Author Topic: Making an img3 file for 3Gs  (Read 2696 times)

Offline Covariant

  • Member
  • Posts: 7
  • Karma: +0/-0
    • View Profile
  • iDevice: iPhone 3Gs (Old Bootroom), iPad 1G
  • iDroid Version: None
  • Jailbreak: PwnageTool 4.2.1
Making an img3 file for 3Gs
« on: March 01, 2011, 02:37:00 AM »
-Info-
My Operating System: Ubuntu 10.04
Reading Instructions from this wiki page: http://www.idroidproject.org/wiki/Building_OpeniBoot

Question:
OK so I've decided to try and and write missing drivers for the iPhone 3Gs. Please be aware that this is the first time I am doing something like this. I have already built the AMR toolchain. I want to compile openiboot for the 3Gs, but I can't seem find any instructions on the aforementioned wiki page.
I'm just guessing here, but would the instruction be something like this: PLATFORM=3GS make openiboot.img3? Any help with this would be greatly appreciated.

Offline nickp666

  • Administrator
  • Member
  • *****
  • Posts: 682
  • Karma: +45/-0
    • View Profile
    • http://www.nickpack.com
  • iDevice: Various
  • iDroid Version: Latest
  • Jailbreak: Various
Re: Making an img3 file for 3Gs
« Reply #1 on: March 01, 2011, 09:17:47 AM »
Those instructions are outdated, look at the readme in the repo

Offline Covariant

  • Member
  • Posts: 7
  • Karma: +0/-0
    • View Profile
  • iDevice: iPhone 3Gs (Old Bootroom), iPad 1G
  • iDroid Version: None
  • Jailbreak: PwnageTool 4.2.1
Re: Making an img3 file for 3Gs
« Reply #2 on: March 02, 2011, 07:26:29 AM »
Thanks, but now I have another problem. I'm now at the point where I am about to load openiboot on to the device. It's in DFU mode and when I run the command:
Code: [Select]
/home/covarianttensor/openiBoot/utils/syringe/loadibec openiboot.img3
It fails to reconnect to my device after delivering the limera1n exploit. Here is the console output:
Code: [Select]
covarianttensor@ubuntu:~/Downloads/iDroid-Project-syringe-af0d999/syringe/exploits/limera1n$ /home/covarianttensor/openiBoot/utils/syringe/loadibec openiboot.img3
Loadibec 2.00.
Connecting to iDevice...
linera1n compatible device detected, injecting limera1n.
Initializing libpois0n
opening device 05ac:1227...
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as iPhone2,1
Preparing to upload limera1n exploit
Resetting device counters
Sending chunk headers
Sending exploit payload
Sending fake data
Exploit sent
Reconnecting to device
Waiting 2 seconds for the device to pop up...
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Connection failed. Waiting 1 sec before retry.
Command completed successfully
Unable to reconnect
Unable to upload exploit data
limera1ned, reconnecting...
Segmentation fault

I am running ubuntu as a virtual machine under VMWare Fusion on my MacBook. I read somewhere (http://www.ifans.com/forums/showthread.php?t=321185&page=11) that running in a Virtual Machine can kill the connections with the exploit tools, but I'm not sure this has anything to do my problem. Have these tools been tested on a virtual machine and confirmed working? Or will I have to do a native install of Ubuntu to get these utilities to work?  :'(
« Last Edit: March 02, 2011, 07:40:02 AM by Covariant »

Offline nickp666

  • Administrator
  • Member
  • *****
  • Posts: 682
  • Karma: +45/-0
    • View Profile
    • http://www.nickpack.com
  • iDevice: Various
  • iDroid Version: Latest
  • Jailbreak: Various
Re: Making an img3 file for 3Gs
« Reply #3 on: March 02, 2011, 08:22:02 AM »
Syringe does not work in VM's at all, you have to run it natively (Apparently chronic-dev have fixed this, but it hasnt hit the repo yet)

You can however build and run the tools on OSX, so I would suggest doing that :P

Offline Covariant

  • Member
  • Posts: 7
  • Karma: +0/-0
    • View Profile
  • iDevice: iPhone 3Gs (Old Bootroom), iPad 1G
  • iDroid Version: None
  • Jailbreak: PwnageTool 4.2.1
Re: Making an img3 file for 3Gs
« Reply #4 on: March 25, 2011, 11:53:36 PM »
So after installing Linux natively and going through the whole process again, I finally got openiboot running on my 3GS. When i run the "install" command in the oibc client it's makes a NOR backup. When I check the file out it has 0 bytes.  Is the norbackup.dump file supposed to show up as 0 bytes or is it really empty?


Offline ddominator

  • Global Moderator
  • Member
  • *****
  • Posts: 1416
  • Karma: +2/-1002
  • Trust me, I'm a doctor.
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: Pepparkaka (ddominator custom)
  • Jailbreak: redsn0w 0.94
Re: Making an img3 file for 3Gs
« Reply #5 on: March 26, 2011, 02:11:26 AM »
Uhm I think the problem with that is with the incomplete support for nand (someone correct me).  Without having proper access to the file system, I don't think "install" will work (if it did, you might get screwed) and the back-up will not work.

But someone should correct me on this because I am not up to date on whether ricky26 has fixed the nand driver.
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!  Sell your souls to Google!
Useful links:
FAQ - http://www.idroidproject.org/wiki/FAQ
User Manual - http://www.idroidproject.org/wiki/User_Manual
Recovery Mode - http://www.idroidproject.org/wiki/DFU

Offline Covariant

  • Member
  • Posts: 7
  • Karma: +0/-0
    • View Profile
  • iDevice: iPhone 3Gs (Old Bootroom), iPad 1G
  • iDroid Version: None
  • Jailbreak: PwnageTool 4.2.1
Re: Making an img3 file for 3Gs
« Reply #6 on: March 26, 2011, 04:57:20 AM »
Well I did see something of interest. Here is my console output:
Code: [Select]
oscar@oscar-laptop:~/openiBoot/utils/syringe$ ./loadibec iphone_3gs_openiboot.bin
Loadibec 2.00.
Connecting to iDevice...
Failed to connect to iBoot, error -3.
oscar@oscar-laptop:~/openiBoot/utils/syringe$ ./loadibec iphone_3gs_openiboot.bin
Loadibec 2.00.
Connecting to iDevice...
Failed to connect to iBoot, error -3.
oscar@oscar-laptop:~/openiBoot/utils/syringe$ ./loadibec --help
Loadibec 2.00.
Connecting to iDevice...
Failed to connect to iBoot, error -3.
oscar@oscar-laptop:~/openiBoot/utils/syringe$ ./loadibec iphone_3gs_openiboot.bin
Loadibec 2.00.
Connecting to iDevice...
linera1n compatible device detected, injecting limera1n.
Initializing libpois0n
opening device 05ac:1227...
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as iPhone2,1
Preparing to upload limera1n exploit
Resetting device counters
Sending chunk headers
Sending exploit payload
Sending fake data
Exploit sent
Reconnecting to device
Waiting 2 seconds for the device to pop up...
opening device 05ac:1227...
limera1ned, reconnecting...
Waiting 10 seconds for the device to pop up...
opening device 05ac:1227...
uploading ibss...
Checking if iBSS.n88ap already exists
Preparing to fetch DFU image from Apple's servers
Fetching Firmware/dfu/iBSS.n88ap.RELEASE.dfu...
[==================================================] 100.0%
Uploading iBSS.n88ap to device
[==================================================] 100.0%
Waiting 10 seconds for the device to pop up...
opening device 05ac:1281...
Setting to configuration 1
Setting to interface 0:0
Loaded payload for iBSS on n88ap
Resetting device counters
Uploading iBSS payload
[==================================================] 100.0%
iBSS loaded...
Waiting 10 seconds for the device to pop up...
opening device 05ac:1281...
Setting to configuration 1
Setting to interface 0:0
Starting transfer of 'iphone_3gs_openiboot.bin'.
[==================================================] 100.0%
Uploaded Successfully.
oscar@oscar-laptop:~/openiBoot/utils/syringe$ cd '/home/oscar/openiBoot/utils/oibc'
oscar@oscar-laptop:~/openiBoot/utils/oibc$ ./oibc
OiB client connected:
!<filename>[@<address>] to send a file, ~<filename>[@<address>]:<len> to receive a file
---------------------------------------------------------------------------------------------------------
miu: epoch mismatch
clock: PLL0, 0x40609601 = 600000000.
clock: PLL1, 0x40605103 = 162000000.
clock: PLL2, 0x40606403 = 200000000.
init: Initializing boot modules.
NOR vendor=1f, device=2
mtd: New device, 'SPI NOR Flash', registered.
Successfully loaded bank1 nvram
Successfully loaded bank2 nvram
syscfg: found version 0x00020001 with 10 entries using 224 of 8192 bytes
init: Initializing modules.
clcd: base=0x00020085
clcd: buffer 0x5200c9e0
pinot_init()
tasks: Last thread cannot sleep!
mipi: data lines 1 0x00000003.
mipi_dsim_init()
tasks: Last thread cannot sleep!
tasks: Last thread cannot sleep!
mipi: read 3 bytes.
pinot_init(): pinot_panel_id:      0xa1e50486
pinot_init(): pinot_default_color: 0x00ffffff
pinot_init(): pinot_backlight_cal: 0x00000000
task_sleep 2
tasks: Last thread cannot sleep!
task_sleep 2
tasks: Last thread cannot sleep!
s
Found Gamma table 0x00e50486 / 0x00ffffff
fmi: Found chip ID ec d7 d5 29 38 41 on fmi0:ce0.
fmi: Found chip ID ec d7 d5 29 38 41 on fmi0:ce1.
fmi: Found chip ID ec d7 d5 29 38 41 on fmi1:ce8.
fmi: Found chip ID ec d7 d5 29 38 41 on fmi1:ce9.
fmi: NAND board ID: (2, 1, 0x29d5d7ec, 0x0, 4, 0x0, 0x0, 0).
fmi: Initialized NAND memory! 4096 bytes per page, 128 pages per block, 8192 blocks per CE.
vfl: Opening 2ac7c.
vfl: Checking bank 0.
vfl: Checking bank 1.
vfl: Checking bank 2.
vfl: Checking bank 3.
tasks: Initialized ACM.
USB: State change: start -> start
USB: Hardware Configuration
    HWCFG1 = 0x00000264
    HWCFG2 = 0x228f60d0
    HWCFG3 = 0x082000e8
    HWCFG4 = 0x1bf08030
USB: FIFO Mode 2.
USB: 8 endpoints.
USB: State change: start -> powered
USB: EP Directions
0: BI
1: IN
2: OUT
3: IN
4: OUT
5: BI
radio: comm board detected.
radio: ready.
  ___                   _ ____              _   
 / _ \ _ __   ___ _ __ (_) __ )  ___   ___ | |_
| | | | '_ \ / _ \ '_ \| |  _ \ / _ \ / _ \| __|
| |_| | |_) |  __/ | | | | |_) | (_) | (_) | |_
 \___/| .__/ \___|_| |_|_|____/ \___/ \___/ \__|
      |_|                                       

version: openiboot 0.3 commit cd5c2b0 for iPhone 3GS
USB: reset detected
USB: State change: powered -> powered
USB: Flushing 16.
USB: EP Directions
EP0: bidir (0x00008000/0x80008000)
EP1: in (0x00000000/0x00000000)
EP2: out (0x00000000/0x00000000)
EP3: in (0x00000000/0x00000000)
EP4: out (0x00000000/0x00000000)
EP5: bidir (0x00000000/0x00000000)
USB: State change: powered -> enumerated
USB: reset detected
USB: State change: enumerated -> powered
USB: Flushing 16.
USB: EP Directions
EP0: bidir (0x00028000/0x80008000)
EP1: in (0x00000000/0x00000000)
EP2: out (0x00000000/0x00000000)
EP3: in (0x00000000/0x00000000)
EP4: out (0x00000000/0x00000000)
EP5: bidir (0x00000000/0x00000000)
USB: State change: powered -> enumerated
USB: State change: enumerated -> address
in ep nak eff 0 (0x00028000)
USB: State change: address -> configured
USB: Flushing 1.
USB: 1 claimed FIFO 1. (0x0100021b/0x00480080).
ACM: Ready.
in ep nak eff 0 (0x00028000)
out 2 tnk ep dis
install
Backing up your NOR to current directory as norbackup.dump
Fetching NOR backup.
out 2 tnk ep dis
ACM: Starting nor_read 0x09000000 0x0 1048576
ACM: Unknown command: nor_read
NOR backed up, starting installation
out 2 tnk ep dis
ACM: Starting File: 150994944 1048576
install
Backing up your NOR to current directory as norbackup.dump
Fetching NOR backup.

The lines of interest here are these:
Code: [Select]
ACM: Starting nor_read 0x09000000 0x0 1048576
ACM: Unknown command: nor_read

I suspect openiboot can't read the nor on my 3GS (not implemented yet?). I'm using openiboot 0.3. Also, I noticed my device froze and was no longer mirroring the output to the terminal client.

Offline muhlba91

  • Member
  • Posts: 1
  • Karma: +0/-0
    • View Profile
  • iDevice: i4, 3gs
  • iDroid Version: none
  • Jailbreak: ...
Re: Making an img3 file for 3Gs
« Reply #7 on: March 26, 2011, 07:07:23 PM »
yes, i get the same error!
btw... is there a compiled idroid because on my linux pc i only have 32bit and pepperkaka won't compile on an 32bit pc... :-(

Offline ddominator

  • Global Moderator
  • Member
  • *****
  • Posts: 1416
  • Karma: +2/-1002
  • Trust me, I'm a doctor.
    • View Profile
    • Unofficial iDroid News Blog
  • iDevice: iPhone 2G 3.1.3
  • iDroid Version: Pepparkaka (ddominator custom)
  • Jailbreak: redsn0w 0.94
Re: Making an img3 file for 3Gs
« Reply #8 on: March 26, 2011, 07:50:10 PM »
The files listed on http://cdn.idroidproject.org/release/idroid/ are all precompiled.

But if you meant for 3gs, no. OpeniBoot doesn't even work yet with 3GS so there is no iDroid for it.
Help Google takeover the world. Use Android on your mobile devices, use Chrome Browser, use Chrome OS!!!  Sell your souls to Google!
Useful links:
FAQ - http://www.idroidproject.org/wiki/FAQ
User Manual - http://www.idroidproject.org/wiki/User_Manual
Recovery Mode - http://www.idroidproject.org/wiki/DFU

Offline Covariant

  • Member
  • Posts: 7
  • Karma: +0/-0
    • View Profile
  • iDevice: iPhone 3Gs (Old Bootroom), iPad 1G
  • iDroid Version: None
  • Jailbreak: PwnageTool 4.2.1
Re: Making an img3 file for 3Gs
« Reply #9 on: March 27, 2011, 03:34:03 AM »
OK. It seems I better study the openiboot source code and start reverse engineering. This is going to take a while....*cough*Understatement*cough*