[SOLUTION] iPhone shut off during boot / Stuck Apple Logo

[wa2ruff]

No one is being an impatient beggar by asking how is progress is coming.

Checking and just seein what's goin on and how he's doin with updates is actually pretty fun to follow along with as he gets his project prepared for the masses on Windows.

Stop being a frickin *****.

Stop being an impatient ungrateful beggar. LOL, it's fun for you to follow along with how he is doing?? Spare us the BS. All you care about is his release, you aren't interested in what he is actually doing. You forgot to answer my question, do you understand anything at all that I highlighted in red?

He has been keeping everyone up to date with the progress, even his wife posted, but you didn't see the "it's done" post yet and that's all you care about.

To each his own I suppose

[iBeej]

It's 1:30am here and I'm still goin. lol. Look, here is the problem with this whole windows fiasco. I need to deliver a custom payload with the binaries from sbin, because those of you with a SHUT OFF at boot are beyond a reasonable doubt, MISSING them due to the SBIN package both Rock AND Cydia distibuted. This "sbin package" contains a binary installer file called a DEB file. The deb file which screwed up your sbin directory is called diskdev-cmds. Inside this diskdev-cmds package resides the actual critical binaries the phone used to boot. fsck, fsck_hfs, quotacheck, mount, and a few others. I had to build a payload with these files to repair your sbin directory. The payload is the easy part, but pushing them to the phone is a whole different story. To do it, you need jailbreak software which launches an "exploit" to gain access to the filesystem so we can save data to it.

Short of some very old jailbreaks from the past, the source code for making this happen is lock and key. The old programs won't work. And because your phone is so badly injured from the missing sbin binaries, the ONLY way to repair it is through a rejailbreak process at recovery and very low level. There are no other options. So I am forced to either develop a completely custom jailbreak of my own to deliver the payload (which would take a god awful amount of research and time, let alone testing) or piggyback off a current existing jailbreak like redsn0w, blackra1n, etc. Which one do you think makes more sense in the essence of time?

So here's the deal. Mac was easy because the payload was easily accessible in the form of compressed images with no coding required. They are compressed images outside of the running binary.

Windows on the other hand, it seems nearly every jailbreak developer embedded all these files in to the binary itself. They are not accessible outside of the program. Which is why I have to disassemble their programs and reverse engineer them. It's not an easy task by any means.

Sure I could look in to compiling a program based on OpenPWN, but then have to port it to windows because it's mac based. LOL. This is all about time and I'm trying to get this done as quickly and reliably as possible so you can get your phones working again without losing your data. That's why this windows bit has been a thorn in my side.

I have a feeling I'm just about there. After extracting payload images from Blackra1n, I was running in to even bigger problems trying to squeeze the sbin payload in to the executable using disadsemblers and hex editing programs. Anybody who has done this knows how tricky ADDING bytes to an EXE is due to sizing. This would be done by now if by some lucky chance, the payload I built was smaller than the payload compiled in to blackra1n. But that's not the case. I have to expand the EXE and then very carefully and painfully find any code bytes that reference buffer/image sizes and increase them accordingly. And I'm looking at nothing but assembly and hexadeximal. ONE character... Just ONE character mistyped or not fixed will cause the program to page fault when you try to run it. It's NOT forgiving in the slightest.

I was running in to this all night. But I have tracked down any references to size values and came to realize that I was banging my head in to a wall because geohot apparently packed the TAR.GZ itself in to the purple DMG image as well. So I have my payload, compressed in to a tar, then gzipped, and THEN it gets stuffed in to a DMG. Then I have to stuff the DMG file in to the exe with a hex editor, update all the size references for each layer of compression and then if that works, the whole EXE itself is then compressed! It will make your head spin.

I'm currently in the process of stuffing the DMG in to the EXE and if that goes well, I'm pretty much Scott free. I could have this out soon or tomorrow. So I'm close.

But don't quote me either. This is painstakingly slow and inherently complex. It's common to run in to weird new issues you never imagined you would run in to. I'm hoping to avoid those.

I'm close though. Real close. And if it works out, I will have a custom blackra1n which everybody seems to be using these days and it will work in most situations. Plus it's fast and all that jailbreaking legwork will be done for me.

Trust me, you don't want me doing it the hard way and from the ground up, because a fix for this would not happen anytime soon. Maybe I'm unaware of SOME tool, or SOME obscure program that would have made this easier and done by now. But I know a lot about this and haven't seen anything that will work.... Especially reliably. I'm pretty much stuck with what I've got and considering how involved this is, I'm making huge progress in stellar time. Just ask anybody who has done this before and they will shiver at the prospect.

I will keep you updated. As soon as it's done, there won't be a moments delay when this is posted. Just send me some good mojo vibes.

BEEJ

[rilloteddy]

First, thank you!:

...for the tremendous effort u seem to put in to fix this problem for so many people. I hope your Happy! =) (No irony!)
And u work in ingenious ways when not just solving problems but doing so with a clarity u don't see much of very often. And u can actually explain what you are doing in a relatively non-complex manner! Go teach!

(Normally I would shout-out "U ROOOCK! \m/" But that seem inappropriate...


Second, my iPhone!:

IF u have the time, please advice?

1.) iPhone OS 3.1.2
2.) Unlocked
3.) Blackra1n
4.) Mac, of course!
5.) Indeed
6.) Still stuck in Recovery boot-loop.

My payload is specifically targeted at the sbin corruption. So mostly for those experiencing a SHUT down at apple logo. However, I posted some instructions on my site with some pointers on fixing a stuck/rebooting problem by using SSH if the phone makes it that far. Most of the time it does. For those of you with a stuck/continuous reboot issue, this is a different problem from sbin. But it's fixable. Post output from iRecovery here and I'll see what I can do to help. I have ideas to deliver a payload to disable substrate. Even patch in a working kernel cache. Again just post some info and I'll see what I can conjure up for you.

I'm stuck in a recovery boot-loop. This has been my problem since the start of this. (lol, for what I've read there must be as many variants of this problem as there are iphone-owners with the mishap!)
My phone displays the "usb-itunes" logo and if I just leave it on it will autoboot(?) every 10-15 minutes from usb-itunes to applelogo to blackscreen to usb-itunes.
After your fix it tried to reboot but stuck at recovery mode, again.

What I've read my guess is it's the DYLIB-problem you have referred to?
I'm not sure about continuing with the ssh-thingy but would have your advice first.

This is my iRecovery-data:

[FTL:MSG] Apple NAND Driver (AND) RO
[NAND] Found Chip ID 0x3295DE987A on FMI0:CE0
[NAND] Found Chip ID 0x3295DE987A on FMI0:CE1
[NAND] Found Chip ID 0x3295DE987A on FMI1:C8
[NAND] Found Chip ID 0x3295DE987A on FMI1:CE9
[FTL:MSG] FIL_Init [OK]
[FTL:MSG] BUF_Init [OK]
[FTL:MSG] FPart Init [OK]
read new style signature 0x43313133 (line:375)
[FTL:MSG] VSVFL Register [OK]
[FTL:MSG] VFL Init [OK]
[FTL:MSG] VFL_Open [OK]
[FTL:MSG] YAFTL Register [OK]
[FTL:MSG] FTL_Open [OK]
Boot Failure Count: 2 Panic Fail Count: 0
Delaying boot for 0 seconds. Hit enter to break into the command prompt...
HFInitPartition: 0x4ffa1040
Kernelcache image not valid
Entering recovery mode, starting command prompt
(Recovery) iPhone$


Again, IF u have the time to advice I would appreciate it very very much. MANY thanx in advance!

P.S. Try to get some sleep now and then. U will think better then.... Hence, an even faster windows-fix!

Cheers!
/Richard
Stockholm, Sweden

[angryjeep]

BEEJ! You might be the best man on the entire interweb. Never have I seen such dedication and willingness to help out your fellow geeks. Do you forsee a problem in my using a pretty old, 1st gen iMac running osx 10.2.8?

1.) 3.1.2
2.) Unlocked
3.) Blackra1n
4.) Windows
5.) Yes but it's OLD... 1st gen iMac running OSX 10.2.8
6.) Will let you know ;o)

[ayeayre]

hi, you are a a legend! i am using
iphone 3G 3.0
locked
redsn0w
windows 7
yes have access to mac
I tried it before on the mac but now it keeps on rebooting after the apple logo and a white flash, so i thought it didn't work, then came home and read the part that there is a substrate DYLIB problem. just wondering if I can do the rest on my windows 7 or XP machine? I also have kubuntu linux 10.04, i can get access to the mac again but it would be easier/quicker if I can do it here.

Thanks in advance..

[tavita86]

Awesome job mate your a lifesaver


1.) 3GS 3.1.2
2.) Locked
3.) Blackra1n
4.) Windows
5.) Yes i have access to a mac but not for a few days
6.) Fingers crossed

Thanks heaps
David

[angryjeep]

I tried running Beej's modified redsn0w on my dusty old imac and I guess it's an Intel only application??? I also tried it on a G4 MacBook and it says "the application will no run on this system". Hmmm I've been wanting a macbook... maybe it's time to buy one.

Well, crap. Everything went exactly as described and after the progress bar got to 100%, the phone rebooted into a boot loop... just the apple logo, then a flash and back to the apple logo again, over and over. But hey, something different is progress! Something interesting, the phone will connect to irecovery but printenv just returns a blank prompt. The only command that seems to do anything is reboot.

[czxxx]

I tried running Beej's modified redsn0w on my dusty old imac and I guess it's an Intel only application??? I also tried it on a G4 MacBook and it says "the application will no run on this system". Hmmm I've been wanting a macbook... maybe it's time to buy one.

Well, crap. Everything went exactly as described and after the progress bar got to 100%, the phone rebooted into a boot loop... just the apple logo, then a flash and back to the apple logo again, over and over. But hey, something different is progress! Something interesting, the phone will connect to irecovery but printenv just returns a blank prompt. The only command that seems to do anything is reboot.

We seem to be in the same boat. It's nice to know I'm not alone.

iBeej has graciously been working with me a bit on a solution while he prepares his Windows version of the fix. Hopefully once he finishes that, he still has enough gas to help us.

[powermad]

I tried running Beej's modified redsn0w on my dusty old imac and I guess it's an Intel only application??? I also tried it on a G4 MacBook and it says "the application will no run on this system". Hmmm I've been wanting a macbook... maybe it's time to buy one.

Well, crap. Everything went exactly as described and after the progress bar got to 100%, the phone rebooted into a boot loop... just the apple logo, then a flash and back to the apple logo again, over and over. But hey, something different is progress! Something interesting, the phone will connect to irecovery but printenv just returns a blank prompt. The only command that seems to do anything is reboot.


Angryjeep... You went from saying you couldnt run the app on your mac to posting your results? I also cant run the app since both my macbook G4 and my imac G5 are not Intel. What did you do? Were you able to run it somehow? Did you buy a new Mac? Barrow a friends? Please be more specific as to how you went from point A to point B, PLEASE...

[angryjeep]

powermad,

The forum combined my posts since they were consecutive

I borrowed a co-worker's MacBook Pro. Nice machine! I wish they weren't so expensive. The mac must be a model with an Intel processor. Everything went according to Beej's instructions (the link on post #1). At the end of the RedSn0w app, you must follow what RedSn0w tells you to do to put your phone in DFU mode. If you don't get it the first time, you can hit back and try again. I'm confident that the /sbin is fixed, it's now just stuck in a boot loop.

[iBeej]

The windows version is finished!
The windows version is patched in to blackra1n and should work with most phones without a problem. But before I release it, please read the following:

However, I need a single tester, somebody who will be readily available today to work with me on MSN messenger to troubleshoot any problems. This is necessary because I don't have a broken phone.

The reason I need a tester, is because I slimmed the payload down a LOT, which is about 25% of it's size in the redsn0w package for Mac. This is because I am trying to ONLY send the binaries from diskdev-cmds. So there is no way for me to know whether or not the fewer binaries will fix it on it's own, or if I need to package up the whole sbin.

I did it this way to get this thing done. There is more work to do if I increase the payload size, because it makes disassembly much harder. Also, the version I have right now will install a broken blackra1n app on the springboard. (If it even shows up) This can be fixed by a standard blackra1n jailbreak, or just remove it through SSH.

Right now, I need somebody to test this who I can communicate with one-on-one through MSN. This person needs to be available for the day. AND, you absolutely, positively must be able to verify that your phone is SHUTTING OFF after 6-7 seconds during boot. (Not the stuck logo or rebooting issue)

Chances are, this will go well, and no further patches will need to be made. But if more /sbin binaries are required to be added to the payload, I will need this person to be available to test again.

Please let me know ASAP, i'm ready to go with this.

BEEJ

[sums]

Great!!!

I am sure u have nailed it!!!!


What assistance u need???

[iBeej]

Sums, is your iPhone SHUTTING OFF at boot? If so add my msn messenger [email protected].

Angryjeep, I added your hotmail as well. Please confirm and proceed to download the windows patcher. Communicate with me on IM.

Thanks,

BEEJ

[powermad]

angryjeep, Thanks for the clarification...

ibeej if you still need assistance I can work with you!

[f1ferrari]

How did the tests for the windows fix go so far?

[icegunner]

iBeej:

I too would be up for helping. I just hit this issue a couple of hours ago. If you need another tester, I'm available.

[angryjeep]

Good News! iBeej has made some fantastic progress with his relentless efforts to fix other peoples phones. Some people are experiencing a loop upon reboot after applying the mac or pc payload. iBeej has identified the problem as Rock/Cydia not installing diskdev-cmds correctly. I wish I was a little more knowlegeable and could explain it better, but most of this is way over my head! He asked me to let everyone know that he will be working on the fix and he will update as soon as it's tested. Keep in mind everyone that this may take a little time because it is a huge amount of data to sort through and his phones are working so he is taking on this tremendous task out of the kindness of his heart. Don't restore yet! It is looking very good!

[paulsgt]

Sounds like beej is almost there!! Thanks for doing all this!!!

I can also help, just let me know.

[Copyrighted]

1.) 3GS 3.1.2
2.) Unlocked
3.) Blackra1n
4.) Windows
5.) I don`t have access to a mac.

I`ll keep my phone crashed in boot logo untill this fix will be released to test it anyway.

[faithless-1]

Hi, I just registered here to say that iBEEJ is the best... I hope you get some rest too.

I have an iPhone 3GS 3.1.2, only jailbroken with BlackRa1n and using W7 and WXP with no access to mac.

If you need any extra tester tomorrow I will most probably (90% certain) be free (no work and so on that means) between 07-14, +0 time.

And also, Greetings to everyone here!