Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stuck on "Ramdisk load started!" #25

Open
ghost opened this issue Sep 28, 2017 · 13 comments
Open

Stuck on "Ramdisk load started!" #25

ghost opened this issue Sep 28, 2017 · 13 comments

Comments

@ghost
Copy link

ghost commented Sep 28, 2017
edited by ghost
Loading

iPhone 4 CDMA on 7.1.2, anyone know of a solution? I read the update log or whatever and it said iP4 CDMA support had been added, but it's not working. Thank you!
@ghost
Copy link
Author

ghost commented Oct 7, 2017

Same here...

Been trying to recover some photos off this 3GS for a few weeks.

@ghost
Copy link
Author

ghost commented Oct 7, 2017 via email

@haiyuidesu
Copy link

Disconnect and reconnect.

@dvdblk
Copy link

dvdblk commented Sep 18, 2018

Disconnect and reconnect.
@Yumistar

Ramdisk load started!
MobileDevice event: DfuDisconnect, 1227, 2008930

This happens when I disconnect and reconnect the usb (notice that there is no connection event). I am using a jailbroken 5.1.1 iPad 1st gen.

@haiyuidesu
Copy link

Nani?
Why exploiting ssh_rd if you're jailbroken ?
Anyways, Try on another the USB port, else try on another laptop.

@dvdblk
Copy link

dvdblk commented Sep 19, 2018

Unfortunately the iPad screen is broken so that's why I'm trying to ssh into it. Yeah probably has to do something with the iTunes version. Thanks regardless.

@Saransh-255
Copy link

For me. after the ramdisk load starts, i get an error that "the device is not recognised" and then it stops

@Saransh-255
Copy link

ok , update. It gets stuck at "Ramdisk load started" now. I dont know if it is getting me anywhere near fixing it. Can anyone help?

@Saransh-255
Copy link

I reconnected it and it has recognised it but it just says: " Ignoring same device Iphone 4 (GSM)

@bass9030
Copy link

bass9030 commented Sep 4, 2021
edited
Loading

same here too.
Device: iPhone 4(A1332, iPhone3,1)
OS: Windows XP 32bit on real machine(Pentium E6300, 1GB ram)

in my case, after show "Ramdisk load started!" and
showed log on GUI:

...
Ramdisk load started!
MobileDevice event: DfuDisconnect, 1227, 8930
MobileDevice event: DfuConnect, 1227, 8930
DFU device 'iPhone 4 (GSM)' connected
Ignoring same device iPhone 4 (GSM)
MobileDevice event: DfuDisconnect, 1227, 8930
MobileDevice event: RecoveryConnect, 1281, 8930
MobileDevice event: RecoveryDisconnect, 1281, 8930
Almost there..
MobileDevice event: RecoveryConnect, 1281, 8930
MobileDevice event: RecoveryDisconnect, 1281, 8930
Almost there..
MobileDevice event: RecoveryConnect, 1281, 8930

At command prompt, showed logs:

...
RestoreProgress: dev=14DE3738, op=0 progress=98 ctx=152A24F0
RestoreProgress: dev=14DE3738, op=0 progress=99 ctx=152A24F0
RestoreProgress: dev=14DE3738, op=0 progress=100 ctx=152A24F0
RestoreProgress: dev=14DE3738, op=0 progress=4294967295 ctx=152A24F0

(sorry for my dirty English. I'm Korean, so i write this text as a translator)

@BaconTriple
Copy link

Did anyone have any results or fixes for this in the end?

@FrederickGeek8
Copy link

Hey there. I think maybe have a solution for you all. In mux_redux/itmd.c we log to the file /tmp/md.log. After the RecoveryConnect event, you can see the following in the logs

2023-05-21 14:00:32.000 java[54483:1ea03]: amai: AMAuthInstallPlatformCreateBufferFromNativeFilePath: open failed: No such file or directory
2023-05-21 14:00:32.000 java[54483:1ea03]: amai: AMAuthInstallPlatformCreateBufferFromNativeFilePath: /var/folders/sw/rjkzvfjx5gsdq42bpy8qzlrr0000gn/T/ssh_rd/ipsw_ipod11_7E18/BuildManifest.plist
2023-05-21 14:00:32.000 java[54483:1ea03]: amai: AMAuthInstallBundleCopyPublishedVariantsArray: No build manifest. Checking for a different file.
2023-05-21 14:00:32.000 java[54483:1ea03]: amai: AMAuthInstallPlatformCreateBufferFromNativeFilePath: open failed: No such file or directory
2023-05-21 14:00:32.000 java[54483:1ea03]: amai: AMAuthInstallPlatformCreateBufferFromNativeFilePath: /var/folders/sw/rjkzvfjx5gsdq42bpy8qzlrr0000gn/T/ssh_rd/ipsw_ipod11_7E18/BuildManifesto.plist

You may be able to see where this is going... For some reason the file BuildManifesto.plist is missing from the firmware folder in the ssh_rd temp directory. To solve this, you can extract BuildManifesto.plist from the IPSW file by copying it, renaming it to have the extension .zip and extracting BuildManifesto.plist from the top level of the IPSW. You can place it in the extracted firmware folder, in my case ssh_rd/ipsw_ipod11_7E18, that has the .dec, .orig and .p files. Note that you can find the temp directory that is logged at the beginning and throughout the logs in the Java GUI window.

If you did not already have that temporary directory created, you will have to boot your device into DFU mode, let the application run and get stuck, copy that file into the directory, and relaunch the Java program and put your device into DFU again.

Unfortunately I think in trying to get a custom SSH Ramdisk with dd working, I may have botched my filesystem which is really disappointing. But this should be able to get the SSH Ramdisk running on your device! Before I botched it, I was able to run mount.sh and other included commands.

@FrederickGeek8 FrederickGeek8 mentioned this issue May 21, 2023
Open
@dvdblk
Copy link

dvdblk commented Jul 12, 2023

Hey @FrederickGeek8, thanks a lot for discovering the missing piece and sharing your repo! 🥳 I have tried to run it on my old iPad but after following the instructions it failed on the 'Sending fake data' step with a SIGSEGV coming from irecv_control_transfer in jsyringeapi.jnilib.

Have you encountered something similar? I don't think you changed anything in the jsyringeapi.c that would cause this, so unfortunately for me, it might be device specific.

Logs from Eclipse:

Waiting for new TCP connection on port 2022
Waiting for device...
Initializing libpois0n
No matching processes belonging to you were found
Waiting for device to enter DFU mode
opening device 05ac:1227...
Found device in DFU mode
Checking the device type
Preparing to upload limera1n exploit
Resetting device counters
Sending chunk headers
Sending exploit payload
Sending fake data
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x000000012b93c2c9, pid=54555, tid=62467
#
# JRE version: OpenJDK Runtime Environment Homebrew (20.0.1) (build 20.0.1)
# Java VM: OpenJDK 64-Bit Server VM Homebrew (20.0.1, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, bsd-amd64)
# Problematic frame:
# C  [jsyringeapi.jnilib+0x32c9]  irecv_control_transfer+0x49
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# .../java/hs_err_pid54555.log
#
# If you would like to submit a bug report, please visit:
#   https://github.com/Homebrew/homebrew-core/issues
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
Checking if device is compatible with this jailbreak
Identified device as iPad1,1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@FrederickGeek8 @dvdblk @haiyuidesu @bass9030 @Saransh-255 @BaconTriple