Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iPhone X fails to enter DebugsMode #8

Open
jankais3r opened this issue Dec 10, 2021 · 3 comments
Open

iPhone X fails to enter DebugsMode #8

jankais3r opened this issue Dec 10, 2021 · 3 comments

Comments

@jankais3r
Copy link

Hi,

I am trying to enter DebugsMode on iPhone X with iOS 15.1 installed, using JIN DCSD cable on macOS Monterey. However, the process fails:
screenshot

administrator@mac ~ % /Applications/MagicCFG.app/Contents/MacOS/MagicCFG ; exit;
2021-12-10 09:51:46.718 MagicCFG[640:6360] Failed to set (borderColor) user defined inspected property on (NSButton): [<NSButton 0x7fdeff70acb0> setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key borderColor.
2021-12-10 09:51:46.718 MagicCFG[640:6360] Failed to set (buttonColor) user defined inspected property on (NSButton): [<NSButton 0x7fdeff70acb0> setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key buttonColor.
["iPhone6_A1549.txt", "iPhone7P_A1784_black.txt", "iPhone7P_A1661_gold.txt", "iPhone6_A1589.txt", "iPhone7_A1660_黑.txt", "ipxdpro2(12.9_j120ap).txt", "iPhone7_A1778_black.txt", "ipxd5(2017_j71sap).txt", "iPhone7_A1778_金.txt", "iPhone7P_A1784_亮黑.txt", "iPhone7_A1778_rose.txt", "iPhone7_A1778_亮黑.txt", "iPhone7P_A1784_白.txt", "ipxd6(2018_j71bap).txt", "iPhone7P_A1661_亮黑.txt", "iPhone7_A1660_white.txt", "iPhone7_A1660_金.txt", "ipxdpro(10.5_j207ap).txt", "8P_C3F.txt", "iPhone7_A1660_亮黑.txt", "7P_C11.txt", "7P_DTP.txt", "iPhone8.txt", "iPhoneX.txt", "iPhone7_A1660_rose.txt", "ipxdmini4.txt", "iPhone7P_A1784_brightblack.txt", "iPhone7P_A1784_rose.txt", "iPhxneSE(n69ap).txt", "iPhone7_A1778_黑.txt", "iPhone7P_A1661_金.txt", "iPhone7P_A1784_white.txt", "iPhone6.txt", "iPhone7_A1778_brightblack.txt", "iPhone6sPlus.txt", "iPhone7_A1778_白.txt", "iPhone6P_A1524.txt", "iPhone7P_A1661_玫瑰金.txt", "iPhone7P_A1784_黑.txt", "8P_C11.txt", "iPhone7_A1778_white.txt", "iPhone7P_A1784_gold.txt", "iPhxneSE(n69uap).txt", "iPhone7P_A1661_black.txt", "iPhone6P_A1522.txt", "iPhone7P_A1661_brightblack.txt", "iPhone7_A1778_玫瑰金.txt", "iPhone7_A1660_brightblack.txt", "iPhone7_A1660_black.txt", "iPhone6P_A1593.txt", "iPhone7P_A1661_黑.txt", "iPhone7P_A1784_玫瑰金.txt", "iPhone8Plus.txt", "iPhone7P_A1661_rose.txt", "iPhone7_A1778_gold.txt", "iPhone7P_A1784_金.txt", "ipxd5(2017_j71tap).txt", "iPhone6_A1586.txt", "iPhone7_A1660_白.txt", "iPhone6s.txt"]
["Bluetooth-Incoming-Port", "usbserial-A904BAMW", "BLTH"]
["Bluetooth-Incoming-Port", "usbserial-A904BAMW", "BLTH", "Bluetooth-Incoming-Port", "usbserial-A904BAMW", "BLTH"]
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
MODE: DFU
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
MODE: DFU
Optional(2021-12-10 08:52:02 +0000)
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
MODE: DFU
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
MODE: DFU
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
MODE: DFU
*** checkm8 exploit by axi0mX ***
Found: CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:0E ECID:0000058D40DB002F IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
7 seconds left until timeout
Device is now in pwned DFU Mode.
(0.86 seconds)
Heap repaired.
Bootrom Patched
you can now load unsigned firmware
and debug the next boot stages
6 seconds left until timeout
Successfully exploited
Data fetching successfully done
Attempting to connect... 
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
Connected to iPhone10,6, model d221ap, cpid 0x8015, bdid 0x0e
Attempting to connect... 
Attempting to connect... 
Unable to upload data to device
Uploaded iBSS
Attempting to connect... 
Attempting to connect... 
Command completed successfully
Uploaded iBSS

iBEC skipped
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
ERROR: Unable to connect to device
An error occurd... Failed to sent bootchainAttempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
ERROR: Unable to connect to device
Attempting to connect...

