Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iOS 10: Failed to connect to lockdownd service on the device #32

Closed
samrocketman opened this issue Nov 1, 2016 · 14 comments

Comments

Projects
None yet
5 participants
@samrocketman
Copy link

commented Nov 1, 2016

EDIT: Solution

Build with OpenSSL instead of GnuTLS. GnuTLS does not work with iOS10 devices. The package maintainer in Ubuntu built libimobiledevice with --disable-openssl option forcing GnuTLS. See the last comment in this issue for my solution.


Problem

I'm trying to connect my iPhone 5S to my Linux system to retrieve pictures. Prior to updating to iOS 10, it worked. Post-upgrade to iOS 10 I can no longer mount the storage. Downgrading iPhone is not possible on Linux.

ifuse errors with:

GnuTLS error: Error in the pull function.
Failed to connect to lockdownd service on the device.
Try again. If it still fails try rebooting your device.

I've attempted to reboot my device and it always gives the same error.

I built ifuse from source (at master HEAD) to try to resolve the issue. It is still not resolved.

Version info

Date retrieved the below dependencies: Tue Nov 1 03:35:16 UTC 2016

OS: Ubuntu 16.04 x64
uname -rms: Linux 4.4.0-45-generic x86_64
Compiled from source:
  GnuTLS (master branch HEAD)
  libusbmuxd (master branch HEAD)
  usbmuxd (master branch HEAD)
  libimobiledevice (master branch HEAD)
  ifuse (master branch HEAD)

Fully documented build process

I have fully documented exactly how I built and installed all of the utilities on Ubuntu 16.04,

https://gist.github.com/samrocketman/70dff6ebb18004fc37dc5e33c259a0fc

More verbose error

$ export GNUTLS_DEBUG_LEVEL=99

$ idevicepair pair
SUCCESS: Paired with device 37b633350ab83dc815a6a97dcd6d327b12c41968

$ ifuse ~/usr/mnt/
gnutls[2]: Enabled GnuTLS 3.4.10 logging...
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[5]: REC[0x6b45c0]: Allocating epoch #0
gnutls[3]: ASSERT: gnutls_constate.c:596
gnutls[5]: REC[0x6b45c0]: Allocating epoch #1
gnutls[4]: HSK[0x6b45c0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls[4]: HSK[0x6b45c0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls[4]: EXT[0x6b45c0]: Sending extension ENCRYPT THEN MAC (0 bytes)
gnutls[4]: EXT[0x6b45c0]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls[4]: EXT[0x6b45c0]: Sending extension SESSION TICKET (0 bytes)
gnutls[4]: HSK[0x6b45c0]: CLIENT HELLO was queued [62 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 62. Total 62 bytes.
gnutls[11]: HWRITE FLUSH: 62 bytes in buffer.
gnutls[5]: REC[0x6b45c0]: Preparing Packet Handshake(22) with length: 62 and min pad: 0
gnutls[9]: ENC[0x6b45c0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 67 bytes for 0x6b7bf0. Total 67 bytes.
gnutls[5]: REC[0x6b45c0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 67
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 67 bytes in buffer.
gnutls[11]: WRITE: wrote 67 bytes, 0 bytes left.
gnutls[3]: ASSERT: gnutls_buffers.c:1154
gnutls[10]: READ: -2 returned from 0x6b7bf0, errno=0 gerrno=0
gnutls[3]: ASSERT: gnutls_buffers.c:367
gnutls[3]: ASSERT: gnutls_buffers.c:588
gnutls[3]: ASSERT: gnutls_record.c:1038
gnutls[3]: ASSERT: gnutls_record.c:1158
gnutls[3]: ASSERT: gnutls_buffers.c:1409
gnutls[3]: ASSERT: gnutls_handshake.c:1446
gnutls[3]: ASSERT: gnutls_handshake.c:2757
gnutls[5]: REC[0x6b45c0]: Start of epoch cleanup
gnutls[5]: REC[0x6b45c0]: End of epoch cleanup
gnutls[5]: REC[0x6b45c0]: Epoch #0 freed
gnutls[5]: REC[0x6b45c0]: Epoch #1 freed
GnuTLS error: Error in the pull function.
Failed to connect to lockdownd service on the device.
Try again. If it still fails try rebooting your device.
@samrocketman

This comment has been minimized.

