Error while downgrading, unable to restore [ Unable to send iBSS component: Unable to upload data to device ]
zyan910 opened this issue · 2 comments
Attempted a few times, Is it possible to find the exact issue?
(I removed the SEP / Baseband downloading progress in the code)
Last login: Mon Sep 19 00:43:58 on ttys000
(base) zyan910@Zyans-MBP ~ % cd /Users/zyan910/Downloads/sunst0rm-main
(base) zyan910@Zyans-MBP sunst0rm-main % python3 sunstorm.py -i /Users/zyan910/Downloads/sunst0rm-main/iPhone_4.7_P3_14.8_18H17_Restore.ipsw -t /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 -r -d D201AP
sunst0rm
Made by mineek
Some code by m1n1exploit
[] Extracting IPSW
[] Extracting RamDisk
rdsk
[] Mounting RamDisk
/dev/disk4 /Users/zyan910/Downloads/sunst0rm-main/work/ramdisk
[] Patching ASR in the RamDisk
getting get_asr_patch()
[] Image failed signature verification 0x14804c5e1
[] Image passed signature verification 0x14804c5bd
[] Assembling arm64 branch
[] Writing out patched file to work/patched_asr
[] Extracting ASR Ents
[] Resigning ASR
[] Chmoding ASR
[] Copying Patched ASR back to the RamDisk
[] Patching Restored External
file size: 1049440
getting get_skip_sealing_patch()
[] Skipping sealing system volume string at 0xb22fa
[] Skipping sealing system volume xref at 0x3129c
[] Skipping sealing system volume branch to xref at 0x3123c
[] Assembling arm64 branch
[] Writing out patched file to work/restored_external_patched
[] Extracting Restored External Ents
[] Resigning Restored External
[] Chmoding Restored External
[] Copying Patched Restored External back to the RamDisk
[] Detaching RamDisk
"disk4" ejected.
[] Creating RamDisk
Reading work/ramdisk.dmg...
IM4P outputted to: work/ramdisk.im4p
[] Extracting Kernel
Reading work/kernelcache.release.iphone10...
[NOTE] Image4 payload data is LZFSE compressed, decompressing...
Extracted Image4 payload data to: work/kcache.raw
[] Patching Kernel
main: Starting...
Kernel: Adding AppleFirmwareUpdate img4 signature check patch...
get_AppleFirmwareUpdate_img4_signature_check: Entering ...
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" str loc at 0x41522a
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" xref at 0x12173e0
get_AppleFirmwareUpdate_img4_signature_check: Patching "%s::%s() Performing img4 validation outside of workloop" at 0x12173ec
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-7195 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x40a18e
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0x11b0270
get_amfi_out_of_my_way_patch: Patching AMFI at 0x11ac6e8
main: Writing out patched file to work/krnl.patched...
main: Quitting...
[] Rebuilding Kernel
Reading work/krnl.patched...
Compressing payload using LZSS...
IM4P outputted to: work/krnl.im4p
[] Done!
[?] Do you want to restore the device? (y/n)
y
[?] Are you in pwndfu with sigchecks removed? (y/n)
y
[*] Restoring Device
Version: v2.0.0-test(19e30c014b2736ed9a5af08d95669a2dc8044bd3-291)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done
User specified to use latest signed SEP
Cached /tmp/futurerestore/sep.im4p not found, downloading a new one.
Downloading SEP
Checking if SEP is being signed...
Sending TSS request attempt 1... response successfully received
SEP is being signed!
User specified to use latest signed baseband
Downloading Baseband
Checking if Baseband is being signed...
[TSSR] User specified to request only a Baseband ticket.
Sending TSS request attempt 1... response successfully received
Baseband is being signed!
Downloading the latest firmware components...
Downloading SE firmware
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d201ap, iPhone10,4
Extracting BuildManifest from iPSW
Product version: 14.8
Product build: 18H17 Major: 18
Device supports Image4: true
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 3:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 4:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 5:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 6:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 7:
[IMG4TOOL] checking buildidentity matches board ... NO
[WARNING] NOT VALIDATING SHSH BLOBS IM4M!
[Error] BuildIdentity selected for restore does not match APTicket
BuildIdentity selected for restore:
BuildNumber : 18H17
BuildTrain : AzulSecuritySky
DeviceClass : d201ap
FDRSupport : YES
MobileDeviceMinVersion : 1253.100.1
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)
BuildIdentity is valid for the APTicket:
IM4M is not valid for any restore within the Buildmanifest
This APTicket can't be used for restoring this firmware
[WARNING] NOT VALIDATING SHSH BLOBS!
Variant: Customer Erase Install (IPSW)
This restore will erase all device data.
Device found in DFU Mode.
Getting firmware keys for: d201ap
Patching iBSS
Extracting iBSS.d20.RELEASE.im4p (Firmware/dfu/iBSS.d20.RELEASE.im4p)...
payload decrypted
Compression detected, uncompressing (bvx2): ok
iBoot64Patch: Staring iBoot64Patch!
iOS 14 iBoot detected!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: Added unlock nvram patch!
iBoot64Patch: Added freshnonce patch!
iBoot64Patch: has_kernel_load is false!
iBoot64Patch: Applying patch=0x180032878 : 000080d2
iBoot64Patch: Applying patch=0x1800328cc : 000080d2
iBoot64Patch: Applying patch=0x18001f8a8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18001f8f8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18006a36c : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x180038c64 : 1f2003d5
iBoot64Patch: Patches applied!
[WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression
Patching iBEC
Extracting iBEC.d20.RELEASE.im4p (Firmware/dfu/iBEC.d20.RELEASE.im4p)...
payload decrypted
Compression detected, uncompressing (bvx2): ok
iBoot64Patch: Staring iBoot64Patch!
iOS 14 iBoot detected!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: Added unlock nvram patch!
iBoot64Patch: Added freshnonce patch!
iBoot64Patch: has_kernel_load is true!
iBoot64Patch: Added debugenabled patch!
iBoot64Patch: Added bootarg patch!
iBoot64Patch: Applying patch=0x180032878 : 000080d2
iBoot64Patch: Applying patch=0x1800328cc : 000080d2
iBoot64Patch: Applying patch=0x18001f8a8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18001f8f8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18006a36c : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x180038c64 : 1f2003d5
iBoot64Patch: Applying patch=0x180034248 : 200080d2
iBoot64Patch: Applying patch=0x180035854 : b8df3810
iBoot64Patch: Applying patch=0x1800a7448 : 72643d6d6430206e616e642d656e61626c652d7265666f726d61743d307831202d76202d726573746f72652064656275673d30783230313465206b65657073796d733d30783120616d66693d3078666620616d66695f616c6c6f775f616e795f7369676e61747572653d30783120616d66695f6765745f6f75745f6f665f6d795f7761793d3078312063735f656e666f7263656d656e745f64697361626c653d30783100
iBoot64Patch: Patches applied!
[WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression
Repacking patched iBSS as IMG4
Repacking patched iBEC as IMG4
Sending iBSS (1456228 bytes)...
Cleaning up...
[exception]:
what=ERROR: Unable to send iBSS component: Unable to upload data to device
code=43122756
line=658
file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp
commit count=291:
commit sha =19e30c014b2736ed9a5af08d95669a2dc8044bd3:
Done: restoring failed!
Another attempt with a different outcome
Last login: Mon Sep 19 00:44:03 on ttys000
(base) zyan910@Zyans-MBP ~ % cd /Users/zyan910/Downloads/sunst0rm-main
(base) zyan910@Zyans-MBP sunst0rm-main % python3 sunstorm.py -i /Users/zyan910/Downloads/sunst0rm-main/iPhone_4.7_P3_14.8_18H17_Restore.ipsw -t /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 -r -d D201AP
sunst0rm
Made by mineek
Some code by m1n1exploit
[] Extracting IPSW
[] Extracting RamDisk
rdsk
[] Mounting RamDisk
/dev/disk4 /Users/zyan910/Downloads/sunst0rm-main/work/ramdisk
[] Patching ASR in the RamDisk
getting get_asr_patch()
[] Image failed signature verification 0x14804c5e1
[] Image passed signature verification 0x14804c5bd
[] Assembling arm64 branch
[] Writing out patched file to work/patched_asr
[] Extracting ASR Ents
[] Resigning ASR
[] Chmoding ASR
[] Copying Patched ASR back to the RamDisk
[] Patching Restored External
file size: 1049440
getting get_skip_sealing_patch()
[] Skipping sealing system volume string at 0xb22fa
[] Skipping sealing system volume xref at 0x3129c
[] Skipping sealing system volume branch to xref at 0x3123c
[] Assembling arm64 branch
[] Writing out patched file to work/restored_external_patched
[] Extracting Restored External Ents
[] Resigning Restored External
[] Chmoding Restored External
[] Copying Patched Restored External back to the RamDisk
[] Detaching RamDisk
"disk4" ejected.
[] Creating RamDisk
Reading work/ramdisk.dmg...
