I'm using DELL XPS15 running Ubuntu 22.04 LTS.
When I used palera1n and followed this guide directly from my computer it doesn't work (I think some problem with the usb driver while the device connected my machine recognised that as a camera ).
I got the error:
Timed out waiting for download mode (error code: -status_exploit_timeout_error)no one on the discord really helped me so i moved on and burn on Disk On Key image of palen1x which running some version of debian.
sudo umount /dev/sda1
sudo dd if=c-palen1x-v1.0.10-2-amd64.iso of=/dev/sda1 bs=8M status=progressafter boot-up my machine to the Live-CD and ran the the exploit and it works perfect!
setup a password for the ssh and got ssh conenction directly to my exploited iPhone.
ssh mobile@{your_phone_ip}-
for further reading about iBoot
http://newosxbook.com/bonus/iBoot.pdf -
Some article about leak of iBoot: https://yalujailbreak.net/bootrom-iboot-source-code-leaked/
-
extract SecureRom using pcie inject thechnique (expensive and time consuming)
- the best way today to inject pcie is to use pcieleech https://github.com/ufrisk/pcileech
- example how some one did it: https://web.archive.org/web/20190320093901/https://ramtin-amin.fr/nvmedma.html
the *Phone has diffrent PID (Product ID) in normal mode and in Recovery Mode:
for enter recovery mode i've used: palera1n
sudo palera1n -EI'm trying to compile by myself palera1n but it has a-lot of dep so i fork the repo right now.