An error occurred on iphone7 ios15.5beta4

[xiuxianchengdi]

[] Getting device info...
[] Pwning device
[*] Downloading BuildManifest
[-] An error occurred

[itsnebulalol]

Is your blob valid? If you run git pull then add --debug to the end of the command, and send the full log I can help. Also, please send the command you ran.

[xiuxianchengdi]

there is an other issue
./palera1n.sh /Users/admin/palera1n/blob.shsh2 --debug
palera1n | Version 1.0.0
Written by Nebula | Some code by Nathan | Patching commands and ramdisk by Mineek | Loader app by Amy

Hello, iPhone9,1 on 15.5!
[] Switching device into recovery mode...
[] Waiting for device to reconnect in recovery mode
[] Getting device info...
[] Press any key when ready for DFU mode
Get ready (0)
Hold volume down + side button (0)
Keep holding (0)
Release side button, but keep holding volume down (0)
[] Device entered DFU!
[] Pwning device
[] Downloading BuildManifest
[] Downloading and decrypting iBSS
[] Downloading and decrypting iBEC
[] Downloading DeviceTree
[] Downloading trustcache
[] Downloading kernelcache
[] Patching and repacking iBSS/iBEC
[] Patching and converting kernelcache
[] Converting DeviceTree
[] Patching and converting trustcache
[*] Booting device
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[=== ] 4.9%
Done!
The device should now boot to iOS
If you already have installed Pogo, click uicache and remount preboot in the tools section
If not, get an IPA from the latest action build of Pogo and install with TrollStore
Add the repo mineek.github.io/repo for Procursus

[itsnebulalol]

Please run ./palera1n clean then run the original command again with '--debug`.

Is that blob in that location valid?

[xiuxianchengdi]

I'm sure blob is valid
./palera1n.sh /Users/admin/Desktop/15b4.shsh2 --debug
palera1n | Version 1.0.0
Written by Nebula | Some code by Nathan | Patching commands and ramdisk by Mineek | Loader app by Amy

Hello, iPhone9,1 on 15.5!
[] Switching device into recovery mode...
[] Waiting for device to reconnect in recovery mode
[] Getting device info...
[] Press any key when ready for DFU mode
Get ready (0)
Hold volume down + side button (0)
Keep holding (0)
Release side button, but keep holding volume down (0)
[] Device entered DFU!
[] Pwning device
[] Downloading BuildManifest
[] Downloading and decrypting iBSS
[] Downloading and decrypting iBEC
[] Downloading DeviceTree
[] Downloading trustcache
[] Downloading kernelcache
[] Patching and repacking iBSS/iBEC
[] Patching and converting kernelcache
[] Converting DeviceTree
[] Patching and converting trustcache
[*] Booting device
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[=== ] 4.9%
Done!
The device should now boot to iOS
If you already have installed Pogo, click uicache and remount preboot in the tools section
If not, get an IPA from the latest action build of Pogo and install with TrollStore
Add the repo mineek.github.io/repo for Procursus

[itsnebulalol]

Please run git pull, ./palera1n.sh clean, then run that command again

[xiuxianchengdi]

ok, it's boot, but it stay on verbose boot,
bool applem2scalercschal:: ititscal

[*] Booting device
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%

Done!

[itsnebulalol]

Did it show the whole debug log in the terminal?

[xiuxianchengdi]

yes,
Terminal Saved Output.log

[itsnebulalol]

Since this is 15.5b4, and ipsw.me’s api doesn’t return betas, can you please grab a 15.5b4 ipsw for your device? Then, open the script in a text editor, and change the ipswurl line to be ipswurl=link to your ipsw.

Then you can run clean and run the script again.

[xiuxianchengdi]

is correct?
ipswurl=https://updates.cdn-apple.com/2022SpringSeed/fullrestores/002-94731/C88B0D92-E914-434D-9B9F-A62FFC2B9359/iPhone_4.7_P3_15.5_19F5070b_Restore.ipsw

[xiuxianchengdi]

black screen after verbose boot.

[itsnebulalol]

is correct? ipswurl=https://updates.cdn-apple.com/2022SpringSeed/fullrestores/002-94731/C88B0D92-E914-434D-9B9F-A62FFC2B9359/iPhone_4.7_P3_15.5_19F5070b_Restore.ipsw

yes, as long as that's a 15.5b4 ipsw

[itsnebulalol]

black screen after verbose boot.

is your blob valid?

[xiuxianchengdi]

yes，I downgraded my device with this blob a few days ago

[itsnebulalol]

Can you please try with an onboard blob dumped from SSHRD_Script?

[xiuxianchengdi]

How to do that?

[itsnebulalol]

Do the steps, but instead of running the ssh command, run ./sshrd.sh dump-blobs. Then use that blob in palera1n. If you can’t figure it out, this will be implemented automatically soon.

[xiuxianchengdi]

apple@localhost SSHRD_Script % ./sshrd.sh dump-blobs
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: dump-blobs
Error init failed
failed

[ghost]

apple@localhost SSHRD_Script % ./sshrd.sh dump-blobs usb_timeout: 5 [IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] Found the USB handle. Stage: RESET ret: true [IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] Found the USB handle. Stage: SPRAY ret: true [IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] Found the USB handle. Stage: SETUP ret: true [IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] Found the USB handle. Stage: PATCH ret: true [IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:08 ECID:000E656820D20F26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[gaster] Found the USB handle. Now you can boot untrusted images. img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f Compiled with plist: YES Saved IM4M to work/IM4M Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38 libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE init pzb: dump-blobs Error init failed failed

You need to run ./sshrd.sh 15.5b4 first and then put the device in dfu mode and then type ./sshrd.sh boot
after it is fully booted then ./sshrd.sh dump-blobs
the first time it will fail and then type ./sshrd.sh dump-blobs again and then it will work and use the dumped.shsh blobs when you run palera1n

edit: https://github.com/kristenlc/SSHRD_Script-High-Sierra/blob/main/dump_onboard_blobs.sh this is a automated bash script that dumps your onboard blobs if your device is already in dfu mode, please download this script and put it in the same directory as sshrd.sh and run it as ./dump_onboard_blobs.sh 15.5b4

[ghost]

UPDATE: There has been a video tutorial made for checkm8 vulnerable devices to use palera1n if they are running iOS 15.0 to 15.5 beta 4. The tutorial was made for intel mac computers running high sierra. iOS 15.0 - 15.5b4 JAILBREAK: Sileo ACHIEVED by palera1n Jailbreak - YouTube

[xiuxianchengdi]

apple@bogon SSHRD_Script % ./dump_onboard_blobs.sh 15.5b4
[] Removed the current created SSH ramdisk
[] Getting device info... this may take a second
dyld: Library not loaded: /usr/local/lib/libimg4tool.0.dylib
Referenced from: /Users/apple/palera1n-High-Sierra/SSHRD_Script/Darwin/img4tool
Reason: image not found
./sshrd.sh: line 158: 5497 Abort trap: 6 "$oscheck"/img4tool -e -s shsh/"${check}".shsh -m work/IM4M
[-] An error occurred

[itsnebulalol]

Are you on high sierra, if so, follow the commands on the readme.

If not, use the normal version

[xiuxianchengdi]

apple@bogon SSHRD_Script % ./sshrd.sh 15.5b4
[] Waiting for device in DFU mode
[] Getting device info... this may take a second
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: null
Error init failed
[-] An error occurred

[itsnebulalol]

Use 14.8 for the ramdisk version. Yes, I know you’re on 15.5b4. It doesn’t matter

[xiuxianchengdi]

Successful install sileo. Thanks.

[ghost]

apple@bogon SSHRD_Script % ./dump_onboard_blobs.sh 15.5b4 [] Removed the current created SSH ramdisk [] Getting device info... this may take a second dyld: Library not loaded: /usr/local/lib/libimg4tool.0.dylib Referenced from: /Users/apple/palera1n-High-Sierra/SSHRD_Script/Darwin/img4tool Reason: image not found ./sshrd.sh: line 158: 5497 Abort trap: 6 "$oscheck"/img4tool -e -s shsh/"${check}".shsh -m work/IM4M [-] An error occurred

Thank you for mentioning this, I would have not found out otherwise.
img4tool 190 i think has to be compiled from source also not just libgeneral, otherwise it will err.
I have since updated the readme file to reflect this.
My fork is for those who are running high sierra only, and the instructions require more steps for high sierra.
It is recommended to use nebula palera1n if you are running mac os catalina or later.

[ghost]

apple@bogon SSHRD_Script % ./dump_onboard_blobs.sh 15.5b4 [] Removed the current created SSH ramdisk [] Getting device info... this may take a second dyld: Library not loaded: /usr/local/lib/libimg4tool.0.dylib Referenced from: /Users/apple/palera1n-High-Sierra/SSHRD_Script/Darwin/img4tool Reason: image not found ./sshrd.sh: line 158: 5497 Abort trap: 6 "$oscheck"/img4tool -e -s shsh/"${check}".shsh -m work/IM4M [-] An error occurred

This very specific error has been fixed now! Thank you for letting me know about this error, it should not happen again on the latest version

[xiuxianchengdi]

yes，I downgraded my device with this blob a few days ago

…

Nebula ***@***.***> 於 2022年9月19日 下午9:42 寫道：  black screen after verbose boot. is your blob valid? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.