iPhone 4 iOS 4.2.x Boot Issue

Question

iPhone 4 iOS 4.2.x Boot Issue

Closed this issue 4 months ago · 4 comments

on the phone i get this message

Error, no successful firmware download after 60000 ms!!! giving up

Answer 1 · 2024-07-18T19:09:41.000Z

packing: 038-2273-001.dmg (603238121)
packing: 038-2275-001.dmg (15546692)
packing: 038-2280-001.dmg (15595668)
packing: BuildManifest.plist (45227)
packing: Downgrade/ (0)
packing: Downgrade/RestoreDeviceTree (58272)
packing: Downgrade/RestoreKernelCache (5779572)
packing: Downgrade/RestoreLogo (24608)
packing: Firmware/ (0)
packing: Firmware/ICE3_01.51.00.Release.bin (16777216)
packing: Firmware/ICE3_01.51.00.fls (7464328)
packing: Firmware/ICE3_01.51.00_BOOT_02.08.Release.bbfw (3762206)
packing: Firmware/ICE3_01.51.00_BOOT_02.08.Release.plist (860)
packing: Firmware/ICE3_BOOT_01.91_G2M1S2.fls (339048)
packing: Firmware/Phoenix-1.0.06.Release.bbfw (6902564)
packing: Firmware/Phoenix-1.0.06.Release.plist (841)
packing: Firmware/Phoenix-1.0.06.zip (7074856)
packing: Firmware/Phoenix-Latest.txt (20)
packing: Firmware/all_flash/ (0)
packing: Firmware/all_flash/all_flash.n92ap.production/ (0)
packing: Firmware/all_flash/all_flash.n92ap.production/DeviceTree.n92ap.img3 (58436)
packing: Firmware/all_flash/all_flash.n92ap.production/LLB.n92ap.RELEASE.img3 (96644)
packing: Firmware/all_flash/all_flash.n92ap.production/applelogo-640x960.s5l8930x.img3 (24772)
packing: Firmware/all_flash/all_flash.n92ap.production/batterycharging0-640x960.s5l8930x.img3 (70212)
packing: Firmware/all_flash/all_flash.n92ap.production/batterycharging1-640x960.s5l8930x.img3 (80004)
packing: Firmware/all_flash/all_flash.n92ap.production/batteryfull-640x960.s5l8930x.img3 (235268)
packing: Firmware/all_flash/all_flash.n92ap.production/batterylow0-640x960.s5l8930x.img3 (190148)
packing: Firmware/all_flash/all_flash.n92ap.production/batterylow1-640x960.s5l8930x.img3 (209924)
packing: Firmware/all_flash/all_flash.n92ap.production/glyphcharging-640x960.s5l8930x.img3 (71940)
packing: Firmware/all_flash/all_flash.n92ap.production/glyphplugin-640x960.s5l8930x.img3 (69444)
packing: Firmware/all_flash/all_flash.n92ap.production/iBoot.n92ap.RELEASE.img3 (231812)
packing: Firmware/all_flash/all_flash.n92ap.production/manifest (387)
packing: Firmware/all_flash/all_flash.n92ap.production/recoverymode-640x960.s5l8930x.img3 (143748)
packing: Firmware/dfu/ (0)
packing: Firmware/dfu/iBEC.n92ap.RELEASE.dfu (231812)
packing: Firmware/dfu/iBSS.n92ap.RELEASE.dfu (149724)
packing: Restore.plist (2510)
packing: kernelcache.release.k48 (5680900)
packing: kernelcache.release.n81 (5589508)
packing: kernelcache.release.n90 (5667588)
packing: kernelcache.release.n92 (5779716)
[Log] Applying iOS 4 patches
[Log] Patch iBSS
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: iBSS.n92ap.RELEASE.dfu
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b5a12791c0e68c4c8c779de74ed3749d626df875a26f46040e0e2772d9824c7d4865c55d91f99a0749cff9296e43595d
main: Starting...
main: iBoot-931 inputted.
patch_boot_args: Entering...
patch_boot_args: Default boot-args string is at 0x2012c
patch_boot_args: boot-args xref is at 0x12df4
patch_boot_args: Relocating boot-args string...
patch_boot_args: "Reliance on this certificate" string found at 0x22a68
patch_boot_args: Pointing default boot-args xref to 0x84022a68...
patch_boot_args: Applying custom boot-args "rd=md0 -v amfi=0xff cs_enforcement_disable=1 pio-error=0"
patch_boot_args: Found LDR R0, =boot_args at 0x12660
patch_boot_args: Found CMP R1, #0 at 0x12672
patch_boot_args: Found IT EQ/IT NE at 0x13258
patch_boot_args: Found MOV R0, R0 at 0x1325a
patch_debug_enabled: Entering...
find_dtre_get_value_bl_insn: Entering...
find_dtre_get_value_bl_insn: debug-enabled string is at 0x202b4
find_dtre_get_value_bl_insn: "debug-enabled" xref is at 0x12e90
find_dtre_get_value_bl_insn: Found LDR R0, ="debug-enabled" at 0x129ae
find_dtre_get_value_bl_insn: Found BL instruction at 0x129c4
find_dtre_get_value_bl_insn: Leaving...
patch_debug_enabled: Patching BL insn at 0x129c4...
patch_debug_enabled: Leaving...
patch_rsa_check: Entering...
find_rsa_check_4: Entering...
find_rsa_check_4: Found RSA check at 0x19a24
find_rsa_check_4: Leaving...
patch_rsa_check: Patching RSA at 0x19a24...
find_ldr_ecid: Entering...
find_ldr_ecid: Found LDR instruction at 0x11dcc
find_ldr_ecid: Found BL ECID at 0x11ddc
find_ldr_ecid: Leaving...
patch_rsa_check: Patching BL ECID at 0x11ddc...
find_ldr_bord: Entering...
find_ldr_bord: Found LDR BORD instruction at 0x11da6
find_ldr_bord: Found BL BORD at 0x11db8
find_ldr_bord: Leaving...
patch_rsa_check: Patching BL BORD at 0x11db8...
find_ldr_prod: Entering...
find_ldr_prod: Found LDR PROD instruction at 0x11cd2
find_ldr_prod: Found BL PROD at 0x11ce4
find_ldr_prod: Leaving...
patch_rsa_check: Patching BL PROD at 0x11ce4...
find_ldr_sepo: Entering...
find_ldr_sepo: Found LDR SEPO instruction at 0x11d74
find_ldr_sepo: Found BL SEPO at 0x11d76
find_ldr_sepo: Leaving...
patch_rsa_check: Patching BL SEPO at 0x11d76...
main: Writing out patched file to iBSS.patched...
main: Quitting...
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b5a12791c0e68c4c8c779de74ed3749d626df875a26f46040e0e2772d9824c7d4865c55d91f99a0749cff9296e43595d
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b5a12791c0e68c4c8c779de74ed3749d626df875a26f46040e0e2772d9824c7d4865c55d91f99a0749cff9296e43595d
updating: Firmware/dfu/iBSS.n92ap.RELEASE.dfu (stored 0%)
[Log] Patch iBEC
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: iBEC.n92ap.RELEASE.dfu
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: afc982f37264494ac68a2e4fe5d6af489ff429a6f3dac7ce0ff186281108116f6e8df0ece9759d7c7deea5de7c421b1b
main: Starting...
main: iBoot-931 inputted.
patch_boot_args: Entering...
patch_boot_args: Default boot-args string is at 0x300e4
patch_boot_args: boot-args xref is at 0x13444
patch_boot_args: Relocating boot-args string...
patch_boot_args: "Reliance on this certificate" string found at 0x362cc
patch_boot_args: Pointing default boot-args xref to 0x5ff362cc...
patch_boot_args: Applying custom boot-args "rd=md0 -v amfi=0xff cs_enforcement_disable=1 pio-error=0"
patch_boot_args: Found LDR R0, =boot_args at 0x12cba
patch_boot_args: Found CMP R1, #0 at 0x12cc2
patch_boot_args: Found IT EQ/IT NE at 0x138a4
patch_boot_args: Found MOV R0, R0 at 0x138a6
patch_debug_enabled: Entering...