I also tried to enter the purple mode using Purple PRO, which failed. However, when I then tried to re-run MagicCFG after that, I got a different log output, this time with a Python exception:

administrator@mac ~ % /Applications/MagicCFG.app/Contents/MacOS/MagicCFG ; exit;
2021-12-10 10:01:18.315 MagicCFG[815:11099] Failed to set (borderColor) user defined inspected property on (NSButton): [<NSButton 0x7fbc221477e0> setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key borderColor.
2021-12-10 10:01:18.315 MagicCFG[815:11099] Failed to set (buttonColor) user defined inspected property on (NSButton): [<NSButton 0x7fbc221477e0> setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key buttonColor.
["iPhone6_A1549.txt", "iPhone7P_A1784_black.txt", "iPhone7P_A1661_gold.txt", "iPhone6_A1589.txt", "iPhone7_A1660_黑.txt", "ipxdpro2(12.9_j120ap).txt", "iPhone7_A1778_black.txt", "ipxd5(2017_j71sap).txt", "iPhone7_A1778_金.txt", "iPhone7P_A1784_亮黑.txt", "iPhone7_A1778_rose.txt", "iPhone7_A1778_亮黑.txt", "iPhone7P_A1784_白.txt", "ipxd6(2018_j71bap).txt", "iPhone7P_A1661_亮黑.txt", "iPhone7_A1660_white.txt", "iPhone7_A1660_金.txt", "ipxdpro(10.5_j207ap).txt", "8P_C3F.txt", "iPhone7_A1660_亮黑.txt", "7P_C11.txt", "7P_DTP.txt", "iPhone8.txt", "iPhoneX.txt", "iPhone7_A1660_rose.txt", "ipxdmini4.txt", "iPhone7P_A1784_brightblack.txt", "iPhone7P_A1784_rose.txt", "iPhxneSE(n69ap).txt", "iPhone7_A1778_黑.txt", "iPhone7P_A1661_金.txt", "iPhone7P_A1784_white.txt", "iPhone6.txt", "iPhone7_A1778_brightblack.txt", "iPhone6sPlus.txt", "iPhone7_A1778_白.txt", "iPhone6P_A1524.txt", "iPhone7P_A1661_玫瑰金.txt", "iPhone7P_A1784_黑.txt", "8P_C11.txt", "iPhone7_A1778_white.txt", "iPhone7P_A1784_gold.txt", "iPhxneSE(n69uap).txt", "iPhone7P_A1661_black.txt", "iPhone6P_A1522.txt", "iPhone7P_A1661_brightblack.txt", "iPhone7_A1778_玫瑰金.txt", "iPhone7_A1660_brightblack.txt", "iPhone7_A1660_black.txt", "iPhone6P_A1593.txt", "iPhone7P_A1661_黑.txt", "iPhone7P_A1784_玫瑰金.txt", "iPhone8Plus.txt", "iPhone7P_A1661_rose.txt", "iPhone7_A1778_gold.txt", "iPhone7P_A1784_金.txt", "ipxd5(2017_j71tap).txt", "iPhone6_A1586.txt", "iPhone7_A1660_白.txt", "iPhone6s.txt"]
["Bluetooth-Incoming-Port", "usbserial-A904BAMW", "BLTH"]
["Bluetooth-Incoming-Port", "usbserial-A904BAMW", "BLTH", "Bluetooth-Incoming-Port", "usbserial-A904BAMW", "BLTH"]
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
Optional(2021-12-10 09:01:30 +0000)
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
ERROR: Unable to connect to device
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
*** checkm8 exploit by axi0mX ***
Found: CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:0E ECID:0000058D40DB002F IBFL:3C SRTG:[iBoot-3332.0.0.1.23] PWND:[checkm8]
Device is already in pwned DFU Mode. Not executing exploit.
7 seconds left until timeout
6 seconds left until timeout
5 seconds left until timeout
4 seconds left until timeout
3 seconds left until timeout
Traceback (most recent call last):
  File "ipwndfu", line 383, in <module>
    device = usbexec.PwnedUSBDevice()
  File "/Applications/MagicCFG.app/Contents/Resources/exploits/ipwndfu8015/usbexec.py", line 147, in __init__
    info = self.read_memory(self.image_base() + 0x200, 0x100)
  File "/Applications/MagicCFG.app/Contents/Resources/exploits/ipwndfu8015/usbexec.py", line 89, in read_memory
    response = self.command(self.cmd_memcpy(self.cmd_data_address(0), address + len(data), part_length), self.cmd_data_offset(0) + part_length)
  File "/Applications/MagicCFG.app/Contents/Resources/exploits/ipwndfu8015/usbexec.py", line 108, in command
    response = device.ctrl_transfer(0xA1, 2, 0xFFFF, 0, response_length, CMD_TIMEOUT).tostring()
  File "/Applications/MagicCFG.app/Contents/Resources/exploits/ipwndfu8015/usb/core.py", line 1043, in ctrl_transfer
    self.__get_timeout(timeout))
  File "/Applications/MagicCFG.app/Contents/Resources/exploits/ipwndfu8015/usb/backend/libusb1.py", line 883, in ctrl_transfer
    timeout))
  File "/Applications/MagicCFG.app/Contents/Resources/exploits/ipwndfu8015/usb/backend/libusb1.py", line 595, in _check
    raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 60] Operation timed out
2 seconds left until timeout
Successfully exploited
Data fetching successfully done
Attempting to connect... 
CPID: 0x8015
CPRV: 0x11
BDID: 0x0e
ECID: 0x0000058d40db002f
CPFM: 0x03
SCEP: 0x01
IBFL: 0x3c
SRTG: iBoot-3332.0.0.1.23
SRNM: N/A
IMEI: N/A
PWND: checkm8
MODE: DFU
Connected to iPhone10,6, model d221ap, cpid 0x8015, bdid 0x0e
Attempting to connect... 
Attempting to connect... 
Unable to upload data to device
Uploaded iBSS
Attempting to connect... 
Attempting to connect... 
Command completed successfully
Uploaded iBSS

