?? about palera1n HOT 88 CLOSED

You need to compile it

https://github.com/planetbeing/libdmg-hfsplus

from palera1n.

I replaced the binary with a known working one, @rubensalbukrk and @ebzrvf please reclone the repo and try again.

from palera1n.

[] Cleaning up work directory [] Booting ramdisk [] Getting device info... this may take a second [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [] Device should now show text on screen [*] Waiting for the ramdisk to finish booting

Mine was just stuck here, the device (2017 ipad pro 10.5) booted, i don't know if it jailbroke successfully. Tips app is still Tips.

me too :D

from palera1n.

yep, seems like the ramdisk.tar.gz is messed up. ill look into this a bit more

from palera1n.

Use sudo

from palera1n.

Use sudo

ok wait

from palera1n.

Use sudo

ebzrvf@ebzrvrf:~/Desktop/palera1n$ sudo ./palera1n.sh
palera1n | Version 1.0.0
Written by Nebula | Some code and ramdisk from Nathan | Patching commands and help from Mineek | Loader app by Amy

Hello, iPhone9,4 on 15.4.1!
[*] Switching device into recovery mode...
ERROR: Unable to connect to device
ebzrvf@ebzrvrf:~/Desktop/palera1n$

from palera1n.

again again :(

from palera1n.

Run these:

sudo systemctl stop usbmuxd
sudo usbmuxd -p -f

from palera1n.

Run these:

sudo systemctl stop usbmuxd
sudo usbmuxd -p -f

ebzrvf@ebzrvrf:~/Desktop/palera1n$ sudo ./palera1n.sh
[sudo] password for ebzrvf:
palera1n | Version 1.0.0
Written by Nebula | Some code and ramdisk from Nathan | Patching commands and help from Mineek | Loader app by Amy

Hello, iPhone9,4 on 15.4.1!
[*] Switching device into recovery mode...
ERROR: Unable to connect to device
ebzrvf@ebzrvrf:~/Desktop/palera1n$

again :/

from palera1n.

maybe i have to install the another package?? or what

from palera1n.

try in mode dfu
./palera1n.sh --dfu your ios version --debug

from palera1n.

try in mode dfu ./palera1n.sh --dfu your ios version --debug

it works but:

Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-7195 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x9015f7
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xfc6f30
get_amfi_out_of_my_way_patch: Patching AMFI at 0xfc1df8
main: Writing out patched file to work/kcache.patched...
main: Quitting...
krnl
dtre
rtsc
rdsk
error: allocate
error: Success
[-] An error occurred
ebzrvf@ebzrvrf:~/Desktop/palera1n$

from palera1n.

me too :D

from palera1n.

me too :D

:D

from palera1n.

As I said in another issue, seems like an issue with hfsplus.

from palera1n.

I installed the package hfsplus too :D

from palera1n.

I installed the package hfsplus too :D

me too :DDDDDDDDD

from palera1n.

Installing hfsplus won’t fix the issue since we use prebuilt binaries. If you want to try, you can remove "$oscheck"/ from the hfsplus lines in ramdisk/sshrd.sh.

from palera1n.

Installing hfsplus won’t fix the issue since we use prebuilt binaries. If you want to try, you can remove "$oscheck"/ from the hfsplus lines in ramdisk/sshrd.sh.

Ok thx i try it

from palera1n.

Installing hfsplus won’t fix the issue since we use prebuilt binaries. If you want to try, you can remove "$oscheck"/ from the hfsplus lines in ramdisk/sshrd.sh.

./sshrd.sh: line 156: hfsplus: command not found

from palera1n.

Then you don’t have hfsplus installed

from palera1n.

Then you don’t have hfsplus installed

Thank you. I can't find hfsplus package for Arch Linux, so I just installed hfsplus package in Ubuntu guest machine, via "sudo apt install hfsplus", but terminal says "hfsplus: not found".
Seems we cannot execute command like "hfsplus xxxxx" in Ubuntu.

from palera1n.

You need to compile it

https://github.com/planetbeing/libdmg-hfsplus

Thank you so much. It works.

from palera1n.

That fixed the error? Can you send the binary please

from palera1n.

You need to compile it

https://github.com/planetbeing/libdmg-hfsplus

i try now

from palera1n.

That fixed the error? Can you send the binary please

https://drive.google.com/file/d/1SK6BRjcYXjpADADyKGzR_QTCOGsP9rTQ/view?usp=sharing
Complied it and executed on Arch Linux

from palera1n.

=========================>]
download succeeded
./sshrd.sh: 108: Syntax error: "then" unexpected
[-] An error occurred
rubens@rubensdev:~/palera1n$

from palera1n.

download succeeded
usb_timeout: 5
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000E415818EAED26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
usb_timeout: 5
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000E415818EAED26 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[gaster]
Found the USB handle.
Now you can boot untrusted images.
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
main: Starting...
iOS 14 iBoot detected!
getting get_debug_enabled_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x1800c2d88 : 000080d2
applying patch=0x1800c2ddc : 000080d2
applying patch=0x1800c4758 : 200080d2
main: Writing out patched file to work/iBSS.patched...
main: Quitting...
none
main: Starting...
iOS 14 iBoot detected!
getting get_boot_arg_patch(rd=md0 debug=0x2014e -v wdt=-1 ) patch
getting get_debug_enabled_patch() patch
getting get_unlock_nvram_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x1800c2d88 : 000080d2
applying patch=0x1800c2ddc : 000080d2
applying patch=0x1800b38c8 : 000080d2c0035fd6
applying patch=0x1800b3918 : 000080d2c0035fd6
applying patch=0x1800f0d28 : 000080d2c0035fd6
applying patch=0x1800c4758 : 200080d2
applying patch=0x1800c5d38 : f9473430
applying patch=0x18012e635 : 72643d6d64302064656275673d30783230313465202d76207764743d2d31202000
applying patch=0x1800c8a14 : 1f2003d5
main: Writing out patched file to work/iBEC.patched...
main: Quitting...
none
krnl
main: Starting...
main: Detected fat macho kernel
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-7195 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x9015f7
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xfc6f30
get_amfi_out_of_my_way_patch: Patching AMFI at 0xfc1df8
main: Writing out patched file to work/kcache.patched...
main: Quitting...
krnl
dtre
rtsc
rdsk
error: allocate
error: Success
[-] An error occurred

from palera1n.

https://drive.google.com/file/d/1SK6BRjcYXjpADADyKGzR_QTCOGsP9rTQ/view?usp=sharing Complied it and executed on Arch Linux

Can you try and replace the hfsplus binary in ramdisk/Linux with this one

from palera1n.

i compiled it https://github.com/planetbeing/libdmg-hfsplus
But I don't know if I did it right!

from palera1n.

Can you try and replace the hfsplus binary in ramdisk/Linux with this one

ok i try again

from palera1n.

nice, working perfect!
:D :D :D

from palera1n.

[] Cleaning up work directory
[] Booting ramdisk
[] Getting device info... this may take a second
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[] Device should now show text on screen
[*] Waiting for the ramdisk to finish booting

from palera1n.

nice, working perfect! :D :D :D

Pushed upstream

from palera1n.

[] Cleaning up work directory [] Booting ramdisk [] Getting device info... this may take a second [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [] Device should now show text on screen [*] Waiting for the ramdisk to finish booting

Yes, did it return to prompt?

from palera1n.

[] Cleaning up work directory [] Booting ramdisk [] Getting device info... this may take a second [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [] Device should now show text on screen [*] Waiting for the ramdisk to finish booting

Mine was just stuck here, the device (2017 ipad pro 10.5) booted, i don't know if it jailbroke successfully. Tips app is still Tips.

from palera1n.

No, my device has booting normal …

Pogo not installed, I install manually?

from palera1n.

What system is this running on

from palera1n.

[] Cleaning up work directory [] Booting ramdisk [] Getting device info... this may take a second [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [==================================================] 100.0% [] Device should now show text on screen [*] Waiting for the ramdisk to finish booting

Mine was just stuck here, the device (2017 ipad pro 10.5) booted, i don't know if it jailbroke successfully. Tips app is still Tips.

iPadOS 15.7

from palera1n.

What system is this running on

iphone 7 15.4.1

from palera1n.

What Linux machine (and is it a VM/WSL)

from palera1n.

no virtual...
linux mint lasted

from palera1n.

OS: Arch Linux x86_64
Kernel: 5.19.11-arch1-1
local machine

from palera1n.

What happens when the progress bars show up? Does the device show the "blobs are dumping" image at all? Does verbose text appear? Does it show the normal apple logo? Do you see the block head ASCII art if it verboses?

from palera1n.

yes yes, show

from palera1n.

What?

from palera1n.

All this appears, then the apple logo with progress bar and starts!

from palera1n.

Can you show me a picture of the progress bar?

from palera1n.

First:

with verbose fast and
after:

from palera1n.

Mine is similar. the progress bar looks like 0% forever
Whole video: https://drive.google.com/file/d/1UpixgUM51C-z7n27HhlciR6eTGM1WKqe/view?usp=sharing

from palera1n.

The issue is not in the ramdisk.tar.gz, it's either when it was decompressed, or hfsplus extracting it, or creating the dmg. I'll have to actually use a Linux device to debug.

from palera1n.

I am available for testing, grateful for the work ^^

from palera1n.

@rubensalbukrk can you try and reclone the repo, then try again

from palera1n.

@rubensalbukrk can you try and reclone the repo, then try again

Ok man, I try now

from palera1n.

@rubensalbukrk can you try and reclone the repo, then try again

got frozen at that moment

from palera1n.

Did the script continue?

from palera1n.

n0,
`[*] Device should now show text on screen

[*] Waiting for the ramdisk to finish booting
`

from palera1n.

Oh okay, still closer.

Can you exit the script, and run ssh root@localhost -p 2222

If you get in, the password is alpine. Tell me if it works

from palera1n.

n0, [*] Device should now show text on screen [*] Waiting for the ramdisk to finish booting

ssh root@localhost -p 2222

in new terminal?

from palera1n.

rubens@rubensdev:~/palera1n$ ssh root@localhost -p 2222
kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port 2222
rubens@rubensdev:~/palera1n$ 

from palera1n.

Run these:

killall iproxy
sudo iproxy 2222 22 &
ssh root@localhost -p 2222

from palera1n.

`root@rubensdev:/home/rubens# sudo iproxy 2222 22

Creating listening port 2222 for device port 22
waiting for connection

New connection for 2222->22, fd = 5
waiting for connection
Connecting to usbmuxd failed, terminating.`

`root@rubensdev:/home/rubens/palera1n# ssh root@localhost -p 2222
kex_exchange_identification: Connection closed by remote host

Connection closed by 127.0.0.1 port 2222

root@rubensdev:/home/rubens/palera1n#
`

from palera1n.

ah, open up another terminal and type these commands:

sudo systemctl stop usbmuxd
sudo usbmuxd -f -p

then try the 3 commands from before again

from palera1n.

root@rubensdev:/home/rubens/palera1n# sudo systemctl stop usbmuxd
sudo usbmuxd -f -p
[22:39:15.591][3] usbmuxd v1.1.1 starting up
[22:39:15.592][3] Using libusb 1.0.25
[22:39:15.612][3] Initialization complete
[22:39:15.613][3] Connecting to new device on location 0x10022 as ID 1
[22:39:15.615][3] Connected to v2.0 device 1 on location 0x10022 with serial number ramdisk tool Sep 18 2022 20:14:43
[22:39:16.227][2] device_control_input: Got unhandled payload type 5

from palera1n.

work:
rubens@rubensdev:$ killall iproxy
sudo iproxy 2222 22 &
ssh root@localhost -p 2222
iproxy(86866): Operation not permitted
iproxy: no process found
[1] 87038
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
ECDSA key fingerprint is SHA256:lb9y8xaKPkXl5gUgA+WHH5TbDlRwWZ6Io7BBLbX+PuE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
localhost: root#

from palera1n.

and now? :D

from palera1n.

Ok, good to know. I’m going to make a quick fix

Type reboot in the ssh connection to reboot your device

from palera1n.

done, i am waiting

from palera1n.

Ok, just made the fix, can you try and reclone the repo, then try again, then tell me if it works

from palera1n.

Ok, lets go

from palera1n.

Frozen in:

from palera1n.

How long has it been there, what does the computer say

from palera1n.

10 min,
[] Device should now show text on screen
[] Waiting for the ramdisk to finish booting

from palera1n.

are you running the script as sudo

from palera1n.

yes

from palera1n.

sudo ./palera1n.sh --dfu 15.4.1 --debug

from palera1n.

can you sudo su then run it from there

from palera1n.

Fronzen

from palera1n.

Hey!!!!
Has continued after this:

`
[] Device should now show text on screen
[] Waiting for the ramdisk to finish booting
[] Dumping blobs and installing Pogo
dd: warning: partial read (247 bytes); suggest iflag=fullblock
16366+18 records in
16366+18 records out
4192438 bytes (4,2 MB, 4,0 MiB) copied, 0,90853 s, 4,6 MB/s
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
Compiled with plist: YES
Found IM4R extracting generator: ok
Saved IM4M to blobs/iPhone9,3-15.4.1.shsh2
seputil: Gigalocker file (/mnt7/4C6479A0-2E18-5684-B454-89A2B06C6A1B.gl) exists
seputil: Gigalocker initialization completed
[] Waiting for device in normal mode
[*] Switching device into recovery mode...
/home/rubens/palera1n/binaries/Linux/ideviceinfo: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
/home/rubens/palera1n/binaries/Linux/ideviceenterrecovery: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
root@rubensdev:/home/rubens/palera1n#

`

from palera1n.

The Tips not open

from palera1n.

/home/rubens/palera1n/binaries/Linux/ideviceenterrecovery: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

replace the irecovery.zip?

from palera1n.

Actually no, you’ll want to install openssl 1.1
curl -sL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb -o libssl.deb && sudo apt install ./libssl.deb

Since it continued, it’s practically done. It just needs to make the boot files. Sorry for the late response.

from palera1n.

Ok, i try again , wait a moment … I'm having dinner this time :D 💪🏼 Create muscle’s

from palera1n.

Sucess!!!!
All done!
👏👏👏👏🏼👏🏾👏🏽👏🏿

from palera1n.

from palera1n.

from palera1n.

iPhone 7 GSM 15.4.1 works :D

from palera1n.