find_dtre_get_value_bl_insn: Entering...
find_dtre_get_value_bl_insn: debug-enabled string is at 0x3026c
find_dtre_get_value_bl_insn: "debug-enabled" xref is at 0x134dc
find_dtre_get_value_bl_insn: Found LDR R0, ="debug-enabled" at 0x13002
find_dtre_get_value_bl_insn: Found BL instruction at 0x13018
find_dtre_get_value_bl_insn: Leaving...
patch_debug_enabled: Patching BL insn at 0x13018...
patch_debug_enabled: Leaving...
patch_rsa_check: Entering...
find_rsa_check_4: Entering...
find_rsa_check_4: Found RSA check at 0x1a620
find_rsa_check_4: Leaving...
patch_rsa_check: Patching RSA at 0x1a620...
find_ldr_ecid: Entering...
find_ldr_ecid: Found LDR instruction at 0x12448
find_ldr_ecid: Found BL ECID at 0x12458
find_ldr_ecid: Leaving...
patch_rsa_check: Patching BL ECID at 0x12458...
find_ldr_bord: Entering...
find_ldr_bord: Found LDR BORD instruction at 0x12422
find_ldr_bord: Found BL BORD at 0x12434
find_ldr_bord: Leaving...
patch_rsa_check: Patching BL BORD at 0x12434...
find_ldr_prod: Entering...
find_ldr_prod: Found LDR PROD instruction at 0x1234e
find_ldr_prod: Found BL PROD at 0x12360
find_ldr_prod: Leaving...
patch_rsa_check: Patching BL PROD at 0x12360...
find_ldr_sepo: Entering...
find_ldr_sepo: Found LDR SEPO instruction at 0x123f0
find_ldr_sepo: Found BL SEPO at 0x123f2
find_ldr_sepo: Leaving...
patch_rsa_check: Patching BL SEPO at 0x123f2...
main: Writing out patched file to iBEC.patched...
main: Quitting...
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: afc982f37264494ac68a2e4fe5d6af489ff429a6f3dac7ce0ff186281108116f6e8df0ece9759d7c7deea5de7c421b1b
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: afc982f37264494ac68a2e4fe5d6af489ff429a6f3dac7ce0ff186281108116f6e8df0ece9759d7c7deea5de7c421b1b
updating: Firmware/dfu/iBEC.n92ap.RELEASE.dfu (stored 0%)
[Log] Add all to custom IPSW
updating: Firmware/dfu/iBEC.n92ap.RELEASE.dfu (stored 0%)
updating: Firmware/dfu/iBSS.n92ap.RELEASE.dfu (stored 0%)
[Log] Starting multipatch
[Log] Checking URL in ../resources/firmware/iPhone3,3/8E600/url
[Log] Checking firmware keys in ../resources/firmware/iPhone3,3/8E600
[Log] Checking firmware keys in ../resources/firmware/iPhone3,3/8E600
[Log] Getting 4.2.10 restore components
[Log] iBSS
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: iBSS.n92ap.RELEASE.dfu
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b5a12791c0e68c4c8c779de74ed3749d626df875a26f46040e0e2772d9824c7d4865c55d91f99a0749cff9296e43595d
[Log] Patch iBSS
main: Starting...
main: iBoot-931 inputted.
patch_boot_args: Entering...
patch_boot_args: Default boot-args string is at 0x2012c
patch_boot_args: boot-args xref is at 0x12df4
patch_boot_args: Relocating boot-args string...
patch_boot_args: "Reliance on this certificate" string found at 0x22a68
patch_boot_args: Pointing default boot-args xref to 0x84022a68...
patch_boot_args: Applying custom boot-args "rd=md0 -v nand-enable-reformat=1 amfi=0xff amfi_get_out_of_my_way=1 cs_enforcement_disable=1 pio-error=0"
patch_boot_args: Found LDR R0, =boot_args at 0x12660
patch_boot_args: Found CMP R1, #0 at 0x12672
patch_boot_args: Found IT EQ/IT NE at 0x13258
patch_boot_args: Found MOV R0, R0 at 0x1325a
patch_debug_enabled: Entering...
