Liberate iPad 2 (2011) #30

New Issue

Open

opened 2022-09-17 04:13:14 +02:00 by kreyren · 3 comments

kreyren commented 2022-09-17 04:13:14 +02:00

Owner

Copy Link

Issue tracking to make my iPad 2 (2011) usable.

Issue tracking to make my iPad 2 (2011) usable.

kreyren commented 2022-09-17 04:14:08 +02:00

Author

Owner

Copy Link

Projected end-goal - Using the already present PCB

• Figure out if it's possible to get GNU Guix GNU/Linux on it

The jailbreak can currently be done through https://jailbreaks.app/legacy.html by installing the p0laris and then re-applying it on each reboot.[4]

Currently the tablet is in broken phase where I get ncurses error in the dpkg used in cydia that prevents installation of new packages. Was told[2] that to resolve it I need to restore the device through e.g. idevicerestore which is affected by issue [ref.5] that needs to be fixed first.

• Figure out how to make usbmuxd to work on GNU Guix, likely needs a usbmuxd-service-type contributed -- Service-type would be good, but workaround used

I can do # rm -rf --no-preserve-root on the iPad, but that allegedly can't remove everything and would leave me with unbootable device.[2]

• [NO] Hardware way -- Too invasive

  • Open up the device to identify the parts and jumper wires to see if it's possible to flash data on the eMMC without the need to unsolder it
    • Get x-ray of the PCB to see the traces to know where to drill/scratch for jumpers
      • Make sure we can do this without violating the license in case I will be redesigning i
    • Figure out what eMMC it is using
      • Get compatible eMMC programmer

• Exploit way

Allegedly checkm8 works for A5 chips[11] with https://github.com/axi0mX/ipwndfu[12]

• Fix GNU Guix to interact with iDevices

Seems that GNU Guix (04.10.2022) has broken libusb causing the libusbmuxd to malfunction as explained in https://github.com/libimobiledevice/ideviceinstaller/issues/14 the solution proposed by the GNU Guix community is using a temporary environment with updated libusb through the following code while referencing https://github.com/libusb/libusb/issues/825 with staged fix in core-updates in next update cycle where the hotfix should enable interacting with the device:

#!/usr/bin/env sh
exec guix shell -f "$0"
!#

;;; Suggested solution to https://github.com/libimobiledevice/ideviceinstaller/issues/147 by the GNU Guix community referencing issue https://github.com/libusb/libusb/issues/825 with staged fix in core-updates in next update cycle

(use-modules ((gnu packages libusb) #:select (libusb usbmuxd))
             (guix download)
             (guix packages)
             (ice-9 match))

(define libusb-1.0.25
  (package
    (inherit libusb)
    (version "1.0.25")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://github.com/libusb/libusb/releases"
                           "/download/v1.0.25/libusb-1.0.25.tar.bz2"))
       (sha256
        (base32 "0j88ym7afy4wj3x789zzxsr04asyjy0mw29gf31blzkrg8cyya4a"))))))

(package
  (inherit usbmuxd)
  (inputs (modify-inputs (package-inputs usbmuxd)
            (replace "libusb" libusb-1.0.25))))

Using the proposed solution by the GNU Guix community works to run sudo usbmuxd -f to interact with the device

• Jailbreak the device
• Required packages to be added in GNU Guix:
  • ideviceinstaller
  • zsign -- Packaged, not submitted yet
• Install the JailBreak IPA -- Refer to the [M.4]

Misc:
M.1. How to get in the DFU mode:

• Follow ref.15

M.2. The restore file for the device can be downloaded from http://appldnld.apple.com/iOS9.3.5/031-73136-20160825-6A2B0F0A-6711-11E6-BE6C-193834D2D062/iPad2,1_9.3.5_13G36_Restore.ipsw

M.3. How to restore the device
M.3.1. Follow [M.1] to get device into a DFU mode and download the restore file as described in [M.2] and then run