IM4P outputted to: work/ramdisk.im4p
[] Extracting Kernel
Reading work/kernelcache.release.iphone10...
[NOTE] Image4 payload data is LZFSE compressed, decompressing...
Extracted Image4 payload data to: work/kcache.raw
[] Patching Kernel
main: Starting...
Kernel: Adding AppleFirmwareUpdate img4 signature check patch...
get_AppleFirmwareUpdate_img4_signature_check: Entering ...
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" str loc at 0x41522a
get_AppleFirmwareUpdate_img4_signature_check: Found "%s::%s() Performing img4 validation outside of workloop" xref at 0x12173e0
get_AppleFirmwareUpdate_img4_signature_check: Patching "%s::%s() Performing img4 validation outside of workloop" at 0x12173ec
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-7195 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x40a18e
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0x11b0270
get_amfi_out_of_my_way_patch: Patching AMFI at 0x11ac6e8
main: Writing out patched file to work/krnl.patched...
main: Quitting...
[] Rebuilding Kernel
Reading work/krnl.patched...
Compressing payload using LZSS...
IM4P outputted to: work/krnl.im4p
[] Done!
[?] Do you want to restore the device? (y/n)
y
[?] Are you in pwndfu with sigchecks removed? (y/n)
y
[*] Restoring Device
Version: v2.0.0-test(19e30c014b2736ed9a5af08d95669a2dc8044bd3-291)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket /Users/zyan910/Downloads/sunst0rm-main/2331690638442542_iPhone10,4_d201ap_15.5-19F77_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done
User specified to use latest signed SEP
Using cached SEP.
Checking if SEP is being signed...
Sending TSS request attempt 1... response successfully received
SEP is being signed!
User specified to use latest signed baseband
Downloading Baseband
Checking if Baseband is being signed...
[TSSR] User specified to request only a Baseband ticket.
Sending TSS request attempt 1... response successfully received
Baseband is being signed!
Downloading the latest firmware components...
Downloading SE firmware
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d201ap, iPhone10,4
Extracting BuildManifest from iPSW
Product version: 14.8
Product build: 18H17 Major: 18
Device supports Image4: true
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 3:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 4:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 5:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 6:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ISP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Liquid" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
failed verification with error:
[exception]:
what=verification failed!
code=84279308
line=1286
file=img4tool.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
[IMG4TOOL] checking buildidentity 7:
[IMG4TOOL] checking buildidentity matches board ... NO
[WARNING] NOT VALIDATING SHSH BLOBS IM4M!
[Error] BuildIdentity selected for restore does not match APTicket
BuildIdentity selected for restore:
BuildNumber : 18H17
BuildTrain : AzulSecuritySky
DeviceClass : d201ap
FDRSupport : YES
MobileDeviceMinVersion : 1253.100.1
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)
BuildIdentity is valid for the APTicket:
IM4M is not valid for any restore within the Buildmanifest
This APTicket can't be used for restoring this firmware
[WARNING] NOT VALIDATING SHSH BLOBS!
Variant: Customer Erase Install (IPSW)
This restore will erase all device data.
Device found in DFU Mode.
Sending iBSS (1456228 bytes)...
[==================================================] 100.0%
Booting iBSS, waiting for device to disconnect...
Booting iBSS, waiting for device to reconnect...
ApNonce pre-hax:
INFO: device serial number is C8QVNJWSJC67
Getting ApNonce in recovery mode... cb 61 1e 84 15 f9 08 62 bf 60 0b 89 78 98 8e 34 99 ce 54 ce e0 b6 86 11 65 26 da d2 80 20 f8 91
ApNonce from device doesn't match IM4M nonce, applying hax...
Writing generator=0x1111111111111111 to nvram!
Sending iBEC (1456228 bytes)...
[==================================================] 100.0%
Booting iBEC, waiting for device to disconnect...
Booting iBEC, waiting for device to reconnect...
APnonce post-hax:
Getting ApNonce in recovery mode... 27 32 5c 82 58 be 46 e6 9d 9e e5 7f a9 a8 fb c2 8b 87 3d f4 34 e5 e7 02 a8 b2 79 99 55 11 38 ae
Successfully set nonce generator: 0x1111111111111111
futurerestore(1217,0x305faf000) malloc: Heap corruption detected, free list is damaged at 0x600001e91b60
*** Incorrect guard value: 16629806333025528536
futurerestore(1217,0x305faf000) malloc: *** set a breakpoint in malloc_error_break to debug
[] Done!
[] Cleaning
[*] Done!
(base) zyan910@Zyans-MBP sunst0rm-main %
You need superuser permissions