Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iPhone 5S downgrade fail PWNREC mode... error: -9 #126

Closed
riotdream opened this issue Apr 11, 2020 · 9 comments
Closed

iPhone 5S downgrade fail PWNREC mode... error: -9 #126

riotdream opened this issue Apr 11, 2020 · 9 comments

Comments

@riotdream
Copy link

Describe the issue
REQUIRED -
Cant' complete restore process of an iPhone 5S.

Screenshots
REQUIRED -
Attached the terminal log, where I can find the logs files?

Computer (please complete the following information):
REQUIRED -

  • Computer Model [MacBookPro 13 Early 2015]
  • MacOS Version [MacOS. 10.14.6]
  • Python Version [Python 3.7.7 (default, Mar 10 2020, 15:43:03)]
  • Vieux Version [1.0.1]

iOS Device (please complete the following information):
REQUIRED -

  • Device: [ iPhone6,2]
  • Desired Version: [iOS 10.3.3]

Additional context

| /Volumes/TJD128GB/iPhone/Downgrade/Vieux-master @ MacBook Pro 13 Retina (suzughia)
| => ./vieux -i /Volumes/TJD128GB/iPhone/Downgrade/A7_10.3.3_OTA_Downgrade/iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw

                                           /(//* /                         
                                        /(%@&/*((//*/                      
                                     (((((* %(&@@(*,///                    
                                   ((,((((((((/%%/,/(///                   
                                 ((((((((/*.((((////////**                 
                                (((((((((((((((((///////**.                
                                ((((((((((((((((//////*** .                
                                ((((((((((((((//*//(%#(/*..               
                                (((((((((((////** /%%#(* .                 
                                 (////////////**..##(/* ..                
                                *(/*******,,,,...,* ,...***.               
                               *(((&@@*.......*/***/////(//*////           
                           *** /((#@@@@@@@@@@@@@@@(///(((/**/*///          
                         #&(***/((%@@@@@@@@@@@@@@@(/((((// *****           
                        ((((%(*/((#@@@@@@@@@@@@@@@@((((//****              
                         (((((////(&@@@@@@@@@@@@@(((((//*,,,,           
                          ((((.//* %&&@@&&@@&((((////,.,,/((*          
                           (((/* **(%%&&&&&&&((((//**/** ((//            
                            (((((* ./##%%%%#((///**#&*******           
                             /((*      */(((/****/(((((#(**             
                                                 *(((((((              
                                                  (((((((*               
                                                 *((((((*                 
                                                   (((((

Vieux - A tool for 32/64 Bit OTA downgrades

Current version is: 1.0.1
If you are using a 64 Bit device then connect it in DFU Mode
If you are using a 32 Bit device then just have it connected in NORMAL mode
Files cleaned.
/Volumes/TJD128GB/iPhone/Downgrade/A7_10.3.3_OTA_Downgrade/iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw is a zip archive!
Starting IPSW unzipping
Continuing...
IPSW found at given path...
Cleaning up old files...
Files cleaned.
Unzipping..
Found: CPID:8960 CPRV:11 CPFM:03 SCEP:01 BDID:02 ECID:000004358B4295B8 IBFL:1C SRTG:[iBoot-1704.10] PWND:[checkm8]
Device is already in pwned DFU Mode. Not executing exploit.
Exploit worked!
*** SecureROM Signature check remover by Linus Henze ***
Applying patches...
Patches have already been applied. Exiting.

Starting iBSS/iBEC patching
Looks like you are downgrading an iPhone 5s to 10.3.3!
Patched iBSS/iBEC
About to re-build IPSW
Entering PWNREC mode...
ERROR..
Return code: -9
Sending iBSS/iBEC Failed.
Please reboot device, start the tool again and report the error + full logs if it persists.
Exiting...
@riotdream riotdream changed the title iPhone 5S downgrade fail iPhone 5S downgrade fail PWNREC mode... error: -9 Apr 11, 2020
@riotdream
Copy link
Author

New error after substituting all the bins in resources dir as the original one can't be executed, got killed -9 just after the exec command.

| => python3 vieux -i /Volumes/TJD128GB/iPhone/Downgrade/A7_10.3.3_OTA_Downgrade/iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw

                                           /(//* /                         
                                        /(%@&/*((//*/                      
                                     (((((* %(&@@(*,///                    
                                   ((,((((((((/%%/,/(///                   
                                 ((((((((/*.((((////////**                 
                                (((((((((((((((((///////**.                
                                ((((((((((((((((//////*** .                
                                ((((((((((((((//*//(%#(/*..               
                                (((((((((((////** /%%#(* .                 
                                 (////////////**..##(/* ..                
                                *(/*******,,,,...,* ,...***.               
                               *(((&@@*.......*/***/////(//*////           
                           *** /((#@@@@@@@@@@@@@@@(///(((/**/*///          
                         #&(***/((%@@@@@@@@@@@@@@@(/((((// *****           
                        ((((%(*/((#@@@@@@@@@@@@@@@@((((//****              
                         (((((////(&@@@@@@@@@@@@@(((((//*,,,,           
                          ((((.//* %&&@@&&@@&((((////,.,,/((*          
                           (((/* **(%%&&&&&&&((((//**/** ((//            
                            (((((* ./##%%%%#((///**#&*******           
                             /((*      */(((/****/(((((#(**             
                                                 *(((((((              
                                                  (((((((*               
                                                 *((((((*                 
                                                   (((((

Vieux - A tool for 32/64 Bit OTA downgrades

Current version is: 1.0.1
If you are using a 64 Bit device then connect it in DFU Mode
If you are using a 32 Bit device then just have it connected in NORMAL mode
Files cleaned.
/Volumes/TJD128GB/iPhone/Downgrade/A7_10.3.3_OTA_Downgrade/iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw is a zip archive!
Starting IPSW unzipping
Continuing...
IPSW found at given path...
Cleaning up old files...
Files cleaned.
Unzipping..
Found: CPID:8960 CPRV:11 CPFM:03 SCEP:01 BDID:02 ECID:000004358B4295B8 IBFL:1C SRTG:[iBoot-1704.10] PWND:[checkm8]
Device is already in pwned DFU Mode. Not executing exploit.
Exploit worked!
*** SecureROM Signature check remover by Linus Henze ***
Applying patches...
Patches have already been applied. Exiting.

Starting iBSS/iBEC patching
Looks like you are downgrading an iPhone 5s to 10.3.3!
Patched iBSS/iBEC
About to re-build IPSW
Entering PWNREC mode...
Getting SHSH...
Restoring...
Note that errors about 'BbSkeyId', 'FDR Client', 'BasebandFirmware Node' and 'ERROR: zip_name_locate: Firmware/all_flash/manifest' are not important.
Just ignore them and only report errors that actually stop the restore.
Version: 81b98e0425e17250cc83d5badaf9a8cc6399f481 - 245
Libipatcher version: 3159a387584e352f690cca859e013c3a4683f3e8 - 69
Odysseus support: yes
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket resources/other/apnonce.shsh is done
Found device iPhone6,2 n53ap
[TSSC] opening resources/manifests/BuildManifest_iPhone6,2.plist
[TSSR] User specified not to request a baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1... response successfully received
Did set SEP+baseband path and firmware
[WARNING] Failed to read BasebandGoldCertID from device! Is it already in recovery?
[WARNING] Using tsschecker's fallback BasebandGoldCertID. This might result in invalid baseband signing status information
[WARNING] Failed to read BasebandSerialNumber from device! Is it already in recovery?
[WARNING] Using tsschecker's fallback BasebandSerialNumber size. This might result in invalid baseband signing status information
[TSSC] opening resources/manifests/BuildManifest_iPhone6,2.plist
[TSSR] User specified to request only a baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1... response successfully received
Found device in DFU mode
[Error] unsupported device mode, please put device in recovery mode or normal mode
[Error] Fail code=-3
Failed with errorcode=-3

ERROR..
Return code: 253
Restore Failed.
Please try again and report the error/send me the full logs and the 'errorlogrestore.txt' file if it persists
Exiting...

@riotdream
Copy link
Author

riotdream commented Apr 12, 2020
edited
Loading

I've resolved all the issue deleting the Vieux folder so any resources/bin modified is gone and after unzipping the new version I've just done:

sudo codesign --sign - --force --deep

for every executable in resources/bin/* and all worked like a charm.