iBEC skipped
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
ERROR: Unable to connect to device
An error occurd... Failed to sent bootchainAttempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
Attempting to connect... 
ERROR: Unable to connect to device
Attempting to connect...

If anyone knows what could be causing this, please let me know. Thank you
@MokkaSchnalle
Copy link

MokkaSchnalle commented Dec 17, 2021
edited

same for me.

iPad Pro 1. Gen 12.9"
iOS 15.1
Big Sur or Monterey

CPID: 0x8001 CPRV: 0x10 BDID: 0x10 ECID: 0x0000589400520526 CPFM: 0x03 SCEP: 0x01 IBFL: 0x1c SRTG: iBoot-2481.0.0.2.1 SRNM: N/A IMEI: N/A MODE: DFU CPID: 0x8001 CPRV: 0x10 BDID: 0x10 ECID: 0x0000589400520526 CPFM: 0x03 SCEP: 0x01 IBFL: 0x1c SRTG: iBoot-2481.0.0.2.1 SRNM: N/A IMEI: N/A MODE: DFU CPID: 0x8001 CPRV: 0x10 BDID: 0x10 ECID: 0x0000589400520526 CPFM: 0x03 SCEP: 0x01 IBFL: 0x1c SRTG: iBoot-2481.0.0.2.1 SRNM: N/A IMEI: N/A MODE: DFU CPID: 0x8001 CPRV: 0x10 BDID: 0x10 ECID: 0x0000589400520526 CPFM: 0x03 SCEP: 0x01 IBFL: 0x1c SRTG: iBoot-2481.0.0.2.1 SRNM: N/A IMEI: N/A MODE: DFU ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device ERROR: Unable to connect to device CPID: 0x8001 CPRV: 0x10 BDID: 0x10 ECID: 0x0000589400520526 CPFM: 0x03 SCEP: 0x01 IBFL: 0x1c SRTG: iBoot-2481.0.0.2.1 SRNM: N/A IMEI: N/A MODE: DFU Optional(2021-12-17 16:52:07 +0000)

@miniexploit
Copy link

you should manually enter pwned DFU mode

@superrnovae
Copy link

Same here iPad Air 2 on ios 15.3.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jankais3r @superrnovae @miniexploit @MokkaSchnalle