Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- palera1n | Version 1.0.0
- Written by Nebula | Some code and ramdisk from Nathan | Patching commands and help from Mineek | Loader app by Amy
- [*] Getting device info...
- [*] Pwning device
- usb_timeout: 5
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- CPID:8003 CPRV:01 CPFM:03 SCEP:01 BDID:10 ECID:000109EE380B60A6 IBFL:1C SRTG:[iBoot-2234.0.0.2.22]
- Found the USB handle.
- Stage: RESET
- ret: true
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- CPID:8003 CPRV:01 CPFM:03 SCEP:01 BDID:10 ECID:000109EE380B60A6 IBFL:1C SRTG:[iBoot-2234.0.0.2.22]
- Found the USB handle.
- Stage: SETUP
- ret: true
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- CPID:8003 CPRV:01 CPFM:03 SCEP:01 BDID:10 ECID:000109EE380B60A6 IBFL:1C SRTG:[iBoot-2234.0.0.2.22]
- Found the USB handle.
- Stage: PATCH
- ret: true
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- CPID:8003 CPRV:01 CPFM:03 SCEP:01 BDID:10 ECID:000109EE380B60A6 IBFL:1C SRTG:[iBoot-2234.0.0.2.22] PWND:[gaster]
- Found the USB handle.
- Now you can boot untrusted images.
- [*] Converting blob
- img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
- Compiled with plist: YES
- Extracted IM4M to work/IM4M
- [*] Downloading BuildManifest
- Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
- libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
- init pzb: https://updates.cdn-apple.com/2022SpringFCS/fullrestores/012-07139/A5D0A6E7-CED5-43A6-841A-ED420B0FBDFD/iPad_64bit_TouchID_ASTC_15.5_19F77_Restore.ipsw
- init done
- getting: BuildManifest.plist
- 100% [===================================================================================================>]
- download succeeded
- [*] Downloading and decrypting iBSS
- Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
- libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
- init pzb: https://updates.cdn-apple.com/2022SpringFCS/fullrestores/012-07139/A5D0A6E7-CED5-43A6-841A-ED420B0FBDFD/iPad_64bit_TouchID_ASTC_15.5_19F77_Restore.ipsw
- init done
- getting: Firmware/dfu/iBSS.j71t.RELEASE.im4p
- 100% [===================================================================================================>]
- download succeeded
- usb_timeout: 5
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- CPID:8003 CPRV:01 CPFM:03 SCEP:01 BDID:10 ECID:000109EE380B60A6 IBFL:1C SRTG:[iBoot-2234.0.0.2.22] PWND:[gaster]
- Found the USB handle.
- Now you can boot untrusted images.
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- Found the USB handle.
- [*] Downloading and decrypting iBEC
- Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
- libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
- init pzb: https://updates.cdn-apple.com/2022SpringFCS/fullrestores/012-07139/A5D0A6E7-CED5-43A6-841A-ED420B0FBDFD/iPad_64bit_TouchID_ASTC_15.5_19F77_Restore.ipsw
- init done
- getting: Firmware/dfu/iBEC.j71t.RELEASE.im4p
- 100% [===================================================================================================>]
- download succeeded
- usb_timeout: 5
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- CPID:8003 CPRV:01 CPFM:03 SCEP:01 BDID:10 ECID:000109EE380B60A6 IBFL:1C SRTG:[iBoot-2234.0.0.2.22] PWND:[gaster]
- Found the USB handle.
- Now you can boot untrusted images.
- [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
- Found the USB handle.
- [*] Downloading DeviceTree
- Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
- libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
- init pzb: https://updates.cdn-apple.com/2022SpringFCS/fullrestores/012-07139/A5D0A6E7-CED5-43A6-841A-ED420B0FBDFD/iPad_64bit_TouchID_ASTC_15.5_19F77_Restore.ipsw
- init done
- getting: Firmware/all_flash/DeviceTree.j71tap.im4p
- 100% [===================================================================================================>]
- download succeeded
- [*] Downloading trustcache
- Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
- libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
- init pzb: https://updates.cdn-apple.com/2022SpringFCS/fullrestores/012-07139/A5D0A6E7-CED5-43A6-841A-ED420B0FBDFD/iPad_64bit_TouchID_ASTC_15.5_19F77_Restore.ipsw
- init done
- getting: Firmware/078-12488-106.dmg.trustcache
- 100% [===================================================================================================>]
- download succeeded
- [*] Downloading kernelcache
- Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
- libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
- init pzb: https://updates.cdn-apple.com/2022SpringFCS/fullrestores/012-07139/A5D0A6E7-CED5-43A6-841A-ED420B0FBDFD/iPad_64bit_TouchID_ASTC_15.5_19F77_Restore.ipsw
- init done
- getting: kernelcache.release.ipad6f
- 100% [===================================================================================================>]
- download succeeded
- [*] Patching and repacking iBSS/iBEC
- main: Starting...
