Exploit failed (Iphone 7 on Linux)

[relampagorojo93]

Hello,
I'm trying to jailbreak my Iphone 7, and I'm having some troubles to use ipwndfu. I used the second version made with Python3 that gives more debug:

---

relampagorojo93@Rela-Linux:~/Imágenes/ipwndfu-master$ sudo ./ipwndfu -p

*** checkm8 exploit by axi0mX ***
****** stage 1, heap grooming
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:0019695924858526 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
no large leak, hole:5
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
Performing USB port reset.
****** stage 2, usb setup, send 0x800 of 'A', sends no data
ctrl transfer ERROR: 33 4 USBError(19, 'No such device (it may have been disconnected)')
****** stage 3, exploit
ctrl transfer ERROR: 2 3 USBError(32, 'Pipe error')
doing leak 1
ctrl transfer ERROR: 128 6 USBError(110, 'Operation timed out')
ctrl transfer ERROR: 0 0 USBError(32, 'Pipe error')
ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')
ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')
Performing USB port reset.
****** final check
final serial CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:0019695924858526 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
ERROR: Exploit failed. Device did not enter pwned DFU Mode.

---

Sorry for the underscores, but I didn't found a correct way to give format to this text, I'm not really used to use GitHub.

I checked other issues of this, and what I saw is that the usb setup doesn't fail, it gets successfully done, so, I don't know if that's the problem, and if it's that, how to solve it. I installed libusb-1* to make sure I had all libraries, also libusb-dev and python-libusb1 just in case. I put the Iphone 7 in DFU mode, and I used lsusb to check Iphone's status, and it says in DFU mode.

[geelongmicrosoldering]

Before addressing your issue with the exploit, id like to address the very first statement there.

You are aware ipwndfu does not jailbreak your device correct? It just exploits the device allowing payloads to be sent ect.

If you are successful with the exploit, nothing is going to happen as far as jailbreaking is concerned

[geelongmicrosoldering]

To follow that up, the version of ipwndfu you are using, is a fork from geohot. Your issue should be raised on that fork, not here.

But its worth pointing out that that fork was made before axiomx merged changes, so its very outdated now

[relampagorojo93]

Before addressing your issue with the exploit, id like to address the very first statement there.

You are aware ipwndfu does not jailbreak your device correct? It just exploits the device allowing payloads to be sent ect.

If you are successful with the exploit, nothing is going to happen as far as jailbreaking is concerned

As I heard from other sites, this allows the first step for the jailbreaking, at least bypassing the Apple security system, and as I heard too, is that yet there's no custom ipsw or something done to use this exploit, but I was searching a lot to see ways to jailbreak my Iphone due the iOS 13, and like I saw it, I thought at least I could use the exploit until that moment.

To follow that up, the version of ipwndfu you are using, is a fork from geohot. Your issue should be raised on that fork, not here.

But its worth pointing out that that fork was made before axiomx merged changes, so its very outdated now

On the repos of the fork, the last update of some files are from 15 days ago, in this repo, it's from 10 or 12 days ago, so I don't know what you really mean with outdated, and also, I used it cause also this ipwndfu is giving me problems, and I read in a post from 9 days ago about a raspberry used to exploit the Iphones that this fork had more debug than this one, and I thought at least this fork would give some info instead of nothing.

[izaman1]

Hello,
I'm trying to jailbreak my Iphone 7, and I'm having some troubles to use ipwndfu. I used the second version made with Python3 that gives more debug:

relampagorojo93@Rela-Linux:~/Imágenes/ipwndfu-master$ sudo ./ipwndfu -p

*** checkm8 exploit by axi0mX ***
****** stage 1, heap grooming
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:0019695924858526 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
no large leak, hole:5
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
ctrl transfer good: 128 6
Performing USB port reset.
****** stage 2, usb setup, send 0x800 of 'A', sends no data
ctrl transfer ERROR: 33 4 USBError(19, 'No such device (it may have been disconnected)')
****** stage 3, exploit
ctrl transfer ERROR: 2 3 USBError(32, 'Pipe error')
doing leak 1
ctrl transfer ERROR: 128 6 USBError(110, 'Operation timed out')
ctrl transfer ERROR: 0 0 USBError(32, 'Pipe error')
ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')
ctrl transfer ERROR: 33 1 USBError(110, 'Operation timed out')
Performing USB port reset.
****** final check
final serial CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:0019695924858526 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
ERROR: Exploit failed. Device did not enter pwned DFU Mode.

Sorry for the underscores, but I didn't found a correct way to give format to this text, I'm not really used to use GitHub.

I checked other issues of this, and what I saw is that the usb setup doesn't fail, it gets successfully done, so, I don't know if that's the problem, and if it's that, how to solve it. I installed libusb-1* to make sure I had all libraries, also libusb-dev and python-libusb1 just in case. I put the Iphone 7 in DFU mode, and I used lsusb to check Iphone's status, and it says in DFU mode.

I also faced same type of error

[thatguypix19]

first of all I would like to inform you that as of now, this exploit does nothing to your device that you may want it to do such as jailbreaking. If you are only interested in jailbreaking I suggest just leaving this alone and waiting on one to be released. Ipwndfu as of now can only do things such as verbose boot for iPhone X only (unless of course you can find a fork that allows support for other devices). There are also things like being able to enable jtag, which is pretty much useless you Are skilled with iOS reverse engineering and are willing to pay $700 or so on a cable that allows you to debug iOS for research.

[izaman1]

I just want to see whether my device exploiting or not. If that error remains when the jailbreak come I won’t be able to exploit in the first place. 😊

[EWouters]

@izaman1 the readme will allow you to check if your device is exploitable. This comment also gives a nice list. Running the code in this repo will only tell you if the exploit has been implemented for your device yet.

[izaman1]

@izaman1 the readme will allow you to check if your device is exploitable. This comment also gives a nice list. Running the code in this repo will only tell you if the exploit has been implemented for your device yet.

T8010 (A10 Fusion): 0x8010 //iPad (6th generation), iPad (7th generation), iPhone 7, iPhone 7 Plus, iPod touch (7th generation)
Thank You for your reply my chip set is already mentioned

[drandroidsv]

master@master-HP-ProBook-6560b:~/Descargas/ipwndfu-master$ sudo ./ipwndfu -p --boot
*** checkm8 exploit by axi0mX ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:001A152920D1A526 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8]
Device is already in pwned DFU Mode. Not executing exploit.
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:001A152920D1A526 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8]
ERROR: Option --boot is currently only supported on iPhone X pwned with checkm8.

[izaman1]

Boot option is not released for iphone 7