Seems that is a problem with code signing executable

@bkchucnc
Copy link

bkchucnc commented Apr 14, 2020
edited
Loading

I've resolved all the issue deleting the Vieux folder so any resources/bin modified is gone and after unzipping the new version I've just done:

sudo codesign --sign - --force --deep for every bin in resources/bin/*

for every executable in resources/bin/* and all worked like a charm.

Seems that is a problem with code signing executable

Could you describe it in more detail?
I did:
Case 1:

  1. Delete old Vieux and download the new Vieux.
  2. Replace igetnonce in Vieux/resources/bin/ by https://github.com/s0uthwest/igetnonce/releases
  3. Use Vieux command to downgrade 5s to 10.3.3 (as instruction)
    Get the same error (error: -9)
    Case2:
  4. Delete old Vieux and download the new Vieux.
  5. run: sudo codesign --sign - --force --deep
    for every bin in resources/bin/*, but can not modified "futurerestore"
  6. Use Vieux command to downgrade 5s to 10.3.3 (as instruction)
    Get the same error code 253

@bkchucnc bkchucnc mentioned this issue Apr 14, 2020
Closed
@bkchucnc
Copy link

Success after flash ios 12.4.4 for 5s and do it again. Thank you so much!

This was referenced Apr 14, 2020
Closed
Closed
Closed
Closed
Open
Open
Open
Closed
@MatthewPierson
Copy link
Owner

Thank you @riotdream for that fix! Have included a link to your comment in the README along side the alternative fix by @Salompas, have credited you both.

Thank you again for this, I was unable to do anything about these Catalina issues as I don't have access to a Catalina install since my hackintosh only wants to run Mojave and lower sadly.

@riotdream
Copy link
Author

@MatthewPierson thank you for Vieux, I'm glad that my solution could help someone else resolving some minor problems with your app.

Cheers.

@riotdream
Copy link
Author

Could you describe it in more detail?
I did:
Case 1:

  1. Delete old Vieux and download the new Vieux.
  2. Replace igetnonce in Vieux/resources/bin/ by https://github.com/s0uthwest/igetnonce/releases
  3. Use Vieux command to downgrade 5s to 10.3.3 (as instruction)
    Get the same error (error: -9)
    Case2:
  4. Delete old Vieux and download the new Vieux.
  5. run: sudo codesign --sign - --force --deep
    for every bin in resources/bin/*, but can not modified "futurerestore"
  6. Use Vieux command to downgrade 5s to 10.3.3 (as instruction)
    Get the same error code 253

All the binary from Vieux resources/bin folder are fine, there is only a problem with code sign, so the fix it's done replacing the older sign with the new one from your mac.

I've delete Vieux folder because, like you, I've putted s0uthwest igetnonce but it's another version and it will break Vieux process.

@buiphonght
Copy link

buiphonght commented Apr 21, 2020
edited
Loading

Thank you @riotdream for that fix! Have included a link to your comment in the README along side the alternative fix by @Salompas, have credited you both.

Thank you again for this, I was unable to do anything about these Catalina issues as I don't have access to a Catalina install since my hackintosh only wants to run Mojave and lower sadly.

Please mark this solution in README not only for Catalina but Mojave too. I have Mojave 10.14.6 and I struggled with this one like 2 days. I came here without hope. And ta-da. It worked!
Turns out @riotdream said that he has a Macbook running Mojave 10.14.6 (like me) -.-
Never think that an issue with Mojave is marked in "MacOS Catalina Security Issues" -.-

@Turkay7879
Copy link

Turkay7879 commented Jul 19, 2020
edited
Loading

I've resolved all the issue deleting the Vieux folder so any resources/bin modified is gone and after unzipping the new version I've just done:

sudo codesign --sign - --force --deep

for every executable in resources/bin/* and all worked like a charm.

Seems that is a problem with code signing executable

Thanks for the tip! I've resolved my problem by this way with Nudaoaddu while trying to restore to 12.4 I had to resign irecovery and igetnonce with this way to get it working. Worked like a charm on macOS 10.15.6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@riotdream @bkchucnc @buiphonght @MatthewPierson @Turkay7879