/home/kreyren> sudo idevicerestore -P -e -d ~/Downloads/iPad2,1_9.3.5_13G36_Restore.ipsw
Password: 
progress: 0 0.000000
irecv_event_cb: device REDACTED (udid: N/A) connected in DFU mode
progress: 0 0.100000
Found device in DFU mode
opening device 05ac:1227...
irecv_copy_nonce_with_tag: WARNING: couldn't find tag NONC in string Apple Inc.
irecv_copy_nonce_with_tag: WARNING: couldn't find tag SNON in string Apple Inc.
found device with ECID REDACTED
Setting to configuration 1
Setting to interface 0:0
progress: 0 0.200000
Identified device as k93ap, iPad2,1
progress: 0 0.600000
Extracting BuildManifest from IPSW
progress: 0 0.800000
Product Version: 9.3.5
Product Build: 13G36 Major: 13
opening device 05ac:1227...
irecv_copy_nonce_with_tag: WARNING: couldn't find tag NONC in string Apple Inc.
irecv_copy_nonce_with_tag: WARNING: couldn't find tag SNON in string Apple Inc.
found device with ECID REDACTED
Setting to configuration 1
Setting to interface 0:0
Device supports Image4: false
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
################################ [ WARNING ] #################################
# You are about to perform an *ERASE* restore. ALL DATA on the target device #
# will be IRREVERSIBLY DESTROYED. If you want to update your device without  #
# erasing the user data, hit CTRL+C now and restart without -e or --erase    #
# command line switch.                                                       #
# If you want to continue with the ERASE, please type YES and press ENTER.   #
##############################################################################
> ERASE
Invalid input. Please type YES or hit CTRL+C to abort.
> YES
progress: 1 0.000000
Checking IPSW for required components...
All required components found in IPSW
Using cached filesystem from '/home//kreyren/Downloads/iPad2,1_9.3.5_13G36_Restore/058-49123-036.dmg'
progress: 1 0.200000
Getting device's ECID for TSS request
Found ECID REDACTED
Getting ApNonce in dfu mode... 
Trying to fetch new SHSH blob
Getting SepNonce in dfu mode... 
NOTE: Unable to find BbChipID node
NOTE: Unable to find BbProvisioningManifestKeyHash node
NOTE: Unable to find BbActivationManifestKeyHash node
NOTE: Unable to find BbCalibrationManifestKeyHash node
NOTE: Unable to find BbFactoryActivationManifestKeyHash node
NOTE: Unable to find BbFDRSecurityKeyHash node
NOTE: Unable to find BbSkeyId node
DEBUG: Applying restore request rules for entry AppleLogo
DEBUG: Applying restore request rules for entry BatteryCharging0
DEBUG: Applying restore request rules for entry BatteryCharging1
DEBUG: Applying restore request rules for entry BatteryFull
DEBUG: Applying restore request rules for entry BatteryLow0
DEBUG: Applying restore request rules for entry BatteryLow1
DEBUG: Applying restore request rules for entry BatteryPlugin
...
progress: 3 0.920000
progress: 3 0.940000
progress: 3 0.960000
progress: 3 0.980000
progress: 3 1.000000
Mounting filesystems (16)
No data to read (timeout)
Mounting filesystems (16)
About to send KernelCache...
DEBUG: tss_response_get_path_by_entry: No entry 'KernelCache' in TSS response
NOTE: No path for component KernelCache in TSS, will fetch from build identity
Extracting kernelcache.release.k93...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'KernelCache' in TSS response
NOTE: No SHSH blob found for component KernelCache
Not personalizing component KernelCache...
Sending KernelCache now...
Done sending KernelCache
Installing kernelcache (27)
About to send NORData...
NOTE: Unable to find LLB path in TSS entry
NOTE: Could not get LLB path from TSS data, will fetch from build identity
Found firmware path Firmware/all_flash/all_flash.k93ap.production
Getting firmware manifest from Firmware/all_flash/all_flash.k93ap.production/manifest
Extracting LLB.k93.RELEASE.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
Personalizing IMG3 component LLB...
Parsed TYPE element
Parsed DATA element
Parsed VERS element
Parsed SEPO element
Parsed CHIP element
Parsed BORD element
Parsed BORD element
Parsed KBAG element
Parsed KBAG element
reconstructed size: 154138
Extracting iBoot.k93.RELEASE.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'iBoot' in TSS response
NOTE: No SHSH blob found for component iBoot
Not personalizing component iBoot...
Extracting DeviceTree.k93ap.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'DeviceTree' in TSS response
NOTE: No SHSH blob found for component DeviceTree
Not personalizing component DeviceTree...
Extracting applelogo.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'AppleLogo' in TSS response
NOTE: No SHSH blob found for component AppleLogo
Not personalizing component AppleLogo...
Extracting recoverymode~ipad-30pin.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'RecoveryMode' in TSS response
NOTE: No SHSH blob found for component RecoveryMode
Not personalizing component RecoveryMode...
Extracting batterylow0~ipad.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryLow0' in TSS response
NOTE: No SHSH blob found for component BatteryLow0
Not personalizing component BatteryLow0...
Extracting batterylow1~ipad.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryLow1' in TSS response
NOTE: No SHSH blob found for component BatteryLow1
Not personalizing component BatteryLow1...
Extracting batterycharging0.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryCharging0' in TSS response
NOTE: No SHSH blob found for component BatteryCharging0
Not personalizing component BatteryCharging0...
Extracting batterycharging1.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryCharging1' in TSS response
NOTE: No SHSH blob found for component BatteryCharging1
Not personalizing component BatteryCharging1...
Extracting glyphplugin~ipad-30pin.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryPlugin' in TSS response
NOTE: No SHSH blob found for component BatteryPlugin
Not personalizing component BatteryPlugin...
Extracting batteryfull~ipad.s5l8940x.img3...
DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response
DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryFull' in TSS response
NOTE: No SHSH blob found for component BatteryFull
Not personalizing component BatteryFull...
common.c:supressed printing 911818 bytes plist...
Sending NORData now...
Done sending NORData
Flashing firmware (18)
progress: 4 0.160000
progress: 4 0.250000
progress: 4 0.330000
progress: 4 0.410000
progress: 4 0.500000
progress: 4 0.580000
progress: 4 0.660000
progress: 4 0.750000
progress: 4 0.830000
progress: 4 0.910000
progress: 4 1.000000
Updating gas gauge software (46)
Updating gas gauge software (46)
Fixing up /var (17)
Creating system key bag (49)
Modifying persistent boot-args (25)
Resizing system partition (51)
Unmounting filesystems (29)
Unmounting filesystems (29)
Got status message
Status: Restore Finished
Cleaning up...
DONE
progress: 6 1.000000

