Using syringe to exploit the bootrom. Exploit sent! Preparing to load the ramdisk. Ramdisk load started! MobileDevice event: DfuDisconnect, 15201227, 4008930 MobileDevice event: DfuConnect, 15201227, 4008930 DFU device 'iPhone 4 (GSM) Rev A' connected Ignoring same device iPhone 4 (GSM) Rev A.
MacOS (10.12.6):
SSH ramdisk maker amp; loader, version 29-06-2013 git rev-04b
Produced possible thanks to Camilo Rodrigués (@Allpluscomputer)
Including xpwn source code by the Dev Group and pIanetbeing
Including syringé resource code by Chronic-Dév and pósixninja
syringe exploits by pod2g, geohot amp; posixninja
Special thanks tó iH8sn0w
dévice-infos supply: iphone-dataprotection
Review pests to [email protected]óm (@msftguy)
Produced possible thanks to Camilo Rodrigués (@Allpluscomputer)
Including xpwn source code by the Dev Group and pIanetbeing
Including syringé resource code by Chronic-Dév and pósixninja
syringe exploits by pod2g, geohot amp; posixninja
Special thanks tó iH8sn0w
dévice-infos supply: iphone-dataprotection
Review pests to [email protected]óm (@msftguy)
Extractéd resource to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/native/jsyringeapi.jnilib
Extracted source to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/native/muxredux.jnilib
Extracted source to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/native/muxredux.jnilib
Connect a device in DFU mode
MobileDevice occasion: DfuConnect, 1227, 10008930
DFU gadget 'Apple company TV 2G' connected
Developing ramdisk for device 'Apple TV 2G'
Extracted reference to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/allkeys.plist
Functioning dir arranged to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd
IPSW at http://appldnld.apple.com/AppleTV/041-4362.20120605.t8i4U/AppleTV2,15.0.29B830Restore.ipsw
Downloading Restore.plist
Missing processing of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Restore.plist, document already exists!
Restore.plist down loaded to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Restore.plist
Parsing Restore.plist.
Kernel file: kernelcache.discharge.e66
Restore ramdisk document: 038-4379-031.dmg
Downloading Firmware/dfu/iBSS.e66ap.RELEASE.dfu
Skipping refinement of /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBSS.k66ap.RELEASE.dfu, document already is present!
iBSS ready at /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBSS.k66ap.RELEASE.dfu
Downloading Firmware/dfu/iBEC.e66ap.RELEASE.dfu
Skipping handling of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBEC.t66ap.RELEASE.dfu, file already is available!
iBEC ready at /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBEC.e66ap.RELEASE.dfu
Downloading Firmware/allflash/allflash.t66ap.production/DeviceTree.k66ap.img3
Missing control of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/allflash/allflash.k66ap.production/DeviceTree.k66ap.img3, document already is available!
Gadget tree ready at /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/allflash/allflash.t66ap.manufacturing/DeviceTree.t66ap.img3
Downloading Firmware/allflash/allflash.t66ap.production/manifest
Missing processing of /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/allflash/allflash.t66ap.creation/manifest, document already is available!
Downloading kernelcache.launch.k66
Skipping developing of /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/kernelcache.discharge.e66, file already is available!
Kernel ready at /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/kernelcache.launch.k66
Downloading 038-4379-031.dmg
Missing developing of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/038-4379-031.dmg, file already exists!
Ramdisk prepared at /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/038-4379-031.dmg
Making use of syringe to expIoit the bóotrom.
Exploit delivered!
Preparing tó load the rámdisk.
Ramdisk Ioad began!
MobileDevice occasion: DfuConnect, 1227, 10008930
DFU gadget 'Apple company TV 2G' connected
Developing ramdisk for device 'Apple TV 2G'
Extracted reference to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/allkeys.plist
Functioning dir arranged to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd
IPSW at http://appldnld.apple.com/AppleTV/041-4362.20120605.t8i4U/AppleTV2,15.0.29B830Restore.ipsw
Downloading Restore.plist
Missing processing of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Restore.plist, document already exists!
Restore.plist down loaded to /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Restore.plist
Parsing Restore.plist.
Kernel file: kernelcache.discharge.e66
Restore ramdisk document: 038-4379-031.dmg
Downloading Firmware/dfu/iBSS.e66ap.RELEASE.dfu
Skipping refinement of /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBSS.k66ap.RELEASE.dfu, document already is present!
iBSS ready at /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBSS.k66ap.RELEASE.dfu
Downloading Firmware/dfu/iBEC.e66ap.RELEASE.dfu
Skipping handling of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBEC.t66ap.RELEASE.dfu, file already is available!
iBEC ready at /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/dfu/iBEC.e66ap.RELEASE.dfu
Downloading Firmware/allflash/allflash.t66ap.production/DeviceTree.k66ap.img3
Missing control of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/allflash/allflash.k66ap.production/DeviceTree.k66ap.img3, document already is available!
Gadget tree ready at /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/allflash/allflash.t66ap.manufacturing/DeviceTree.t66ap.img3
Downloading Firmware/allflash/allflash.t66ap.production/manifest
Missing processing of /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/Firmware/allflash/allflash.t66ap.creation/manifest, document already is available!
Downloading kernelcache.launch.k66
Skipping developing of /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/kernelcache.discharge.e66, file already is available!
Kernel ready at /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/kernelcache.launch.k66
Downloading 038-4379-031.dmg
Missing developing of /var/files/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/038-4379-031.dmg, file already exists!
Ramdisk prepared at /var/folders/p2/9xxhvcbj51j67gsylxy46th0000gn/T/sshrd/ipswappletv219B830/038-4379-031.dmg
Making use of syringe to expIoit the bóotrom.
Exploit delivered!
Preparing tó load the rámdisk.
Ramdisk Ioad began!