Page 4 of 14 FirstFirst ... 23456 ... LastLast
Results 61 to 80 of 272

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Emergency SSH access using a pwn'd DFU mode RamDisk

  1. #61
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Quote Originally Posted by Sn1p3r View Post
    ....I tried this on my iPhone 3G[S] iOS v3.1.2 but when executing the initial command I get this:
    CMD:>tetheredboot -i iBSS.n88ap.RELEASE.dfu -k kernelcache.release.n88 -r 038-0082-001.dmg.ssh
    .....
    Uploading iBSS.n88ap.RELEASE.dfu to device
    Unable to upload iBSS
    Unable to find device
    ...
    This is expected. You're using 4.2.1 files on a 3.1.2 device.

    Quote Originally Posted by Narcotic71428 View Post
    ....So I think that it can also work on iOS 4.3.3 firmware. But what I need is the 038-1449-003.dmg.ssh (decrypted and rebuilt)....
    I manually built the 4.3.3 ramdisk but have not finished testing. I would be willing to provide it for testing.
    Last edited by Mes; 09-07-2011 at 08:54 AM.

  2. #62
    Hi Mes,

    I'm trying to use your walkthrough guide but I encountered few issues.
    I have an iPhone 4 using iOS 4.3.3 firmware but I am using iOS 4.2.1 Restore Ramdisk (038-0032-002.dmg) file ('cause RamdiskRebuilder doesn't work with iOS 4.3.3 Restore Ramdisk file).
    I have to use 6a and 6b. But 6b stops at : "[INFO] Kernelcache kernelcache.release.n90 loaded".
    I have to "terminate" it with CTRL+C and then launch the "itunnel_mux --lport 22" command.
    Then using Cygwin I try to ssh the device and mount the filesystems but I can't see anything. When typing "ls", the command is not found???
    I don't just get it! What is wrong?
    Thanks in advance if you could answer me.

  3. #63
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Looks like you're in . If you can't mount the filesystem most commands will be unavailable.
    I would fix the Ctrl-C issue. Indicates something isn't working right. Anything after that point is suspect.

    Note: If tetheredboot (step 6) works, steps 6a and 6b are not used.
    Note2: If tetheredboot fails, power off the phone and start over.
    Last edited by Mes; 09-07-2011 at 09:35 AM.

  4. #64
    Thank you very much Mes for your reply.

    Ok! I have to explain myself a bit more. When I use tetheredboot (step 6) only, everything works fine but the device's screen stays white and doesn't show the "snowbreeze apple" and I hear the noise of the device pluging out...
    Otherwise when using steps 6a and 6b I managed to have the "snowbreeze apple" but step 6b hangs at the end so I have to "terminate" it with CTRL+C. Then I can start an SSH session "normally".

    I keep on trying to use step 6 only (by powering off the device and starting over and over) but in the end I only get the white screen and I am not able to start an SSH session.
    So I'll try to stick with the 6a and 6b steps but I think you're right I am not able to mount the filesystems...

    I was thinking about something else... is it a problem that I use an iPhone 4 with iOS 4.3.3 and trying to ssh with the Ramdisk of iOS 4.2.1?
    I read on other different topics that with xpwntool under Win 7 it is possible to decrypt the Restore Ramdisk put-in the content of the ssh.tar archive and rebuild the Ramdisk.
    But I didn't find where to download a xpwntool version which works under Win 7 and I don't know how to decrypt/rebuild the Ramdisk with these tools.

    Ok! Thanks again Mes for your reply.
    I'll try to figure out a bit by myself but I am not confident in any progress.
    And if anyone could explain me different things about xpwntool (or have a link to another topic) under Win 7 I would be really grateful.

  5. #65
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Quote Originally Posted by Narcotic71428 View Post
    ...Ok! I have to explain myself a bit more. When I use tetheredboot (step 6) only, everything works fine but the device's screen stays white and doesn't show the "snowbreeze apple" and I hear the noise of the device pluging out.......
    A white screen is normal during tethered boot load. After it's loaded and starts to run, a white apple and progress bar appears. It changes back to a white screen after a connection is made with itunnel_mux.

    Once ssh is working, all ssh connection options should work.
    Last edited by Mes; 09-07-2011 at 10:36 AM.

  6. #66
    Thanks again Mes for your reply!
    I've got news! Really good news : IT'S WORKING!!! somehow...
    Actually I am using the ssh program Tunnelier which has a terminal interface and an Explorer GUI. So it is really userfriendly for those who are struggling with Cygwin.
    At first sight mounting filesystems wasn't working but... all I had to do was refreshing the explorer in the mnt2 folder "et voilą !" everything showed up.

    So thank you very much Mes for everything (I am saving all my data, photos, calendar, address book, text messages... right now) it's a relief that I can have access to these files.

    And good luck to those who are struggling recovering their precious data.

  7. #67
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    No problem.

  8. #68
    Green Apple
    Join Date
    Jun 2010
    Location
    Broken Christchurch - New Zealand
    Posts
    38
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Mes View Post
    This is expected. You're using 4.2.1 files on a 3.1.2 device.
    So if I try this with a v3 iOS file it might work?
    Sn0wbreeze does not work with v3 of the iOS.
    iFaith apparently does but it requires the SHSH blobs to create a custom IPSW. Since I do not have the 3.1.2 SHSH blobs do you think it will work with iOS v3.1.3?

  9. #69
    Quote Originally Posted by Sn1p3r View Post
    Sn0wbreeze does not work with v3 of the iOS.
    Wrong there's a beta version of Sn0wBreeze which jailbreaks ios 3.1.2...
    You can find an MU link easily when googling "Snowbreeze 3.1.2"...

    Good luck!

  10. #70
    Green Apple
    Join Date
    Jun 2010
    Location
    Broken Christchurch - New Zealand
    Posts
    38
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by Narcotic71428 View Post
    Wrong there's a beta version of Sn0wBreeze which jailbreaks ios 3.1.2...
    You can find an MU link easily when googling "Snowbreeze 3.1.2"...

    Good luck!
    Thanks for the information, I was going by the official Sn0wbreeze homepage.
    So I downloaded the software, created a custom ipsw and extracted the required files.

    Unfortunately when trying to create the SSH build with 018-6051-014.dmg the app "RamdiskBuilder" crashes.
    Last edited by Sn1p3r; 09-08-2011 at 05:47 AM. Reason: Update after execution

  11. #71
    This is strange: it should work with whatever version under iOS 4.3...
    Ok! I'll give it a shot.
    Otherwise you can try to unpack - copy ssh.tar - repack the dmg file with xpwntool.
    If you need a walktrough I can write it for you!

    Good luck!

    EDIT
    I downloaded the ipsw for 3GS jailbroke it extracted the dmg file but no luck RamdiskRebuilder crashes.
    Last edited by Narcotic71428; 09-08-2011 at 06:55 AM.

  12. #72
    Green Apple
    Join Date
    Jun 2010
    Location
    Broken Christchurch - New Zealand
    Posts
    38
    Thanks
    9
    Thanked 0 Times in 0 Posts

    I'm runngin Win7 x64 but that shouldn't be the problem as I was able to create the v4.1 SSH without any issues.

    Any help would be appreciated.

    A side note, I noticed that inside the ipsw the kernelcache.release.n88 file wasn't available but there was a kernelcache.release.s5l8920x.

  13. #73
    Quote Originally Posted by Sn1p3r View Post
    I'm runngin Win7 x64 but that shouldn't be the problem as I was able to create the v4.1 SSH without any issues.
    This should be ok.

    Quote Originally Posted by Sn1p3r View Post
    A side note, I noticed that inside the ipsw the kernelcache.release.n88 file wasn't available but there was a kernelcache.release.s5l8920x.
    Right I just noticed it too. But I don't know if it really matters...

    Ok I made it! I downloaded a custom firmware (from a 2shared site, if you need a link MP me) for iPhone 3GS iOS 3.1.2 and RamdiskRebuilder worked flawlessly. So I've got the 018-6051-014.dmg.ssh file.
    Since I don't own an iPhone 3GS but only an iPhone 4, I can't go further to help you.

    Good luck!

  14. The Following User Says Thank You to Narcotic71428 For This Useful Post:

    Sn1p3r (09-10-2011)

  15. #74
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    A ramdisk should be built for each version. Sharing may be possible between minor versions (4.0, 4.0.1) but it's risky. Be safe, create a ramdisk.

  16. #75
    Quote Originally Posted by Mes View Post
    No. It's 50% or so different for 3.x. I put a 3.x link in post #1. Not tested yet
    Hi Mes, well I got my power button put my 3GS in DFU mode, now what. I opened the cmd window as admin. now how do I change the directory to execute tetherboot? Can I execute by clicking tetherboot.exe. I'm a bit lost because I'm looking at the images on page 1.

  17. #76
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Right click on the 'directory' that contains tetheredboot and select "open command window here"

    .... or ....

    Start/Run/cmd .... and change directory to the tetheredboot directory

    @krod13. Good, a power button. Note: This thread is for experienced users.

  18. The Following User Says Thank You to Mes For This Useful Post:

    krod13 (09-08-2011)

  19. #77
    Thanks Mes, will do.

  20. #78
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    No problem. Good luck

  21. #79
    Mes, the tetherboot.exe and other programs are on my usb(D). Can it still be done?

  22. #80
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    No problem as long as 'everything' is in the same directory.

Page 4 of 14 FirstFirst ... 23456 ... LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •