iphone x cannot boot into custom ramdisk

[loadnl]

./sshrd.sh https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: BuildManifest.plist
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/dfu/iBSS.d22.RELEASE.im4p
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/all_flash/DeviceTree.d22ap.im4p
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/078-34285-081.dmg.trustcache
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: kernelcache.release.iphone10b
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: 078-34285-081.dmg
100% [===================================================================================================>]
download succeeded
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
main: Starting...
iOS 15 iBoot detected!
getting get_boot_arg_patch(rd=md0 debug=0x2014e -v wdt=-1) patch
getting get_debug_enabled_patch() patch
getting get_unlock_nvram_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x180030ad0 : 000080d2
applying patch=0x180030b18 : 000080d2
applying patch=0x18001df64 : 000080d2c0035fd6
applying patch=0x18001dfbc : 000080d2c0035fd6
applying patch=0x180063144 : 000080d2c0035fd6
applying patch=0x18003289c : 200080d2
applying patch=0x180033e14 : 78b80c10
applying patch=0x18004d520 : 72643d6d64302064656275673d30783230313465202d76207764743d2d3100
applying patch=0x1800389bc : 1f2003d5
main: Writing out patched file to work/iBSS.patched...
main: Quitting...
none
krnl
main: Starting...
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-8020 inputted
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x39a7b5
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x12d2da4
get_amfi_out_of_my_way_patch: Patching AMFI at 0x12cf5e0
main: Writing out patched file to work/kcache.patched...
main: Quitting...
0x12cf5e0 0xfd 0xe0
0x12cf5e1 0x7b 0x3
0x12cf5e2 0xbf 0x0
0x12cf5e3 0xa9 0x32
0x12cf5e4 0xfd 0xc0
0x12cf5e6 0x0 0x5f
0x12cf5e7 0x91 0xd6
krnl
dtre
rtsc
rdsk
/dev/disk4 /private/tmp/SSHRD
"disk4" ejected.
none
we are done, please use ./sshrd.sh boot to boot your device
cleanup...
loadnl@loadnls-iMac SSHRD_Script % ./sshrd.sh boot
[==================================================] 100.0%
ERROR: Unable to connect to device
failed

[verygenericname]

Restart the iphone into recovery > then dfu, then run boot again

[loadnl]

I have tried 3times. It does not work.

loadnl@loadnls-iMac SSHRD_Script % ./sshrd.sh https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: BuildManifest.plist
0% [ 100% [========================================================================== 29% [============================> 65% [================================================================> 100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/dfu/iBSS.d22.RELEASE.im4p
0% [ 100% [========================================================================== 0% [ 0% [ 2% [=> 2% [==========================================================================100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/all_flash/DeviceTree.d22ap.im4p
0% [ 100% [========================================================================== 49% [================================================> 61% [============================================================> 100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/078-34285-081.dmg.trustcache
0% [ 100% [==========================================================================100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: kernelcache.release.iphone10b
0% [ 100% [========================================================================== [========================================================================== 99% [==========================================================================100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw
init done
getting: 078-34285-081.dmg
0% [ 100% [========================================================================== 0% [ 0% [ 0% [ 0% [==========================================================================100% [===================================================================================================>]
download succeeded
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
main: Starting...
iOS 15 iBoot detected!
getting get_boot_arg_patch(rd=md0 debug=0x2014e -v wdt=-1) patch
getting get_debug_enabled_patch() patch
getting get_unlock_nvram_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x180030ad0 : 000080d2
applying patch=0x180030b18 : 000080d2
applying patch=0x18001df64 : 000080d2c0035fd6
applying patch=0x18001dfbc : 000080d2c0035fd6
applying patch=0x180063144 : 000080d2c0035fd6
applying patch=0x18003289c : 200080d2
applying patch=0x180033e14 : 78b80c10
applying patch=0x18004d520 : 72643d6d64302064656275673d30783230313465202d76207764743d2d3100
applying patch=0x1800389bc : 1f2003d5
main: Writing out patched file to work/iBSS.patched...
main: Quitting...
none
krnl
main: Starting...
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-8020 inputted
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x39a7b5
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x12d2da4
get_amfi_out_of_my_way_patch: Patching AMFI at 0x12cf5e0
main: Writing out patched file to work/kcache.patched...
main: Quitting...
0x12cf5e0 0xfd 0xe0
0x12cf5e1 0x7b 0x3
0x12cf5e2 0xbf 0x0
0x12cf5e3 0xa9 0x32
0x12cf5e4 0xfd 0xc0
0x12cf5e6 0x0 0x5f
0x12cf5e7 0x91 0xd6
krnl
dtre
rtsc
rdsk
/dev/disk4 /private/tmp/SSHRD
"disk4" ejected.
none
we are done, please use ./sshrd.sh boot to boot your device
cleanup...
loadnl@loadnls-iMac SSHRD_Script % ./sshrd.sh boot
[==================================================] 100.0%
ERROR: Unable to connect to device
failed
loadnl@loadnls-iMac SSHRD_Script % ./sshrd.sh boot
[==================================================] 100.0%
ERROR: Unable to connect to device
failed
loadnl@loadnls-iMac SSHRD_Script % ./sshrd.sh boot
[==================================================] 100.0%
ERROR: Unable to connect to device
failed