- iOS 15 iBoot detected!
- getting get_sigcheck_patch() patch
- applying patch=0x18038e518 : 000080d2
- applying patch=0x18038e4d4 : 000080d2
- main: Writing out patched file to iBSS.patched...
- main: Quitting...
- main: Starting...
- iOS 15 iBoot detected!
- getting get_boot_arg_patch(-v keepsyms=1 debug=0xfffffffe panic-wait-forever=1 wdt=-1) patch
- getting get_debug_enabled_patch() patch
- getting get_sigcheck_patch() patch
- applying patch=0x87000fed8 : 000080d2
- applying patch=0x87000fe94 : 000080d2
- applying patch=0x870011a9c : 200080d2
- applying patch=0x870013008 : 9a950610
- applying patch=0x8700202b8 : 2d76206b65657073796d733d312064656275673d307866666666666666652070616e69632d776169742d666f72657665723d31207764743d2d3100
- main: Writing out patched file to iBEC.patched...
- main: Quitting...
- none
- none
- [*] Patching and converting kernelcache
- Reading work/kernelcache.release.ipad6f...
- [NOTE] Image4 payload data is LZSS compressed, decompressing...
- Extracted extra Image4 payload data: to work/kpp.bin.
- Extracted Image4 payload data to: work/kcache.raw
- main: Starting...
- Kernel: Adding AMFI_get_out_of_my_way patch...
- get_amfi_out_of_my_way_patch: Entering ...
- get_amfi_out_of_my_way_patch: Kernel-8020 inputted
- get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x9630fa
- get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x105cc64
- get_amfi_out_of_my_way_patch: Patching AMFI at 0x10582a8
- Kernel: Adding could_not_authenticate_personalized_root_hash patch...
- get_could_not_authenticate_personalized_root_hash_patch: Entering ...
- get_could_not_authenticate_personalized_root_hash_patch: Found "successfully validated on-disk root hash" str loc at 0xd21409
- get_could_not_authenticate_personalized_root_hash_patch: Found "successfully validated on-disk root hash" xref at 0x1cce84c
- get_could_not_authenticate_personalized_root_hash_patch: Found previous cbz at 0x1cce828
- get_could_not_authenticate_personalized_root_hash_patch: Found "could not authenticate personalized root hash!" str loc at 0xd2135e
- get_could_not_authenticate_personalized_root_hash_patch: Found "could not authenticate personalized root hash!" xref at 0x1cce924
- get_could_not_authenticate_personalized_root_hash_patch: Found cbz target at 0x1cce904
- get_could_not_authenticate_personalized_root_hash_patch: Patching root hash check at 0x1cce904
- main: Writing out patched file to work/kcache.patched...
- main: Quitting...
- Reading work/kcache.patched...
- Reading extra: work/kpp.bin...
- Compressing payload using LZSS...
- IM4P outputted to: work/krnlboot.im4p
- Reading work/krnlboot.im4p...
- Reading work/IM4M...
- Creating Image4...
- Image4 file outputted to: boot-iPad6,11/kernelcache.img4
- [*] Converting DeviceTree
- dtre
- [*] Patching and converting trustcache
- trst
- none
- [*] Booting device
- [==================================================] 100.0%
- [==================================================] 100.0%
- [==================================================] 100.0%
- [==================================================] 100.0%
- [==================================================] 100.0%
- [==================================================] 100.0%
- Done!
- The device should now boot to iOS
- If you already have ran palera1n, click Do All in the tools section of Pogo
- If not, Pogo should be installed to Tips
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement