoll 
#
# Thanks to: pythonplayer123, llsc12, Nebula, tihmstar, nikias
# (libimobiledevice), checkra1n team (Siguza, axi0mx, littlelailo
# et al.), Procursus Team (Hayden Seay, Cameron Katri, Keto et.al)

 - [05/07/24 22:11:51] <Info>: Waiting for devices
 - [05/07/24 22:11:51] <Verbose>: Normal mode device connected
 - [05/07/24 22:11:51] <Info>: Entering recovery mode
 - [05/07/24 22:11:56] <Verbose>: Normal mode device disconnected
 - [05/07/24 22:12:01] <Verbose>: Recovery mode device XXXREMOVEDXXX connected
 - [05/07/24 22:12:02] <Info>: Press Enter when ready for DFU mode

Get ready (0)
Hold home + power button (2) - [05/07/24 22:12:12] <Verbose>: Recovery mode device disconnected
Hold home + power button (0)
Hold home button (3) - [05/07/24 22:12:21] <Verbose>: DFU mode device XXXREMOVEDXXX connected

 - [05/07/24 22:12:21] <Info>: Device entered DFU mode successfully
 - [05/07/24 22:12:21] <Info>: About to execute checkra1n
#
# Checkra1n 0.1337.2
#
# Proudly written in nano
# (c) 2019-2023 Kim Jong Cracks
#
#========  Made by  =======
# argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV
# never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza
#======== Thanks to =======
# haifisch, jndok, jonseals, xerub, lilstevie, psychotea, sferrini
# Cellebrite (ih8sn0w, cjori, ronyrus et al.)
#==========================

 - [05/07/24 22:12:21] <Verbose>: Starting thread for Apple TV 4K Advanced board
 - [05/07/24 22:12:21] <Info>: Waiting for DFU mode devices
 - [05/07/24 22:12:21] <Verbose>: DFU mode device found
 - [05/07/24 22:12:21] <Info>: Checking if device is ready
 - [05/07/24 22:12:21] <Verbose>: Attempting to perform checkm8 on 8010 11
 - [05/07/24 22:12:21] <Info>: Setting up the exploit
 - [05/07/24 22:12:21] <Verbose>: == checkm8 setup stage ==
 - [05/07/24 22:12:21] <Verbose>: Entered initial checkm8 state after 1 steps
 - [05/07/24 22:12:21] <Verbose>: Stalled input endpoint after 8 steps
 - [05/07/24 22:12:22] <Verbose>: DFU mode device disconnected
 - [05/07/24 22:12:22] <Verbose>: DFU mode device found
 - [05/07/24 22:12:22] <Verbose>: == checkm8 trigger stage ==
 - [05/07/24 22:12:22] <Info>: Checkmate!
 - [05/07/24 22:12:22] <Verbose>: Device should now reconnect in download mode
 - [05/07/24 22:12:23] <Verbose>: DFU mode device disconnected
 - [05/07/24 22:12:30] <Info>: Entered download mode
 - [05/07/24 22:12:30] <Verbose>: Download mode device found
 - [05/07/24 22:12:30] <Info>: Booting PongoOS...
 - [05/07/24 22:12:32] <Info>: Found PongoOS USB Device
 - [05/07/24 22:12:32] <Verbose>: Executing PongoOS command: 'fuse lock'
 - [05/07/24 22:12:32] <Verbose>: Executing PongoOS command: 'sep auto'
 - [05/07/24 22:12:35] <Verbose>: Uploaded 118080 bytes to PongoOS
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'modload'
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'palera1n_flags 0x4000005'
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'rootfs'
 - [05/07/24 22:12:35] <Verbose>: Uploaded 45047 bytes to PongoOS
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'ramdisk 524288'
 - [05/07/24 22:12:35] <Verbose>: Uploaded 2809039 bytes to PongoOS
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'overlay'
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'xargs  wdt=-1 rootdev=md0'
 - [05/07/24 22:12:35] <Verbose>: Executing PongoOS command: 'bootx'
 - [05/07/24 22:12:35] <Info>: Booting Kernel...
 - [05/07/24 22:12:35] <Info>: Please wait up to 10 minutes for the fakefs to be created.
 - [05/07/24 22:12:35] <Info>: Once the device reboots into recovery mode, run again without the -c (Create FakeFS) option to jailbreak.

Familiarity with palera1n

• I am familiar with palera1n and how to use it!

Familiarity with CLI

• I am familiar with the command-line!

[khcrysalis]

Palera1n beta 9 for iPadOS 17 does not support the creation for rootful, I would recommend you try and just do palera1n -l as thats the only supported option.

As for the issues you're encountering, a failsafe is being triggered as it thinks the fakefs location is at /var/mobile.. because obviously you wouldn't want to overwrite a system partition. It would end up badly, so it just fails.

[asdfugil]

Hi! could you please try the nightly builds here?
https://cdn.nickchan.lol/palera1n/c-rewrite/artifacts/main/420/binaries/

Setup fakefs: ./palera1n -cf --cli
Setup bindfs: ./palera1n -Bf --cli
Boot rootful: ./palera1n -f --cli
Remove rootful: ./palera1n -f --force-revert --cli

[khcrysalis]

^ these are builds which have those issues fixed, would recommend you try them!