Copy link
Author

commented Nov 1, 2016

Getting a little closer. I rebuilt libimobiledevice lib with:

./autogen.sh --disable-openssl --prefix=$HOME/usr

Now when I run:

$ export GNUTLS_DEBUG_LEVEL=99

$ idevicepair pair
gnutls[2]: Enabled GnuTLS 3.5.5 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: unable to access: /etc/gnutls/default-priorities: 2
gnutls[3]: ASSERT: common.c[_gnutls_x509_export_int_named]:555
gnutls[3]: ASSERT: common.c[_gnutls_x509_export_int_named]:555
gnutls[3]: ASSERT: common.c[_gnutls_x509_export_int_named]:555
gnutls[3]: ASSERT: common.c[_gnutls_x509_export_int_named]:555
gnutls[3]: ASSERT: pk.c[wrap_nettle_pk_fixup]:1818
gnutls[3]: ASSERT: privkey.c[gnutls_x509_privkey_import_rsa_raw2]:979
SUCCESS: Paired with device 37b633350ab83dc815a6a97dcd6d327b12c41968

$ ifuse ~/usr/mnt
gnutls[2]: Enabled GnuTLS 3.4.10 logging...
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[5]: REC[0x1f9c560]: Allocating epoch #0
gnutls[3]: ASSERT: gnutls_constate.c:596
gnutls[5]: REC[0x1f9c560]: Allocating epoch #1
gnutls[4]: HSK[0x1f9c560]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls[4]: HSK[0x1f9c560]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls[4]: EXT[0x1f9c560]: Sending extension ENCRYPT THEN MAC (0 bytes)
gnutls[4]: EXT[0x1f9c560]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls[4]: EXT[0x1f9c560]: Sending extension SESSION TICKET (0 bytes)
gnutls[4]: HSK[0x1f9c560]: CLIENT HELLO was queued [62 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 62. Total 62 bytes.
gnutls[11]: HWRITE FLUSH: 62 bytes in buffer.
gnutls[5]: REC[0x1f9c560]: Preparing Packet Handshake(22) with length: 62 and min pad: 0
gnutls[9]: ENC[0x1f9c560]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 67 bytes for 0x1f98bf0. Total 67 bytes.
gnutls[5]: REC[0x1f9c560]: Sent Packet[1] Handshake(22) in epoch 0 and length: 67
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 67 bytes in buffer.
gnutls[11]: WRITE: wrote 67 bytes, 0 bytes left.
gnutls[3]: ASSERT: gnutls_buffers.c:1154
gnutls[10]: READ: -2 returned from 0x1f98bf0, errno=0 gerrno=0
gnutls[3]: ASSERT: gnutls_buffers.c:367
gnutls[3]: ASSERT: gnutls_buffers.c:588
gnutls[3]: ASSERT: gnutls_record.c:1038
gnutls[3]: ASSERT: gnutls_record.c:1158
gnutls[3]: ASSERT: gnutls_buffers.c:1409
gnutls[3]: ASSERT: gnutls_handshake.c:1446
gnutls[3]: ASSERT: gnutls_handshake.c:2757
gnutls[5]: REC[0x1f9c560]: Start of epoch cleanup
gnutls[5]: REC[0x1f9c560]: End of epoch cleanup
gnutls[5]: REC[0x1f9c560]: Epoch #0 freed
gnutls[5]: REC[0x1f9c560]: Epoch #1 freed
GnuTLS error: Error in the pull function.
Failed to connect to lockdownd service on the device.
Try again. If it still fails try rebooting your device.

Interestingly, idevicepair succeeds and is using GnuTLS 3.5.5. ifuse still fails and is using GnuTLS 3.4.10.

How do I force ifuse to use GnuTLS 3.5.5?

@samrocketman

This comment has been minimized.

Copy link
Author

commented Nov 1, 2016

I executed:

sudo apt-get remove libimobiledevice6

Then ifuse --version throws error:

ifuse: error while loading shared libraries: libimobiledevice.so.6: cannot open shared object file: No such file or directory

This is good it means I was using the system libimobiledevice library instead of my built-from source version.

@samrocketman

This comment has been minimized.

Copy link
Author

commented Nov 1, 2016

Okay, it still doesn't work.

