iPad 7 Failed Install of TrollStore Helper

[getBoolean]

I'm unable to get TrollStore Helper installed. I used this command:

./sshrd.sh https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw TrollStore Tips

This seems to be where it failed:

get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x9a7061
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x10bcc64

Click to view full output

boolean@boolean:~/Documents/SSHRD_Script$ ./sshrd.sh https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw TrollStore Tips
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
100 1259k    0 1259k    0     0   589k      0 --:--:--  0:00:02 --:--:-- 4616k
Archive:  gaster-Linux.zip
  inflating: gaster                  
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
usb_timeout: 5
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:1C ECID:000130901EBA8026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:1C ECID:000130901EBA8026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: SPRAY
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:1C ECID:000130901EBA8026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: SETUP
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:1C ECID:000130901EBA8026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Found the USB handle.
Stage: PATCH
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:1C ECID:000130901EBA8026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw
init done
getting: BuildManifest.plist
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/dfu/iBSS.ipad7c.RELEASE.im4p
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/all_flash/DeviceTree.j171ap.im4p
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/078-34285-081.dmg.trustcache
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw
init done
getting: kernelcache.release.ipad7c
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52155/B842569C-B688-44DA-9058-9B8DC5936A52/iPad_10.2_15.6.1_19G82_Restore.ipsw
init done
getting: 078-34285-081.dmg
100% [===================================================================================================>]
download succeeded
usb_timeout: 5
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:1C ECID:000130901EBA8026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
main: Starting...
iOS 15 iBoot detected!
getting get_boot_arg_patch(rd=md0 debug=0x2014e -v wdt=-1 TrollStore=Tips) patch
getting get_debug_enabled_patch() patch
getting get_unlock_nvram_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x1800c457c : 000080d2
applying patch=0x1800c45c4 : 000080d2
applying patch=0x1800b1f64 : 000080d2c0035fd6
applying patch=0x1800b1fbc : 000080d2c0035fd6
applying patch=0x1800ef6e4 : 000080d2c0035fd6
applying patch=0x1800c61b4 : 200080d2
applying patch=0x1800c7718 : d8100b50
applying patch=0x1800dd932 : 72643d6d64302064656275673d30783230313465202d76207764743d2d312054726f6c6c53746f72653d5469707300
applying patch=0x1800cba78 : 1f2003d5
main: Writing out patched file to work/iBSS.patched...
main: Quitting...
none
krnl
main: Starting...
main: Detected fat macho kernel
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-8020 inputted
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x9a7061
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x10bcc64
get_amfi_out_of_my_way_patch: Patching AMFI at 0x10b82a8
main: Writing out patched file to work/kcache.patched...
main: Quitting...
0x10b82c4 0xfd 0xe0
0x10b82c5 0x7b 0x3
0x10b82c6 0xbf 0x0
0x10b82c7 0xa9 0x32
0x10b82c8 0xfd 0xc0
0x10b82ca 0x0 0x5f
0x10b82cb 0x91 0xd6
krnl
dtre
rtsc
rdsk
none
we are done, please use ./sshrd.sh boot to boot your device
cleanup...
boolean@boolean:~/Documents/SSHRD_Script$ ./sshrd.sh boot
[==================================================] 100.0%
ERROR: Unable to connect to device
failed

Device

• Device: iPad 7
• OS: iPadOS 15.1

Additional Details

I am running this on an Ubuntu 22.04 USB (not live) because I had trouble getting the dependencies installed on the live usb version.

[verygenericname]

It never failed...?

[verygenericname]

Thats just a patch for amfi, to make it not error. It's working as intended

[getBoolean]

Eitherway, TrollStore Helper was not installed

[verygenericname]

Did you run ./sshrd.sh boot

[verygenericname]

Oh wait nvm i see

[verygenericname]

Did the devices backlight come on when the first bar showed

[getBoolean]

Did the devices backlight come on when the first bar showed

I just tried it again without running ./sshrd.sh boot afterwards and it turned itself on after a few seconds. It seems to be turning itself on before ./sshrd.sh boot can run/finish.

[verygenericname]

Try creating the ramdisk with a 15.1 ipsw maybe

[getBoolean]

Try creating the ramdisk with a 15.1 ipsw maybe

Same result, did not work

[verygenericname]

Let me try updating gaster