M.4. How to install p0laris.ipa through ideviceinstaller?

TBD

$ zsign --force -k cert.p12 -p password -m profile.mobileprovision p0laris.ipa -o p0laris-signed.ipa

$ ideviceinstaller -i p0laris-signed.ipa

Requires 100 EUR payment to apple or buy cert for 15 USD from udidregistrations
https://gist.github.com/nyuszika7h/3d9addcf701afc9a803c06e45d82c078

Alternative way using AltServer:

Install IPA: ./AltServer -u [UDID] -a [AppleID account] -p [AppleID password] [ipaPath.ipa]

Poked the guy who was showing iPad with A7 booting on twitter[10] for info -- https://github.com/konradybcio/linux-apple/pull/12

Resources:

1. Jailbreak room on matrix -- https://matrix.to/#/#oneinfiniteloop:matrix.org
2. Jailbreak room on discord -- https://discord.gg/jb
3. Relevant reddit -- http://reddit.com/r/LegacyJailbreak/
4. Maintained resource by the JB community -- https://ios.cfw.guide
5. Issue i have on libimobiledevice -- https://github.com/libimobiledevice/ideviceinstaller/issues/147
6. Packaged ideviceinstaller -- https://issues.guix.gnu.org/57871
7. (self?)-proclaimed processional disassembling the device -- https://www.youtube.com/watch?v=JZ9EsfAJatU
8. Asahi Linux, alternative Linux OS for iDevices -- https://asahilinux.org/about
9. Asahi Linux does not support iPad 2 -- https://github.com/AsahiLinux/m1n1/issues/253#issuecomment-1251523071
10. Konrad Dybcio managed to run linux on iPad 2 Air https://nitter.tiekoetter.com/konradybcio/status/1531963130934329344#m
    10.1. Writeup about how they did it https://konradybcio.pl/linuxona7/
11. Claim by the online user that checkm8 works for A5 chips -- https://www.reddit.com/r/jailbreak/comments/dafbih/comment/f1p6vfw/?utm_source=reddit&utm_medium=web2x&context=3
12. Reportedly tool used to write on the device https://github.com/axi0mX/ipwndfu
13. Video explaining how to use checkm8 exploit https://www.youtube.com/watch?v=w7tcnyqJ2Yo
14. Regression in libusb affecting GNU Guix https://github.com/libusb/libusb/issues/825
15. How to enter DFU mode on iPad2 https://www.theiphonewiki.com/wiki/DFU_Mode#iPhone.2C_iPad.2C_iPod_touch
16. Kernel for the tablet -- https://github.com/konradybcio/linux-apple

Projected end-goal - Using the already present PCB * [ ] Figure out if it's possible to get GNU Guix GNU/Linux on it The jailbreak can currently be done through https://jailbreaks.app/legacy.html by installing the p0laris and then re-applying it on each reboot.[4] Currently the tablet is in broken phase where I get ncurses error in the dpkg used in cydia that prevents installation of new packages. Was told[2] that to resolve it I need to restore the device through e.g. idevicerestore which is affected by issue [ref.5] that needs to be fixed first. * [X] Figure out how to make usbmuxd to work on GNU Guix, likely needs a `usbmuxd-service-type` contributed -- Service-type would be good, but workaround used I can do `# rm -rf --no-preserve-root` on the iPad, but that allegedly can't remove everything and would leave me with unbootable device.[2] * [NO] Hardware way -- Too invasive * [ ] Open up the device to identify the parts and jumper wires to see if it's possible to flash data on the eMMC without the need to unsolder it * [ ] Get x-ray of the PCB to see the traces to know where to drill/scratch for jumpers * [ ] Make sure we can do this without violating the license in case I will be redesigning i * [ ] Figure out what eMMC it is using * [ ] Get compatible eMMC programmer * [X] Exploit way Allegedly checkm8 works for A5 chips[11] with https://github.com/axi0mX/ipwndfu[12] * [X] Fix GNU Guix to interact with iDevices Seems that GNU Guix (04.10.2022) has broken libusb causing the libusbmuxd to malfunction as explained in https://github.com/libimobiledevice/ideviceinstaller/issues/14 the solution proposed by the GNU Guix community is using a temporary environment with updated libusb through the following code while referencing https://github.com/libusb/libusb/issues/825 with staged fix in core-updates in next update cycle where the hotfix should enable interacting with the device: ``` #!/usr/bin/env sh exec guix shell -f "$0" !# ;;; Suggested solution to https://github.com/libimobiledevice/ideviceinstaller/issues/147 by the GNU Guix community referencing issue https://github.com/libusb/libusb/issues/825 with staged fix in core-updates in next update cycle (use-modules ((gnu packages libusb) #:select (libusb usbmuxd)) (guix download) (guix packages) (ice-9 match)) (define libusb-1.0.25 (package (inherit libusb) (version "1.0.25") (source (origin (method url-fetch) (uri (string-append "https://github.com/libusb/libusb/releases" "/download/v1.0.25/libusb-1.0.25.tar.bz2")) (sha256 (base32 "0j88ym7afy4wj3x789zzxsr04asyjy0mw29gf31blzkrg8cyya4a")))))) (package (inherit usbmuxd) (inputs (modify-inputs (package-inputs usbmuxd) (replace "libusb" libusb-1.0.25)))) ``` Using the proposed solution by the GNU Guix community works to run `sudo usbmuxd -f` to interact with the device * [ ] Jailbreak the device * [ ] Required packages to be added in GNU Guix: * [X] ideviceinstaller * [ ] zsign -- Packaged, not submitted yet * [ ] Install the JailBreak IPA -- Refer to the [M.4] Misc: M.1. How to get in the DFU mode: * Follow ref.15 M.2. The restore file for the device can be downloaded from http://appldnld.apple.com/iOS9.3.5/031-73136-20160825-6A2B0F0A-6711-11E6-BE6C-193834D2D062/iPad2,1_9.3.5_13G36_Restore.ipsw M.3. How to restore the device M.3.1. Follow [M.1] to get device into a DFU mode and download the restore file as described in [M.2] and then run ``` /home/kreyren> sudo idevicerestore -P -e -d ~/Downloads/iPad2,1_9.3.5_13G36_Restore.ipsw Password: progress: 0 0.000000 irecv_event_cb: device REDACTED (udid: N/A) connected in DFU mode progress: 0 0.100000 Found device in DFU mode opening device 05ac:1227... irecv_copy_nonce_with_tag: WARNING: couldn't find tag NONC in string Apple Inc. irecv_copy_nonce_with_tag: WARNING: couldn't find tag SNON in string Apple Inc. found device with ECID REDACTED Setting to configuration 1 Setting to interface 0:0 progress: 0 0.200000 Identified device as k93ap, iPad2,1 progress: 0 0.600000 Extracting BuildManifest from IPSW progress: 0 0.800000 Product Version: 9.3.5 Product Build: 13G36 Major: 13 opening device 05ac:1227... irecv_copy_nonce_with_tag: WARNING: couldn't find tag NONC in string Apple Inc. irecv_copy_nonce_with_tag: WARNING: couldn't find tag SNON in string Apple Inc. found device with ECID REDACTED Setting to configuration 1 Setting to interface 0:0 Device supports Image4: false Variant: Customer Erase Install (IPSW) This restore will erase your device data. ################################ [ WARNING ] ################################# # You are about to perform an *ERASE* restore. ALL DATA on the target device # # will be IRREVERSIBLY DESTROYED. If you want to update your device without # # erasing the user data, hit CTRL+C now and restart without -e or --erase # # command line switch. # # If you want to continue with the ERASE, please type YES and press ENTER. # ############################################################################## > ERASE Invalid input. Please type YES or hit CTRL+C to abort. > YES progress: 1 0.000000 Checking IPSW for required components... All required components found in IPSW Using cached filesystem from '/home//kreyren/Downloads/iPad2,1_9.3.5_13G36_Restore/058-49123-036.dmg' progress: 1 0.200000 Getting device's ECID for TSS request Found ECID REDACTED Getting ApNonce in dfu mode... Trying to fetch new SHSH blob Getting SepNonce in dfu mode... NOTE: Unable to find BbChipID node NOTE: Unable to find BbProvisioningManifestKeyHash node NOTE: Unable to find BbActivationManifestKeyHash node NOTE: Unable to find BbCalibrationManifestKeyHash node NOTE: Unable to find BbFactoryActivationManifestKeyHash node NOTE: Unable to find BbFDRSecurityKeyHash node NOTE: Unable to find BbSkeyId node DEBUG: Applying restore request rules for entry AppleLogo DEBUG: Applying restore request rules for entry BatteryCharging0 DEBUG: Applying restore request rules for entry BatteryCharging1 DEBUG: Applying restore request rules for entry BatteryFull DEBUG: Applying restore request rules for entry BatteryLow0 DEBUG: Applying restore request rules for entry BatteryLow1 DEBUG: Applying restore request rules for entry BatteryPlugin ... progress: 3 0.920000 progress: 3 0.940000 progress: 3 0.960000 progress: 3 0.980000 progress: 3 1.000000 Mounting filesystems (16) No data to read (timeout) Mounting filesystems (16) About to send KernelCache... DEBUG: tss_response_get_path_by_entry: No entry 'KernelCache' in TSS response NOTE: No path for component KernelCache in TSS, will fetch from build identity Extracting kernelcache.release.k93... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'KernelCache' in TSS response NOTE: No SHSH blob found for component KernelCache Not personalizing component KernelCache... Sending KernelCache now... Done sending KernelCache Installing kernelcache (27) About to send NORData... NOTE: Unable to find LLB path in TSS entry NOTE: Could not get LLB path from TSS data, will fetch from build identity Found firmware path Firmware/all_flash/all_flash.k93ap.production Getting firmware manifest from Firmware/all_flash/all_flash.k93ap.production/manifest Extracting LLB.k93.RELEASE.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response Personalizing IMG3 component LLB... Parsed TYPE element Parsed DATA element Parsed VERS element Parsed SEPO element Parsed CHIP element Parsed BORD element Parsed BORD element Parsed KBAG element Parsed KBAG element reconstructed size: 154138 Extracting iBoot.k93.RELEASE.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'iBoot' in TSS response NOTE: No SHSH blob found for component iBoot Not personalizing component iBoot... Extracting DeviceTree.k93ap.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'DeviceTree' in TSS response NOTE: No SHSH blob found for component DeviceTree Not personalizing component DeviceTree... Extracting applelogo.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'AppleLogo' in TSS response NOTE: No SHSH blob found for component AppleLogo Not personalizing component AppleLogo... Extracting recoverymode~ipad-30pin.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'RecoveryMode' in TSS response NOTE: No SHSH blob found for component RecoveryMode Not personalizing component RecoveryMode... Extracting batterylow0~ipad.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryLow0' in TSS response NOTE: No SHSH blob found for component BatteryLow0 Not personalizing component BatteryLow0... Extracting batterylow1~ipad.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryLow1' in TSS response NOTE: No SHSH blob found for component BatteryLow1 Not personalizing component BatteryLow1... Extracting batterycharging0.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryCharging0' in TSS response NOTE: No SHSH blob found for component BatteryCharging0 Not personalizing component BatteryCharging0... Extracting batterycharging1.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryCharging1' in TSS response NOTE: No SHSH blob found for component BatteryCharging1 Not personalizing component BatteryCharging1... Extracting glyphplugin~ipad-30pin.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryPlugin' in TSS response NOTE: No SHSH blob found for component BatteryPlugin Not personalizing component BatteryPlugin... Extracting batteryfull~ipad.s5l8940x.img3... DEBUG: tss_response_get_data_by_key: No entry 'ApImg4Ticket' in TSS response DEBUG: tss_response_get_blob_by_entry: No entry 'BatteryFull' in TSS response NOTE: No SHSH blob found for component BatteryFull Not personalizing component BatteryFull... common.c:supressed printing 911818 bytes plist... Sending NORData now... Done sending NORData Flashing firmware (18) progress: 4 0.160000 progress: 4 0.250000 progress: 4 0.330000 progress: 4 0.410000 progress: 4 0.500000 progress: 4 0.580000 progress: 4 0.660000 progress: 4 0.750000 progress: 4 0.830000 progress: 4 0.910000 progress: 4 1.000000 Updating gas gauge software (46) Updating gas gauge software (46) Fixing up /var (17) Creating system key bag (49) Modifying persistent boot-args (25) Resizing system partition (51) Unmounting filesystems (29) Unmounting filesystems (29) Got status message Status: Restore Finished Cleaning up... DONE progress: 6 1.000000 ``` M.4. How to install p0laris.ipa through ideviceinstaller? TBD $ zsign --force -k cert.p12 -p password -m profile.mobileprovision p0laris.ipa -o p0laris-signed.ipa $ ideviceinstaller -i p0laris-signed.ipa Requires 100 EUR payment to apple or buy cert for 15 USD from udidregistrations https://gist.github.com/nyuszika7h/3d9addcf701afc9a803c06e45d82c078 Alternative way using AltServer: ``` Install IPA: ./AltServer -u [UDID] -a [AppleID account] -p [AppleID password] [ipaPath.ipa] ``` Poked the guy who was showing iPad with A7 booting on twitter[10] for info -- https://github.com/konradybcio/linux-apple/pull/12 Resources: 1. Jailbreak room on matrix -- https://matrix.to/#/#oneinfiniteloop:matrix.org 2. Jailbreak room on discord -- https://discord.gg/jb 3. Relevant reddit -- http://reddit.com/r/LegacyJailbreak/ 4. Maintained resource by the JB community -- https://ios.cfw.guide 5. Issue i have on libimobiledevice -- https://github.com/libimobiledevice/ideviceinstaller/issues/147 6. Packaged ideviceinstaller -- https://issues.guix.gnu.org/57871 7. (self?)-proclaimed processional disassembling the device -- https://www.youtube.com/watch?v=JZ9EsfAJatU 8. Asahi Linux, alternative Linux OS for iDevices -- https://asahilinux.org/about 9. Asahi Linux does not support iPad 2 -- https://github.com/AsahiLinux/m1n1/issues/253#issuecomment-1251523071 10. Konrad Dybcio managed to run linux on iPad 2 Air https://nitter.tiekoetter.com/konradybcio/status/1531963130934329344#m 10.1. Writeup about how they did it https://konradybcio.pl/linuxona7/ 11. Claim by the online user that checkm8 works for A5 chips -- https://www.reddit.com/r/jailbreak/comments/dafbih/comment/f1p6vfw/?utm_source=reddit&utm_medium=web2x&context=3 12. Reportedly tool used to write on the device https://github.com/axi0mX/ipwndfu 13. Video explaining how to use checkm8 exploit https://www.youtube.com/watch?v=w7tcnyqJ2Yo 14. Regression in libusb affecting GNU Guix https://github.com/libusb/libusb/issues/825 15. How to enter DFU mode on iPad2 https://www.theiphonewiki.com/wiki/DFU_Mode#iPhone.2C_iPad.2C_iPod_touch 16. Kernel for the tablet -- https://github.com/konradybcio/linux-apple

kreyren added spent time 2022-09-17 04:14:20 +02:00

6 hours 21 minutes

kreyren commented 2022-09-17 04:17:31 +02:00

Author

Owner

Copy Link

Projected end-goal - Redesign the device

The eMMC, battery, digitizer and display can be reused as they are both in good condition and acceptable efficiency.

The SoC is weak and runs too much apple things so I want to replace it. The current best candidate is Allwinner A33, because OLIMEX has a development board for it.[1]

• Despite having better lithography by 5nn it consumes by 1W TDP more so likely worse battery life.. -> Manage?

• Buy the A33-OLinuXino[1] (40 EUR) and make sure that the display and digitizer is compatible.

Resources:

1. OLIMEX website for A33-OLinuXino https://www.olimex.com/Products/OLinuXino/A33/A33-OLinuXino/open-source-hardware

Projected end-goal - Redesign the device The eMMC, battery, digitizer and display can be reused as they are both in good condition and acceptable efficiency. The SoC is weak and runs too much apple things so I want to replace it. The current best candidate is Allwinner A33, because OLIMEX has a development board for it.[1]  - Despite having better lithography by 5nn it consumes by 1W TDP more so likely worse battery life.. -> Manage? * [ ] Buy the A33-OLinuXino[1] (40 EUR) and make sure that the display and digitizer is compatible. Resources: 1. OLIMEX website for A33-OLinuXino https://www.olimex.com/Products/OLinuXino/A33/A33-OLinuXino/open-source-hardware

compare-socs.png

149 KiB

kreyren commented 2022-09-17 04:17:38 +02:00

Author

Owner

Copy Link

Misc

Chasis - Either way i hate the chassis, so i want to redesign one out of additive fabricated plastic that is more ergonomic

RFID reader - I need RFID for authentification -> See if it can be added

#### Misc Chasis - Either way i hate the chassis, so i want to redesign one out of additive fabricated plastic that is more ergonomic RFID reader - I need RFID for authentification -> See if it can be added

kreyren added spent time 2022-09-17 04:51:15 +02:00

35 minutes

kreyren added spent time 2022-09-18 09:48:38 +02:00

3 hours 21 minutes

kreyren added spent time 2022-09-20 01:32:13 +02:00

1 hour 8 minutes

kreyren added spent time 2022-10-08 18:30:21 +02:00

13 minutes

kreyren started working 2022-10-08 18:30:22 +02:00

kreyren canceled time tracking 2022-10-12 20:36:02 +02:00

kreyren added this to the Current run milestone 2023-06-26 14:46:29 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

Labels

Clear labels   

games

  

health

  

shopping-list

issues with shopping list

No Label

games

health

shopping-list

Milestone

Clear milestone

No items

No Milestone

Current run

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Total Time Spent: 11 hours 38 minutes

kreyren

11 hours 38 minutes

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: kreyren/kreyren#30

No description provided.