$ export LD_LIBRARY_PATH="$HOME/usr/lib:${LD_LIBRARY_PATH}"

$ ifuse ~/usr/mnt/
gnutls[2]: Enabled GnuTLS 3.5.5 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: unable to access: /etc/gnutls/default-priorities: 2
gnutls[5]: REC[0x2060fc0]: Allocating epoch #0
gnutls[3]: ASSERT: constate.c[_gnutls_epoch_get]:600
gnutls[5]: REC[0x2060fc0]: Allocating epoch #1
gnutls[4]: HSK[0x2060fc0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls[4]: HSK[0x2060fc0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls[4]: EXT[0x2060fc0]: Sending extension Extended Master Secret (0 bytes)
gnutls[4]: EXT[0x2060fc0]: Sending extension Encrypt-then-MAC (0 bytes)
gnutls[4]: EXT[0x2060fc0]: Sending extension OCSP Status Request (5 bytes)
gnutls[4]: EXT[0x2060fc0]: Sending extension Safe Renegotiation (1 bytes)
gnutls[4]: EXT[0x2060fc0]: Sending extension Session Ticket (0 bytes)
gnutls[4]: HSK[0x2060fc0]: CLIENT HELLO was queued [75 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 75. Total 75 bytes.
gnutls[11]: HWRITE FLUSH: 75 bytes in buffer.
gnutls[5]: REC[0x2060fc0]: Preparing Packet Handshake(22) with length: 75 and min pad: 0
gnutls[9]: ENC[0x2060fc0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 80 bytes for 0x20648f0. Total 80 bytes.
gnutls[5]: REC[0x2060fc0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 80
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 80 bytes in buffer.
gnutls[11]: WRITE: wrote 80 bytes, 0 bytes left.
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1159
gnutls[10]: READ: -2 returned from 0x20648f0, errno=0 gerrno=0
gnutls[3]: ASSERT: buffers.c[_gnutls_stream_read]:367
gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:587
gnutls[3]: ASSERT: record.c[recv_headers]:1055
gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1175
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1414
gnutls[3]: ASSERT: handshake.c[_gnutls_recv_handshake]:1459
gnutls[3]: ASSERT: handshake.c[handshake_client]:2822
gnutls[5]: REC[0x2060fc0]: Start of epoch cleanup
gnutls[5]: REC[0x2060fc0]: End of epoch cleanup
gnutls[5]: REC[0x2060fc0]: Epoch #0 freed
gnutls[5]: REC[0x2060fc0]: Epoch #1 freed
GnuTLS error: Error in the pull function.
Failed to connect to lockdownd service on the device.
Try again. If it still fails try rebooting your device.

Now ifuse is using GnuTLS 3.5.5 but I still get the same error.

@samrocketman

This comment has been minimized.

Copy link
Author

commented Nov 1, 2016

Okay FINALLY got it to work 💃 👯‍♂ 👯

The original problem was a few issues (with me):

  • when I built from HEAD ifuse was using GnuTLS from the system libimobiledevice. It was because I didn't set LD_LIBRARY_PATH properly.
  • I mistakenly used GnuTLS when building from HEAD because that's what was complaining. After letting ifuse (built from HEAD) use libimobiledevice (built from HEAD but with OpenSSL instead of GnuTLS), it finally worked!

I'm going to update the instructions in my gist. Hopefully, someone finds them of use.

@samrocketman

This comment has been minimized.

Copy link
Author

commented Nov 1, 2016

@iuhfiajfoisjfdisaj

This comment has been minimized.

Copy link

commented Nov 4, 2016

For some reason it didn't use openssl libraries until I discovered libimobiledevice also has --enable-openssl for it's configure script. Then everything finally worked.

@murshid1988

This comment has been minimized.

Copy link

commented Dec 29, 2016

@samrocketman You sir, rock.

@TimSparrow

This comment has been minimized.

Copy link

commented Feb 14, 2017

Works for me (Kubuntu 16.10, iOS 10.2).

@ricciolino

This comment has been minimized.

Copy link

commented Mar 31, 2017

Sorry, what mean "build from HEAD"? And how can i do for build with OpenSSL?

@samrocketman

This comment has been minimized.

Copy link
Author

commented Apr 1, 2017

@ricciolino

what mean "build from HEAD"?

Read these pages:

When I said "build from HEAD," I meant building from origin/HEAD, also known as the default branch, for a project.

And how can i do for build with OpenSSL?

Read this page:

OpenSSL documents how to build their software. If you have trouble, I recommend join their mailing lists and asking them.

@ricciolino

This comment has been minimized.

Copy link

commented Apr 1, 2017

@samrocketman

This comment has been minimized.

Copy link
Author

commented Apr 1, 2017

You're welcome.

@ricciolino

This comment has been minimized.

Copy link

commented Apr 3, 2017

@ghost

This comment has been minimized.

Copy link

commented Oct 12, 2017

Thank you @samrocketman
The instructions you provided #32 (comment) worked perfectly on Fedora 25 with an iPhone 6s (I think that's what this thing is) 💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.