find_dtre_get_value_bl_insn: Entering...
find_dtre_get_value_bl_insn: debug-enabled string is at 0x202b4
find_dtre_get_value_bl_insn: "debug-enabled" xref is at 0x12e90
find_dtre_get_value_bl_insn: Found LDR R0, ="debug-enabled" at 0x129ae
find_dtre_get_value_bl_insn: Found BL instruction at 0x129c4
find_dtre_get_value_bl_insn: Leaving...
patch_debug_enabled: Patching BL insn at 0x129c4...
patch_debug_enabled: Leaving...
patch_rsa_check: Entering...
find_rsa_check_4: Entering...
find_rsa_check_4: Found RSA check at 0x19a24
find_rsa_check_4: Leaving...
patch_rsa_check: Patching RSA at 0x19a24...
find_ldr_ecid: Entering...
find_ldr_ecid: Found LDR instruction at 0x11dcc
find_ldr_ecid: Found BL ECID at 0x11ddc
find_ldr_ecid: Leaving...
patch_rsa_check: Patching BL ECID at 0x11ddc...
find_ldr_bord: Entering...
find_ldr_bord: Found LDR BORD instruction at 0x11da6
find_ldr_bord: Found BL BORD at 0x11db8
find_ldr_bord: Leaving...
patch_rsa_check: Patching BL BORD at 0x11db8...
find_ldr_prod: Entering...
find_ldr_prod: Found LDR PROD instruction at 0x11cd2
find_ldr_prod: Found BL PROD at 0x11ce4
find_ldr_prod: Leaving...
patch_rsa_check: Patching BL PROD at 0x11ce4...
find_ldr_sepo: Entering...
find_ldr_sepo: Found LDR SEPO instruction at 0x11d74
find_ldr_sepo: Found BL SEPO at 0x11d76
find_ldr_sepo: Leaving...
patch_rsa_check: Patching BL SEPO at 0x11d76...
main: Writing out patched file to iBSS.patched...
main: Quitting...
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b5a12791c0e68c4c8c779de74ed3749d626df875a26f46040e0e2772d9824c7d4865c55d91f99a0749cff9296e43595d
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b5a12791c0e68c4c8c779de74ed3749d626df875a26f46040e0e2772d9824c7d4865c55d91f99a0749cff9296e43595d
updating: Firmware/dfu/iBSS.n92ap.RELEASE.dfu (stored 0%)
adding: Firmware/dfu/iBSS.n92.RELEASE.dfu (stored 0%)
[Log] iBEC
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: iBEC.n92ap.RELEASE.dfu
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: afc982f37264494ac68a2e4fe5d6af489ff429a6f3dac7ce0ff186281108116f6e8df0ece9759d7c7deea5de7c421b1b
[Log] Patch iBEC
main: Starting...
main: iBoot-931 inputted.
patch_boot_args: Entering...
patch_boot_args: Default boot-args string is at 0x300e4
patch_boot_args: boot-args xref is at 0x13444
patch_boot_args: Relocating boot-args string...
patch_boot_args: "Reliance on this certificate" string found at 0x362cc
patch_boot_args: Pointing default boot-args xref to 0x5ff362cc...
patch_boot_args: Applying custom boot-args "rd=md0 -v nand-enable-reformat=1 amfi=0xff amfi_get_out_of_my_way=1 cs_enforcement_disable=1 pio-error=0"
patch_boot_args: Found LDR R0, =boot_args at 0x12cba
patch_boot_args: Found CMP R1, #0 at 0x12cc2
patch_boot_args: Found IT EQ/IT NE at 0x138a4
patch_boot_args: Found MOV R0, R0 at 0x138a6
patch_debug_enabled: Entering...
find_dtre_get_value_bl_insn: Entering...
find_dtre_get_value_bl_insn: debug-enabled string is at 0x3026c
find_dtre_get_value_bl_insn: "debug-enabled" xref is at 0x134dc
find_dtre_get_value_bl_insn: Found LDR R0, ="debug-enabled" at 0x13002
find_dtre_get_value_bl_insn: Found BL instruction at 0x13018
find_dtre_get_value_bl_insn: Leaving...
patch_debug_enabled: Patching BL insn at 0x13018...
patch_debug_enabled: Leaving...
patch_rsa_check: Entering...
find_rsa_check_4: Entering...
find_rsa_check_4: Found RSA check at 0x1a620
find_rsa_check_4: Leaving...
patch_rsa_check: Patching RSA at 0x1a620...
find_ldr_ecid: Entering...
find_ldr_ecid: Found LDR instruction at 0x12448
find_ldr_ecid: Found BL ECID at 0x12458
find_ldr_ecid: Leaving...
patch_rsa_check: Patching BL ECID at 0x12458...
find_ldr_bord: Entering...
find_ldr_bord: Found LDR BORD instruction at 0x12422
find_ldr_bord: Found BL BORD at 0x12434
find_ldr_bord: Leaving...
patch_rsa_check: Patching BL BORD at 0x12434...
find_ldr_prod: Entering...
find_ldr_prod: Found LDR PROD instruction at 0x1234e
find_ldr_prod: Found BL PROD at 0x12360
find_ldr_prod: Leaving...
patch_rsa_check: Patching BL PROD at 0x12360...
find_ldr_sepo: Entering...
find_ldr_sepo: Found LDR SEPO instruction at 0x123f0
find_ldr_sepo: Found BL SEPO at 0x123f2
find_ldr_sepo: Leaving...
patch_rsa_check: Patching BL SEPO at 0x123f2...
main: Writing out patched file to iBEC.patched...
main: Quitting...
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: afc982f37264494ac68a2e4fe5d6af489ff429a6f3dac7ce0ff186281108116f6e8df0ece9759d7c7deea5de7c421b1b
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: afc982f37264494ac68a2e4fe5d6af489ff429a6f3dac7ce0ff186281108116f6e8df0ece9759d7c7deea5de7c421b1b
updating: Firmware/dfu/iBEC.n92ap.RELEASE.dfu (stored 0%)
adding: Firmware/dfu/iBEC.n92.RELEASE.dfu (stored 0%)
[Log] DeviceTree
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: DeviceTree.n92ap.img3
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: 4090885f539e815ccb7a209ca82442d9d5a6f3443d19912246650fc12afd231f8e9a780347dc9c1a5bc72375bf28edfc
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: 4090885f539e815ccb7a209ca82442d9d5a6f3443d19912246650fc12afd231f8e9a780347dc9c1a5bc72375bf28edfc
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: 4090885f539e815ccb7a209ca82442d9d5a6f3443d19912246650fc12afd231f8e9a780347dc9c1a5bc72375bf28edfc
updating: Downgrade/RestoreDeviceTree (stored 0%)
[Log] Kernelcache
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: kernelcache.release.n92
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b126ae72b1e054fad6e4aec521c359549e2f48603ab9a94355c4a64d282b05a5012160a07a91dee093495f2d402f81d7
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b126ae72b1e054fad6e4aec521c359549e2f48603ab9a94355c4a64d282b05a5012160a07a91dee093495f2d402f81d7
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: b126ae72b1e054fad6e4aec521c359549e2f48603ab9a94355c4a64d282b05a5012160a07a91dee093495f2d402f81d7
updating: Downgrade/RestoreKernelCache (stored 0%)
[Log] RestoreRamdisk
Archive: /Users/theapplepie/Downloads/iPhone3,3_4.2.10_8E600_Restore.ipsw
inflating: 038-2280-001.dmg
/tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: 1c1d9499995af90ad3d81571e97412062713a183e9be8949dcf93d8259850c786857d0c4220a5666bcbf33fdda95d493
[Log] Extracting ramdisk from IPSW
Archive: temp.ipsw
inflating: 038-2280-001.dmg
[Log] Checking
No such file or directory
[Log] Grow ramdisk
grew volume: 30000000
[Log] Patch ASR
[Log] Extract options.plist from 4.2.10 IPSW
[Log] Modify options.plist

MinimumSystemPartition 1054 CreateFilesystemPartitions SystemPartitionSize 1054 UpdateBaseband FlashNOR [Log] Adding exploit and partition stuff ignoring bin, type = 5 file: bin/dd (0755), size = 96080 ignoring sbin, type = 5 file: sbin/partition4 (0755), size = 62352 file: sbin/umount (0755), size = 22784 [Log] Repack Restore Ramdisk /tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: 1c1d9499995af90ad3d81571e97412062713a183e9be8949dcf93d8259850c786857d0c4220a5666bcbf33fdda95d493 /tmp/xpwn/ipsw-patch/img3.c:createAbstractFileFromImg3:643: 1c1d9499995af90ad3d81571e97412062713a183e9be8949dcf93d8259850c786857d0c4220a5666bcbf33fdda95d493 [Log] Add Restore Ramdisk to IPSW updating: 038-2280-001.dmg (stored 0%) [Log] Found existing saved 7.1.2 blobs: ../saved/shsh/2728127595308_iPhone3,3_n92ap_7.1.2-11D257_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 [Input] PwnDFU Tool Option * Select tool to be used for entering pwned DFU mode. * This option is set to ipwnder by default (1). Select this option if unsure. * If the first option does not work, try the other option(s). [Input] Select your option: 1) ipwnder 2) ipwndfu #? 1 [Log] Placing device to pwnDFU mode using ipwnder [main] enabled: debug log [main] Waiting for device in DFU mode... [io_get_serial] Found serial number! [main] CONNECTED [main] CPID: 0x8930, BDID: 0x06, STRG: [iBoot-574.4] ** exploiting with limera1n [limera1n] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [limera1n] sending exploit payload [limera1n] 0, 1352 [limera1n] sending fake data [limera1n] 0, 1 [limera1n] e0004051, 0 [limera1n] executing exploit [limera1n] e0004051, 0 [limera1n] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [limera1n] 0, 0 [limera1n] 0, 6 [limera1n] 0, 6 [limera1n] 0, 6 [limera1n] exploit sent [limera1n] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [io_get_serial] Found serial number! [limera1n] pwned! [Log] Device iPhone3,3 has no baseband/disabled baseband update [Log] Extracting IPSW: ../iPhone3,3_4.2.10_8E600_CustomPV.ipsw Archive: ../iPhone3,3_4.2.10_8E600_CustomPV.ipsw inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/038-2273-001.dmg inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/038-2275-001.dmg extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/038-2280-001.dmg inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/BuildManifest.plist creating: ../iPhone3,3_4.2.10_8E600_CustomPV/Downgrade/ extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/Downgrade/RestoreDeviceTree extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/Downgrade/RestoreKernelCache inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Downgrade/RestoreLogo creating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/ inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/ICE3_01.51.00.Release.bin inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/ICE3_01.51.00.fls inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/ICE3_01.51.00_BOOT_02.08.Release.bbfw inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/ICE3_01.51.00_BOOT_02.08.Release.plist inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/ICE3_BOOT_01.91_G2M1S2.fls inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/Phoenix-1.0.06.Release.bbfw inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/Phoenix-1.0.06.Release.plist inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/Phoenix-1.0.06.zip inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/Phoenix-Latest.txt creating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/ creating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/ inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/DeviceTree.n92ap.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/LLB.n92ap.RELEASE.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/applelogo-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/batterycharging0-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/batterycharging1-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/batteryfull-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/batterylow0-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/batterylow1-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/glyphcharging-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/glyphplugin-640x960.s5l8930x.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/iBoot.n92ap.RELEASE.img3 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/manifest inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/all_flash/all_flash.n92ap.production/recoverymode-640x960.s5l8930x.img3 creating: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/dfu/ extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/dfu/iBEC.n92ap.RELEASE.dfu extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/dfu/iBSS.n92ap.RELEASE.dfu inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/Restore.plist inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/kernelcache.release.k48 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/kernelcache.release.n81 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/kernelcache.release.n90 inflating: ../iPhone3,3_4.2.10_8E600_CustomPV/kernelcache.release.n92 extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/dfu/iBSS.n92.RELEASE.dfu extracting: ../iPhone3,3_4.2.10_8E600_CustomPV/Firmware/dfu/iBEC.n92.RELEASE.dfu [Log] Running idevicerestore with command: ../bin/macos/idevicerestore -ew "../iPhone3,3_4.2.10_8E600_CustomPV.ipsw" Found device in DFU mode Found ECID 2728127595308 Identified device as n92ap, iPhone3,3 Extracting BuildManifest from IPSW Product Version: 4.2.10 Product Build: 8E600 Major: 8 Device supports Image4: false Variant: Customer Erase Install (IPSW) This restore will erase your device data. checking for local shsh Using cached SHSH Using cached filesystem from '../iPhone3,3_4.2.10_8E600_CustomPV/038-2273-001.dmg' Extracting iBSS.n92ap.RELEASE.dfu... Personalizing IMG3 component iBSS... reconstructed size: 149745 Sending iBSS (149745 bytes)... [==================================================] 100.0% INFO: device serial number is C8QF23JJDDP7 Recovery Mode Environment: iBoot build-version=iBoot-931.72.14 iBoot build-style=RELEASE ramdisk-size=RELEASE Extracting 038-2280-001.dmg... Not personalizing component RestoreRamDisk... Sending RestoreRamDisk (30002196 bytes)... Extracting RestoreDeviceTree... Not personalizing component RestoreDeviceTree... Sending RestoreDeviceTree (58272 bytes)... Extracting RestoreKernelCache... Not personalizing component RestoreKernelCache... Sending RestoreKernelCache (5779572 bytes)... About to restore device... Waiting for device... Device 3e788b16aa0a8b7417ab5b26e455a28d13648ecc is now connected in restore mode... Connecting now... Connected to com.apple.mobile.restored, version 12 Device 3e788b16aa0a8b7417ab5b26e455a28d13648ecc has successfully entered restore mode Hardware Information: BoardID: 6 ChipID: 35120 UniqueChipID: 2728127595308 ProductionMode: true Waiting for NAND (28) Creating partition map (11) Creating filesystem (12) Creating filesystem (12) About to send filesystem... Connected to ASR Validating the filesystem Filesystem validated Sending filesystem now... [==================================================] 100.0% Done sending filesystem Verifying restore (14) [==================================================] 100.0% Checking filesystems (15) Mounting filesystems (16) Checking filesystems (15) Mounting filesystems (16) About to send KernelCache... Extracting kernelcache.release.n92... Not personalizing component KernelCache... Sending KernelCache now... Done sending KernelCache Installing kernelcache (27) Fixing up /var (17) Modifying persistent boot-args (25) Updating gas gauge software (46) Updating gas gauge software (46) Creating system key bag (49) Finalizing NAND epoch update (32) Unmounting filesystems (29) Unmounting filesystems (29) Got status message Status: Restore Finished Cleaning up... DONE [Log] Do not disconnect your device, not done yet * Please put the device in DFU mode after it reboots! [Log] Finding device in Recovery/DFU mode... [Input] PwnDFU Tool Option * Select tool to be used for entering pwned DFU mode. * This option is set to ipwnder by default (1). Select this option if unsure. * If the first option does not work, try the other option(s). [Input] Select your option: 1) ipwnder 2) ipwndfu #? 1 [Log] Placing device to pwnDFU mode using ipwnder [main] enabled: debug log [main] Waiting for device in DFU mode... [io_get_serial] Found serial number! [main] CONNECTED [main] CPID: 0x8930, BDID: 0x06, STRG: [iBoot-574.4] ** exploiting with limera1n [limera1n] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [limera1n] sending exploit payload [limera1n] 0, 1352 [limera1n] sending fake data [limera1n] 0, 1 [limera1n] e0004051, 0 [limera1n] executing exploit [limera1n] e0004051, 0 [limera1n] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [limera1n] 0, 0 [limera1n] 0, 6 [limera1n] 0, 6 [limera1n] 0, 6 [limera1n] exploit sent [limera1n] reconnecting [io_reset] ResetDevice: 0 [io_reset] USBDeviceReEnumerate: 0 [io_get_serial] Found serial number! [limera1n] pwned! [Log] Device iPhone3,3 has no baseband/disabled baseband update [Log] Extracting IPSW: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308.ipsw Archive: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308.ipsw extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/038-4297-008.dmg extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/038-4361-021.dmg extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/BuildManifest.plist creating: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Downgrade/ extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Downgrade/RestoreKernelCache extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Downgrade/RestoreDeviceTree creating: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/ creating: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/dfu/ extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/dfu/iBSS.n92ap.RELEASE.dfu extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/dfu/iBEC.n92ap.RELEASE.dfu creating: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/ creating: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/ extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/applelogo@2x~iphone.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/batteryfull@2x~iphone.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/iBoot.n92ap.RELEASE.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/batterylow0@2x~iphone.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/glyphplugin@2x~iphone-30pin.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/iBoot2.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/batterycharging1@2x~iphone.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/manifest extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/DeviceTree.n92ap.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/applelogo-640x960.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/batterylow1@2x~iphone.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/LLB.n92ap.RELEASE.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/recoverymode@2x~iphone-30pin.s5l8930x.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/applelogoT.img3 extracting: ../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308/Firmware/all_flash/all_flash.n92ap.production/batterycharging0@2x~iphone.s5l8930x.img3 [Log] Running idevicerestore with command: ../bin/macos/idevicerestore -ew "../iPhone3,3_4.2.10_8E600_CustomNP-2728127595308.ipsw" Found device in DFU mode Found ECID 2728127595308 Identified device as n92ap, iPhone3,3 Extracting BuildManifest from IPSW Product Version: 5.1.1 Product Build: 9B206 Major: 9 Device supports Image4: false Variant: Customer Erase Install (IPSW) This restore will erase your device data. Getting ApNonce in dfu mode... checking for local shsh Using cached SHSH Extracting filesystem from IPSW Extracting iBSS.n92ap.RELEASE.dfu... Personalizing IMG3 component iBSS... reconstructed size: 67909 Sending iBSS (67909 bytes)... [==================================================] 100.0% Nonce: 17 0e b2 f7 df e5 28 7f 55 0e 6f 5b 87 fb ae 97 72 8d 89 90 checking for local shsh Using cached SHSH Extracting iBEC.n92ap.RELEASE.dfu... Personalizing IMG3 component iBEC... reconstructed size: 244037 Sending iBEC (244037 bytes)... [==================================================] 100.0% INFO: device serial number is C8QF23JJDDP7 Getting ApNonce in recovery mode... 17 0e b2 f7 df e5 28 7f 55 0e 6f 5b 87 fb ae 97 72 8d 89 90 Sending APTicket (2741 bytes) Recovery Mode Environment: iBoot build-version=iBoot-1219.62.15 iBoot build-style=RELEASE ramdisk-size=RELEASE Extracting 038-4361-021.dmg... Not personalizing component RestoreRamDisk... Sending RestoreRamDisk (18002196 bytes)... Extracting RestoreDeviceTree... Not personalizing component RestoreDeviceTree... Sending RestoreDeviceTree (60808 bytes)... Extracting RestoreKernelCache... Not personalizing component RestoreKernelCache... Sending RestoreKernelCache (6406612 bytes)... About to restore device... Waiting for device... Device 3e788b16aa0a8b7417ab5b26e455a28d13648ecc is now connected in restore mode... Connecting now... Connected to com.apple.mobile.restored, version 12 Device 3e788b16aa0a8b7417ab5b26e455a28d13648ecc has successfully entered restore mode Hardware Information: BoardID: 6 ChipID: 35120 UniqueChipID: 2728127595308 ProductionMode: true Waiting for NAND (28) About to send RootTicket... Sending RootTicket now... Done sending RootTicket Checking filesystems (15) Mounting filesystems (16) Checking filesystems (15) Mounting filesystems (16) Fixing up /var (17) Modifying persistent boot-args (25) About to send NORData... Found firmware path Firmware/all_flash/all_flash.n92ap.production Getting firmware manifest from Firmware/all_flash/all_flash.n92ap.production/manifest Extracting LLB.n92ap.RELEASE.img3... Personalizing IMG3 component LLB... reconstructed size: 133593 Extracting DeviceTree.n92ap.img3... Not personalizing component DeviceTree... Extracting batterycharging0@2x~iphone.s5l8930x.img3... Not personalizing component BatteryCharging... Extracting batterycharging1@2x~iphone.s5l8930x.img3... Not personalizing component BatteryCharging... Extracting batteryfull@2x~iphone.s5l8930x.img3... Not personalizing component BatteryFull... Extracting batterylow0@2x~iphone.s5l8930x.img3... Not personalizing component BatteryLow0... Extracting batterylow1@2x~iphone.s5l8930x.img3... Not personalizing component BatteryLow1... Extracting glyphplugin@2x~iphone-30pin.s5l8930x.img3... Not personalizing component BatteryPlugin... Extracting iBoot.n92ap.RELEASE.img3... Not personalizing component iBoot... Extracting recoverymode@2x~iphone-30pin.s5l8930x.img3... Not personalizing component RecoveryMode... Extracting iBoot2.img3... Not personalizing component iBoot... Extracting applelogo-640x960.s5l8930x.img3... Not personalizing component AppleLogo... Sending NORData now... Done sending NORData Flashing firmware (18) [==================================================] 100.0% Updating gas gauge software (46) Updating gas gauge software (46) Creating system key bag (49) Finalizing NAND epoch update (32) Unmounting filesystems (29) Unmounting filesystems (29) Got status message Status: Restore Finished Cleaning up... DONE

[Log] Restoring done! Read the message below if any error has occurred:

For device activation, go to: Other Utilities -> Attempt Activation
Please read the "Troubleshooting" wiki page in GitHub before opening any issue!
Your problem may have already been addressed within the wiki page.
If opening an issue in GitHub, please provide a FULL log/output. Otherwise, your issue may be dismissed.

[Log] The device may enter recovery mode after the restore

To fix this, go to: Other Utilities -> Disable/Enable Exploit -> Enable Exploit
Save the terminal output now if needed.
Legacy iOS Kit v24.07.38 (60b6d07)
Platform: macos (11.7.10)

Answer 2 · 2024-07-19T00:32:55.000Z

it is already shown in the restore/downgrade menu that 4.2.1 and lower are hit or miss

it works fine for some, while others will be stuck at the no successful firmware download after 60000 ms error

out of the 4.0-4.2.1 versions, 4.1 seems to be the most reliable, but ofc that will also not work on devices incompatible with it (eg. minimum is 4.3, 5.0, or 6.0 depending on device)

Answer 3 · 2024-07-19T01:10:53.000Z

What About 4.2.x for the CDMA 4, are those hit or miss too?

Answer 4 · 2024-07-19T01:16:15.000Z

maybe? idk, i dont have a cdma 4