[verygenericname]

You dont have to recreate every time

[verygenericname]

Reboot and go to dfu and just do ./sshrd.sh boot

[loadnl]

yeah,I just run ./sshrd.sh boot. with out ./sshrd.sh https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52718/E165707F-2AA7-40C8-B1A5-0BB94E3F845A/iPhone10,3,iPhone10,6_15.6.1_19G82_Restore.ipsw

but it not work

[verygenericname]

Try different computer?

[verygenericname]

Or unplug phone after first bar, then plug back in and see if it goes

[loadnl]

thank you for your help, I will try it in virtual Ubuntu.

[loadnl]

with ubuntu it shows this for loop

[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: false
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: false
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: false
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: false
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: false
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: SPRAY
ret: false
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8015 CPRV:11 CPFM:03 SCEP:01 BDID:06 ECID:0011052210FBC02E IBFL:3C SRTG:[iBoot-3332.0.0.1.23]
Found the USB handle.
Stage: RESET
ret: true

[verygenericname]

Vm dont work well with checkm8

[loadnl]

oo.... thank you ，I will close this question！

[cakarlen]

I'm having the same issue on my iPhone X, iOS 15.3.1, using MacOS 12.3 (Monterey). Can this issue be reopened? @verygenericname

[loadnl]

I'm having the same issue on my iPhone X, iOS 15.3.1, using MacOS 12.3 (Monterey). Can this issue be reopened? @verygenericname

I just give up, I have tried many times

[JinLi-i]

I have the very same problem. Every time I run ./sshrd.sh boot, my ipad reboot immediately and boot into the normal system. Then the script cannot connect to it since it's no longer in dfu mode.

[verygenericname]

Does the backlight come on at all?

[JinLi-i]

My device is iPad Pro 9.7 Cellular, iOS 15.4.1; running this script on macOS 12.5.1.
When it is in dfu, no backlight at all. But as soon as the script detects the device, it starts to reboot. When the two bars finished, ipad even showed the lock screen.

~/SSHRD_Script (main*) » sudo ./sshrd.sh boot
Password:
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
waiting for dfu mode device
[==================================================] 100.0%
[==================================================] 100.0%
ERROR: Unable to connect to device
failed

And I tried to install TrollStore with:

~/SSHRD_Script (main) » sudo ./sshrd.sh https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw TrollStore Tips
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8001 CPRV:10 CPFM:03 SCEP:01 BDID:0A ECID:0011646924B82226 IBFL:1C SRTG:[iBoot-2481.0.0.2.1] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: BuildManifest.plist
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/dfu/iBSS.ipad6b.RELEASE.im4p
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/dfu/iBEC.ipad6b.RELEASE.im4p
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/all_flash/DeviceTree.j128ap.im4p
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: Firmware/078-34285-081.dmg.trustcache
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: kernelcache.release.ipad6b
100% [===================================================================================================>]
download succeeded
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-52159/1499A7D6-07FF-4FF3-9ACA-AA46A72D9950/iPadPro_9.7_15.6.1_19G82_Restore.ipsw
init done
getting: 078-34285-081.dmg
100% [===================================================================================================>]
download succeeded
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8001 CPRV:10 CPFM:03 SCEP:01 BDID:0A ECID:0011646924B82226 IBFL:1C SRTG:[iBoot-2481.0.0.2.1] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
usb_timeout: 5
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8001 CPRV:10 CPFM:03 SCEP:01 BDID:0A ECID:0011646924B82226 IBFL:1C SRTG:[iBoot-2481.0.0.2.1] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
main: Starting...
iOS 15 iBoot detected!
getting get_sigcheck_patch() patch
applying patch=0x18000e3ec : 000080d2
applying patch=0x18000e3ac : 000080d2
main: Writing out patched file to work/iBSS.patched...
main: Quitting...
none
main: Starting...
iOS 15 iBoot detected!
getting get_boot_arg_patch(rd=md0 debug=0x2014e -v wdt=-1 TrollStore=Tips ) patch
getting get_debug_enabled_patch() patch
getting get_unlock_nvram_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x8700105e4 : 000080d2
applying patch=0x8700105a0 : 000080d2
applying patch=0x870001800 : 000080d2c0035fd6
applying patch=0x870001d80 : 000080d2c0035fd6
applying patch=0x8700336e0 : 000080d2c0035fd6
applying patch=0x8700121a8 : 200080d2
applying patch=0x870013718 : 1a8d0610
applying patch=0x8700208b8 : 72643d6d64302064656275673d30783230313465202d76207764743d2d312054726f6c6c53746f72653d546970732000
applying patch=0x87001724c : 1f2003d5
main: Writing out patched file to work/iBEC.patched...
main: Quitting...
none
krnl
main: Starting...
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-8020 inputted
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x963061
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x10a4c64
get_amfi_out_of_my_way_patch: Patching AMFI at 0x10a02a8
main: Writing out patched file to work/kcache.patched...
main: Quitting...
0x10a02a8 0xfd 0xe0
0x10a02a9 0x7b 0x3
0x10a02aa 0xbf 0x0
0x10a02ab 0xa9 0x32
0x10a02ac 0xfd 0xc0
0x10a02ae 0x0 0x5f
0x10a02af 0x91 0xd6
krnl
dtre
rtsc
rdsk
/dev/disk2 /private/tmp/SSHRD
"disk2" ejected.
none
we are done, please use ./sshrd.sh boot to boot your device
cleanup...

[loadnl]

I open the ./sshrd.sh run the cmd step by step. when run irecovery -f sshramdisk/ramdisk.img4. the device reboot

[verygenericname]

im not sure, dude, someone elses iphone x works fine

[itsnebulalol]

Cannot reproduce, iPhone X GSM using 15.6.1 IPSW on macOS. Have you tried using a 14.3 IPSW? I've only seen this issue on Linux.

[cakarlen]

Just tried using 14.3 IPSW on my iPhone X Global and this is what I get when running boot:

[itsnebulalol]

Try running sudo usbmuxd -p -f. If that doesn't help, compiling usbmuxd2 may help.

[loadnl]

I think this issue may caused by its not in the "true" DFU
follow this may help
palera1n/palera1n#13 (comment)
I worked for me!

[fbiego]

@loadnl could you explain how to go about it? the link is not available

[loadnl]

@loadnl could you explain how to go about it? the link is not available
@fbiego
you should follow this to get into dfu

https://www.youtube.com/watch?v=LPgf0ebq46M