BugTracker icon indicating copy to clipboard operation
BugTracker copied to clipboard
verified publisher icon checkra1n

checkra1n no longer working on 14.5+ w/ iPad Air 2

Open mbesemann opened this issue 5 years ago • 7 comments

Tell us about your setup:

  1. What iDevice are you using? iPad Air 2
  2. On what version of iOS is it? 14.5 or 14.6 beta 1 (both have same error)
  3. What version of checkra1n are you using? 0.12.3
  4. What is your host system (OS version? Hackintosh? VM? etc.)? Tested on macOS big sur / Ubuntu 20.04 / odysseyn1x
  5. How are you connecting to the device (USB-A? USB-C? Apple/3rd party cable? Through a USB hub?)? USB-A first party cable What are the steps to reproduce the issue? Try to jailbreak normally and never see the pongoOS boot screen, instead the device just boots normally and checkra1n eventually shows usbmux error -79 (Linux) or timed out while uploading bootstrap (macOS) once I reach the home screen.

What do you expect, and what is happening instead? Normal jailbreak (was working on 14.4 with 0.12.2)

Did you see a popup on the device stating it entered "Safe Mode" due to an error? No

Does the issue also occur if you tick "Safe Mode" in the checkra1n options? Yes

Any other info, error logs, screenshots, ...? Tried a full restore, also tried 14.6 beta 1 but the same error occurs. Tried different lightning cables, USB ports, and 2 different machines.

mbesemann avatar Apr 30 '21 17:04 mbesemann

A8X truly is the enigma chip... I've had tons of people report this exact same issue with 0.12.1 and 0.12.2 and I could never reproduce it, but many said it was somehow fixed in 0.12.3.
Now you show up with the exact opposite... I really don't know what to make of this.

Siguza avatar May 02 '21 00:05 Siguza

Strange - I guess I’ll just revert to 14.4.2 for now and wait until someone finds a solution (hopefully I can still jb on that firmware!)

mbesemann avatar May 02 '21 03:05 mbesemann

Strange - I guess I’ll just revert to 14.4.2 for now and wait until someone finds a solution (hopefully I can still jb on that firmware!)

Are you able to? It's really a hit and miss for me as of now. It's on iOS 14.4.2, fresh restore, literally doesn't want to work now. Before it worked just fine with 0.12.3 but not 0.12.2. It's really a mess LMAO.

MemeDaddyXI avatar May 02 '21 12:05 MemeDaddyXI

Are you able to? It's really a hit and miss for me as of now. It's on iOS 14.4.2, fresh restore, literally doesn't want to work now. Before it worked just fine with 0.12.3 but not 0.12.2. It's really a mess LMAO.

Nope, it's actually not working anymore even on 14.4.2 :( It gets to the part of the boot process where you'd normally see pongoOS appear on screen, but instead the apple logo just disappears for a second and comes back. I even tried reverting to checkra1n 0.12.2, but now that version segfaults when it tries to jailbreak. Maybe it has to do with an update to the macOS kernel? I tried again on Linux and it doesn't work there either (usually error -79).

mbesemann avatar May 03 '21 02:05 mbesemann

@Siguza for reference, here is a verbose log of a run on macOS 11.3:

- [05/02/21 22:48:35] <Info>: Waiting for DFU devices
 - [05/02/21 22:48:52] <Verbose>: DFU mode device found
 - [05/02/21 22:48:52] <Info>: Exploiting
 - [05/02/21 22:48:52] <Verbose>: Attempting to perform checkm8 on 7001 1...
 - [05/02/21 22:48:52] <Info>: Checking if device is ready
 - [05/02/21 22:48:52] <Verbose>: == Checkm8 Preparation stage ==
 - [05/02/21 22:48:52] <Verbose>: DFU device disconnected
 - [05/02/21 22:48:52] <Verbose>: DFU mode device found
 - [05/02/21 22:48:52] <Info>: Setting up the exploit (this is the heap spray)
 - [05/02/21 22:48:52] <Verbose>: == Checkm8 Setup stage ==
 - [05/02/21 22:48:52] <Info>: Right before trigger (this is the real bug setup)
 - [05/02/21 22:48:52] <Verbose>: Entered initial checkm8 state after 3 steps, issuing DFU abort..
 - [05/02/21 22:48:53] <Verbose>: DFU device disconnected
 - [05/02/21 22:48:53] <Verbose>: DFU mode device found
 - [05/02/21 22:48:53] <Verbose>: == Checkm8 Trigger stage ==
 - [05/02/21 22:48:53] <Verbose>: Checkmate!
 - [05/02/21 22:48:53] <Verbose>: DFU device disconnected
 - [05/02/21 22:48:53] <Verbose>: DFU mode device found
 - [05/02/21 22:48:53] <Verbose>: == Checkm8 Trying to run payload... ==
 - [05/02/21 22:48:53] <Verbose>: If everything went correctly, you should now have code execution.
 - [05/02/21 22:48:53] <Verbose>: DFU device disconnected
 - [05/02/21 22:48:54] <Info>: Entered download mode
 - [05/02/21 22:48:54] <Verbose>: Download mode device found
 - [05/02/21 22:48:54] <Info>: Booting...
 - [05/02/21 22:48:54] <Verbose>: Setting bootargs to: rootdev=md0
 - [05/02/21 22:48:55] <Verbose>: Download mode device disconnected
 - [05/02/21 22:50:23] <Error>: Timed out waiting for bootstrap upload (error code: -20)

Is it normal for the DFU device to disconnect before entering download mode?

Here is a run on Linux:

 - [05/02/21 22:52:30] <Info>: Waiting for DFU devices
 - [05/02/21 22:52:30] <Verbose>: using libusb hotplug API
 - [05/02/21 22:52:30] <Verbose>: DFU device connected: 348c628d14826
 - [05/02/21 22:52:30] <Info>: Exploiting
 - [05/02/21 22:52:30] <Verbose>: Attempting to perform checkm8 on 7001 1...
 - [05/02/21 22:52:30] <Info>: Checking if device is ready
 - [05/02/21 22:52:30] <Verbose>: == Checkm8 Preparation stage ==
 - [05/02/21 22:52:30] <Info>: Setting up the exploit (this is the heap spray)
 - [05/02/21 22:52:30] <Verbose>: == Checkm8 Setup stage ==
 - [05/02/21 22:52:30] <Verbose>: Disabled probabilistic mode since we encountered a partial xfer
 - [05/02/21 22:52:30] <Verbose>: Deterministic approach was successful!
 - [05/02/21 22:52:30] <Info>: Right before trigger (this is the real bug setup)
 - [05/02/21 22:52:30] <Verbose>: Entered initial checkm8 state after 0 steps, issuing DFU abort..
 - [05/02/21 22:52:30] <Verbose>: libusb: waiting for USB events
 - [05/02/21 22:52:31] <Verbose>: DFU device connected: 348c628d14826
 - [05/02/21 22:52:31] <Verbose>: == Checkm8 Trigger stage ==
 - [05/02/21 22:52:31] <Verbose>: Checkmate!
 - [05/02/21 22:52:31] <Verbose>: DFU device connected: 348c628d14826
 - [05/02/21 22:52:31] <Verbose>: == Checkm8 Trying to run payload... ==
 - [05/02/21 22:52:32] <Verbose>: If everything went correctly, you should now have code execution.
 - [05/02/21 22:52:33] <Info>: Entered download mode
 - [05/02/21 22:52:33] <Verbose>: Download mode device found
 - [05/02/21 22:52:33] <Info>: Booting...
 - [05/02/21 22:52:33] <Verbose>: Setting bootargs to: rootdev=md0
 - [05/02/21 22:52:55] <Error>: libusb: Failed to get active config descriptor: LIBUSB_ERROR_NOT_FOUND

I should mention for the Linux run above I had downgraded to 0.12.2, after updating I got failed to connect / error -79 instead.

mbesemann avatar May 03 '21 02:05 mbesemann

https://github.com/checkra1n/BugTracker/issues/2118#issuecomment-863158777 This fixed my problems with my A9X iPad Pro 1st Gen

sabogalc avatar Jul 24 '21 07:07 sabogalc

Try using checkra1n on an Intel PC, my AMD one usually cause error 79 and 20. My intel laptop works like a charm.

NgDTien avatar Sep 05 '22 15:09 NgDTien