+ Reply
Page 2 of 14 FirstFirst 1234 12 ... LastLast
Results 21 to 40 of 272

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Emergency SSH access using a pwn'd DFU mode RamDisk

is a discussion within the

General

forums, a part of the

Jailbreak / Downgrading / Upgrading

section;
thanx for share. good job.
...
  1. #21
    Banned
    Join Date
    May 2011
    Location
    1
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    thanx for share. good job.

  2. #22
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    ..ex...

    You're almost there. Hard to say where the issue is, could be your ssh client, the initial hash alogorithm, firewall, or ? Try a different ssh client and be sure to give it adequate time to generate the hash host encryption code.

  3. #23
    What's Jailbreak?
    Join Date
    May 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    i tried the other way with irecovery -f and all i get is the following

    irecovery -f 038-0900-005.dmg.ssh
    iRecovery - Recovery Utility
    by wEsTbAeR-- and Tom3q

    Got USB
    Got USB
    Found iPhone/iPod in Recovery mode

    Loaded image file (len: 0x32008c4, packets: 25602, last: 0xc4).
    Sending 0x32008c4 bytes
    Sending 0x800 bytes in packet 0... OK
    Error receiving status!
    Sending 0x800 bytes in packet 1... OK
    Error receiving status!
    Sending 0x800 bytes in packet 2... OK
    Error receiving status!
    Sending 0x800 bytes in packet 3... OK
    Error receiving status!
    Sending 0x800 bytes in packet 4... OK

    Getting more frustrated as I dont want to restore my iphone

    I will try everything on a mac this time and see what happens.

  4. #24
    What's Jailbreak?
    Join Date
    Jun 2011
    Posts
    20
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Mes View Post
    ..ex...
    Aloha

    another dumb question from me :-p

    is it possible to format completely the NAND of idevice 3gs, new bootroom?

    thanks

    jim

  5. #25
    Super Galactic Moderator Orby's Avatar
    Join Date
    Aug 2010
    Location
    Omicron Persei Eight
    Posts
    5,669
    Thanks
    40
    Thanked 569 Times in 520 Posts

    Quote Originally Posted by Lord_Jimmy View Post
    Aloha

    another dumb question from me :-p

    is it possible to format completely the NAND of idevice 3gs, new bootroom?

    thanks

    jim
    Don't know why you asked this question here, but yes. A DFU restore will completely reformat the user-accessible parts of the NAND. Tools such as iWipe will zero out the writable NAND for added security, if that's what you're asking for.

    There is one portion of the NAND, however; that is not user-writable (the SCFG, or System ConFiGuration--contains device-unique info such as serial number, UDID, et cetera). Only way you're wiping that is with a hammer and some hydrofluoric acid (or Apple factory-only tools).

  6. The Following User Says Thank You to Orby For This Useful Post:

    Lord_Jimmy (06-18-2011)

  7. #26
    What's Jailbreak?
    Join Date
    Jun 2011
    Posts
    20
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Orby View Post
    Don't know why you asked this question here, but yes. A DFU restore will completely reformat the user-accessible parts of the NAND. Tools such as iWipe will zero out the writable NAND for added security, if that's what you're asking for.

    There is one portion of the NAND, however; that is not user-writable (the SCFG, or System ConFiGuration--contains device-unique info such as serial number, UDID, et cetera). Only way you're wiping that is with a hammer and some hydrofluoric acid (or Apple factory-only tools).

    thanks for your quick reply :-)

    just feeling hopeless with my idevice
    3gs - restore needed - restart loops each few seconds?

    :-(( dats why im asking :-)
    Last edited by Lord_Jimmy; 06-18-2011 at 06:55 AM.

  8. #27
    What's Jailbreak?
    Join Date
    Jun 2011
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Howdy folks,

    I am trying to follow steps to get access to my iphone 4, but failed on step 6 and 7. I downloaded iOS 4.2.1 from apple, and step 6 finished without error. But, my iphone 4 didn't show Apple logo. Only white blank screen shows up. I ran step 7, but the following message comes up and itunnel_mux.exe just got stuck there.

    DData\download\Iphone_recovery\New folder>itunnel_mux.exe --lport 22
    [ERROR] locate_AMRecoveryModeDeviceSendFileToDevice: Could not locate marker string!
    [INFO] Waiting for new TCP connection on port 22

    Could you guys give any advice on this? Should I try with different iOS?

    Quote Originally Posted by lockelee View Post
    Howdy folks,

    I am trying to follow steps to get access to my iphone 4, but failed on step 6 and 7. I downloaded iOS 4.2.1 from apple, and step 6 finished without error. But, my iphone 4 didn't show Apple logo. Only white blank screen shows up. I ran step 7, but the following message comes up and itunnel_mux.exe just got stuck there.

    DData\download\Iphone_recovery\New folder>itunnel_mux.exe --lport 22
    [ERROR] locate_AMRecoveryModeDeviceSendFileToDevice: Could not locate marker string!
    [INFO] Waiting for new TCP connection on port 22

    Could you guys give any advice on this? Should I try with different iOS?
    Never mind folks. I found a way from msfyguys blog. One of comment there is as follows, and it worked!

    Btw, I couldn't run 'ls' from ssh now. I couldn't find it from /mnt1/bin and /usr/bin as well. Do you know where it is?

    @I)estym: 3.x and 4.x use devicetree files that aren't interchangeable. You need to use tetheredboot tool to get into a 'pwned' DFU mode (it does that when ran without arguments), then proceed with itunnel_mux thingie to load ibss, devicetree, ramdisk and kernelcache. Linkie here: Downloads - iphonetunnel-usbmuxconnectbyport - USB mux TCP tunneling and basic iRecovery functionality without libUSB - Google Project Hosting
    Last edited by lockelee; 06-23-2011 at 05:10 AM.

  9. #28
    What's Jailbreak?
    Join Date
    Jun 2011
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Guys,

    I finally get access to my iPhone 4, but couldn't see any photo from /mnt2/mobile/Media/Photos. I am wondering iOS4 has feature like encryption hiding photo files Or what I am seeing is real. Could anyone confirm /mnt2/mobile/Media/Photos should contain and show any photo file if there is?

  10. #29
    What's Jailbreak?
    Join Date
    Oct 2010
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    I'm sorry I'm kind of a n00b, who over the course of a weekend did not sync his iphone and had a friend of play with his iphone in the middle of a Cydia update. Now I'm stuck with the same problem as many with an iphone stuck on apple logo for a very very long time, and sometimes after rebooting it sticks to the apple logo then reboots after a couple of minutes, only to be stuck again on the apple logo. irecovery, iREB are not kicking it out of recovery, and I cannot access SSH with or without iphone tunnel suite.

    I'm trying your solution, thank you very much for the time you put in writing it.

    I have an iphone 4 fw4.2.1 bb1.59.00. After building a custom 4.2.1 with sn0wbreeze and unpacking it (iPhone3,1_4.2.1_8C148_Restore.ipsw), I was able to copy:
    iBSS.n90ap.RELEASE.dfu
    DeviceTree.n90ap.img3
    kernelcache.release.n90

    but i could not find : "Restore Ramdisk 038-0082-001.dmg"

    Also, I have two files, one is "038-0019-002.dmg" (580mb) and the other is "038-0032-002.dmg" (16.6mb), which one is the ramdisk?

    Thank you for any help!

  11. #30
    What's Jailbreak?
    Join Date
    Oct 2010
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    nevermind my post, I went here Jasper 8C148 (iPhone 4) - The iPhone Wiki and figured out that for 4.2.1 it was:

    Restore Ramdisk (038-0032-002.dmg)

    IV: 9b20ae16bebf4cf1b9101374c3ab0095
    Key: 06849aead2e9a6ca8a82c3929bad5c2368942e3681a3d57517 20d2aacf0694c0

    Thanks again for this amazing tutorial...I'm currently on the white screen step, just got into SSH with the alpine password in cygwin... thank you so much!!!

    Now time to figure out the disk mounting etc.. to access my data

  12. #31
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Congratulations . If the filesystem is good, mounting should be easy.

  13. #32
    What's Jailbreak?
    Join Date
    Oct 2010
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thanks for your reply. I m still stuck at the mounting. When i try to mounteither drive (sys or data; mnt1 or mnt2), i can see folders in the respective mnt1 or 2, but no data inside. Did i do something wrong? Is there a fix i missed?

    Thanks!!

    Ps: the congratulations should go for the very very well detailed post! It's much more clearer for a noob like me to follow than msftguy's one, which i m sure is great, but for me was like a foreign language!

  14. #33
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    These commands are necessary to mount the two filesystems (also in 1st post):

    to mount / (root) filesystem (contains system settings & files, MobileSubstrate dylibs)
    -sh-4.0# fsck_hfs /dev/disk0s1
    -sh-4.0# mount_hfs /dev/disk0s1 /mnt1/

    to mount /usr filesystem (everything else, IE: music, media, photos, apps, etc)
    -sh-4.0# fsck_hfs /dev/disk0s2s1
    -sh-4.0# mount_hfs /dev/disk0s2s1 /mnt2/

    To set the path correctly so you can easily navigate the filesystem:
    -sh-4.0# PATH=$PATH\:/mnt1/bin
    Your iPhone 4 w/4.2.1 may be different (but doubt it). I don't think you did anything wrong.

    This is not 'guaranteed' to work. If the commands execute successfully and nothing appears, then it's likely the file system is corrupt or deleted and nothing can be saved.

  15. #34
    Green Apple
    Join Date
    Aug 2008
    Posts
    80
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Default Ramdiskbuilder crash for windows
    Hi, my ramdisk builder under windows for 3GS 4.1 crashes. I do not have access to a MAC, how can I get it to work? I followed all the steps, but as soon as I start to build ramdisk it crashes. Please I need some help, I want retrieve my pics from 3GS very valuable.

  16. #35
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    It was a long experimental & investigative process creating the procedure for iOS 4.2.1 on Windows.
    There are changes necessary when applied to 4.1. Did you create a custom firmware, unzip, and
    copy the correct files?

  17. #36
    Green Apple
    Join Date
    Aug 2008
    Posts
    80
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Mes View Post
    It was a long experimental & investigative process creating the procedure for iOS 4.2.1 on Windows.
    There are changes necessary when applied to 4.1. Did you create a custom firmware, unzip, and
    copy the correct files?
    Yes I did, custom FW using sn0wbreeze.

  18. #37
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Did you download ramdiskbuilder from the post links and use the correct decrypting keys?
    Are you running with administrator privileges and have read/write access to everything?

    Ramdiskbuilder works fine on 4.1. Just re-checked the links and the procedure for iOS 4.1
    Last edited by Mes; 09-04-2011 at 01:33 PM.

  19. #38
    Green Apple
    Join Date
    Aug 2008
    Posts
    80
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Mes View Post
    Did you download ramdiskbuilder from the post links and use the correct decrypting keys?
    Are you running with administrator privileges and have read/write access to everything?

    Ramdiskbuilder works fine on 4.1. Just re-checked the links and the procedure for iOS 4.1
    Yes, I downloaded ramdiskbuilder from the post link, and used the decrypting keys for 4.1. I'm using Windows XP, ran with administrator priv. but still crahes. I even tried it with windows 7, with admin priveleges but still crashed. I'm able to decrpytion keys and select ramdisk, then after I get error message "Ramdisk encounter a problem, ramdiskbuilder closing etc...."
    Last edited by krod13; 09-04-2011 at 01:49 PM.

  20. #39
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    I just tested the procedure on my 3GS w/4.1 on Windows 7 without problems.
    018-7080-079.dmg
    IV: 214388b7e0589464bf59966524ae2ea4
    Key: 581f739963fc3fdbf70dfc695b35d43662a0069b501cb71526 4c32428e759cba
    RamdiskBuild created 018-7080-079.dmg.ssh

    Maybe the custom firmware is not really custom or it did not extract successfully ???
    Sorry, I don't know how to advise you further.

  21. #40
    Green Apple
    Join Date
    Aug 2008
    Posts
    80
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Mes View Post
    I just tested the procedure on my 3GS w/4.1 on Windows 7 without problems.
    018-7080-079.dmg
    IV: 214388b7e0589464bf59966524ae2ea4
    Key: 581f739963fc3fdbf70dfc695b35d43662a0069b501cb71526 4c32428e759cba
    RamdiskBuild created 018-7080-079.dmg.ssh

    Maybe the custom firmware is not really custom or it did not extract successfully ???
    Sorry, I don't know how to advise you further.
    Thank you for your quick reply, why do I have a different decrpytion keys
    IV:18eab1ba646ae018b013bc959001fbde
    Key: a0fc6ca4ef7ef305d975e7f881ddcc7f
    I think I had the wrong keys

LinkBacks (?)

  1. 07-26-2014, 10:06 PM
  2. 07-14-2014, 12:44 AM
  3. 06-24-2014, 12:13 AM
  4. 06-15-2014, 08:32 PM
  5. 06-04-2014, 11:14 AM
  6. 05-30-2014, 05:52 AM
  7. 05-27-2014, 05:18 AM
  8. 05-25-2014, 09:05 AM
  9. 05-03-2014, 04:47 AM
  10. 05-03-2014, 03:02 AM
  11. 04-23-2014, 11:42 AM
  12. 03-27-2014, 03:56 PM
  13. 03-08-2014, 08:41 PM
  14. 02-14-2014, 09:36 AM
  15. 02-05-2014, 02:56 PM
  16. 12-14-2013, 02:52 PM
  17. 12-06-2013, 10:41 PM
  18. 11-14-2013, 07:01 AM
  19. 10-24-2013, 09:05 AM
  20. 08-15-2013, 07:08 PM
  21. 07-18-2013, 01:28 PM
  22. 07-16-2013, 07:37 PM
  23. 07-14-2013, 08:08 AM
  24. 06-23-2013, 12:04 AM
  25. 05-21-2013, 04:10 AM
  26. 05-11-2013, 03:14 AM
  27. 05-05-2013, 07:07 AM
  28. 05-02-2013, 06:42 AM
  29. 02-24-2013, 06:29 PM
  30. 02-19-2013, 06:37 AM
  31. 02-13-2013, 01:34 PM
  32. 02-12-2013, 06:50 PM
  33. 02-02-2013, 08:02 AM
  34. 01-27-2013, 07:16 AM
  35. 01-09-2013, 02:44 PM
  36. 01-02-2013, 02:32 PM
  37. 12-28-2012, 08:42 AM
  38. 12-04-2012, 03:23 PM
  39. 12-03-2012, 03:12 PM
  40. 12-02-2012, 09:09 AM
  41. 11-20-2012, 08:00 AM
  42. 11-20-2012, 02:51 AM
  43. 10-23-2012, 02:02 AM
  44. 10-19-2012, 09:15 AM
  45. 09-27-2012, 08:26 PM
  46. 09-19-2012, 10:29 AM
  47. 09-19-2012, 05:19 AM
  48. 08-30-2012, 01:21 AM
  49. 08-29-2012, 08:25 AM
  50. 06-19-2012, 08:07 AM

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts