.../XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)

[michaeldvinci]

Alright so everything seems to be working pretty well up until this point. I have 2 main issues...

--first--

Where do I find a copy of OpenSSH as a .tar - do i get it from their main website, if so the mobile version? Or should I use wget and rename as .tar, then change to bootstrap.tar? If you could give me a quick rundown of the process, that'd be awesome

--secondly--

After restore and reboot, I press [Enter] but then I see this:

Mounting DDI...
Couldn't mount DDI. Not an issue if Xcode's running, an issue if it isn't.
Fetching symbols...
[+] Device connected: iPhone4,1, iOS 8.4.1.
[] Receiving /usr/lib/dyld...
[] Received 0.21 MB of 0.21 MB (100%).
[+] Done receiving /usr/lib/dyld.
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
[+] Device connected: iPhone4,1, iOS 8.4.1.
[] Receiving /System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7...
[] Received 408.49 MB of 408.49 MB (100%).
run.sh: line 58: 2974 Segmentation fault: 11 ./bin/fetchsymbols -f "$(./bin/fetchsymbols -l 2>&1 | (grep armv7 || abort ) | tr ':' '\n'|tr -d ' '|head -1)" tmp/cache
Compiling jailbreak files...
Extracting /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit at 0x296f000 into cache.IOKit
Extracting /System/Library/Frameworks/IOKit.framework/IOKit at 0x296f000 into cache.IOKit
Extracting /usr/lib/system/libsystem_kernel.dylib at 0x1050a000 into cache.libsystem_kernel.dylib
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
2015-11-05 11:40:28.859 main[3045:75293] cs_size = 4e0
Assertion failed: (lsrs_r0_2_popr4r5r7pc), function main, file main.m, line 538.
./make.sh: line 6: 3045 Abort trap: 6 ./main

Can I get a quick play-by-play of how to resolve something like this? I'm extremely interested in getting this working for a personal project and would love to properly execute the run.sh

[kpwn]

You need to download a cydia bootstrap tar, an openssl deb, openssh deb.
Sudo su, create some temp directory, extract all of these in said directory, do find . | grep patcyh | while read a; do > "$a"; done, now rm sbin/reboot, nano sbin/reboot, enter

#!/bin/sh
<path to launchctl in cyida bootstrap> load /Library/LaunchDeamons/<name of the openssl launchdeamon plist>
exit 0

create a tar.gz of everything, put it in data/bootstrap.tar.gz

[michaeldvinci]

I'm obviously doing all this on my mac and replacing in data/bootstrap.tar.gz before I run run.sh, correct?

[kpwn]

Yes.

[michaeldvinci]

Awesome, alright thank you so much for the help - will test and get back !

[kpwn]

Also, for the lsrs_r0_2_popr4r5r7pc issue: yalu only supports arm64 devices at the moment. Due to odysseusota's 8.4.1 support there's been people working on an armv7 port for it.

[kpwn]

idea is to run the jailbreak app until it doesn't kernel panic, when it doesn't the kernel untether will have worked and the tar will be extracted. sbin/reboot is used to start ssh because you can trigger an execve on it w/ uid=0 with idevicediagnostics restart on your mac

[michaeldvinci]

ugh so my iPhone 4S isn't a viable tester? darn

[michaeldvinci]

also, am I allowed to ask where the best location to find the bootstrap tar is?

[kpwn]

I suggest qwupz.me/Cydia-8.4r3-Raw.txz - remember to remove patcyh files. if you don't you'll brick your phone.

[spotlightishere]

That URL gives a 403 forbidden error.

[michaeldvinci]

Lol I don't have permission for that one!

[kpwn]

Sorry. Had a chmod issue w/ scp. Try again.

[kpwn]

Also remember that the cydia bootstrap will install cydia. I don't suggest running it.

[michaeldvinci]

Awesome thank you a ton!

I need to run to work, but I'll definitely jump back to testing this when I get home and get back to you!

[kpwn]

After you have SSH you need to install the untether via ssh. I have some free time now, so I can help you do that myself if you need.

[michaeldvinci]

I'll go as far as I can after work until I feel like I'm out of my league, the help youve given me already is outstanding and extremely appreciated.

[qfdk]

Thanks for your Cydia-8.4r3-Raw.txz,
I have packaged a zip Bootstrap.tgz with OpenSSL&OpenSSH and sbin/reboot 2 weeks ago :X
When i tried to run jailbreak, my phone will restart, after that i have used idevicediagnostics restart to reboot my 5S, but it seems that the SSH doesn't work :X, so i must use the Cydia with My Bootstrap.tgz or just the app doesn't work ?
i think we must delete

./private/var/lib/dpkg/info/com.saurik.patcyh.extrainst_
./private/var/lib/dpkg/info/com.saurik.patcyh.list
./private/var/lib/dpkg/info/com.saurik.patcyh.postrm

./usr/lib/libpatcyh.dylib must be deleted too ?

[michaeldvinci]

Yeah you should definitely delete patcyh -- use this when compiling\

find . | grep patcyh | while read a; do > "$a"; done

look up at this post

[qfdk]

I have used this command "delete and create a file with the same name or create file null"
find . | grep patcyh | while read a; do rm $a; touch $a; done

But for this ./usr/lib/libpatcyh.dylib? Is it should be DELETE ?

[michaeldvinci]

yeah that command where it says

do rm $a

will remove anything that is like %patcyh%

I don't know specifically about that dylib, sorry man

[michaeldvinci]

hey qfdk, can you link me to the openssh.deb and openssl.deb you are using, I want these tests to be in unison

[michaeldvinci]

#!/bin/sh
"path to launchctl in cyida bootstrap" load /Library/LaunchDeamons/"name of the openssl launchdeamon plist"
exit 0

alright, so I have the temp folder with everything in it...I'm trying to locate these two files though... any ideas? SCREENSHOT

[qfdk]

OK, Download

i have packaged it with script reboot placed in sbin, but it NOT include Cydia, your must put the Cydia in this package, i will work on it tonight
it will response your question :)

[kpwn]

The openssh / openssl debs don't include /bin/sh etc.
The cydia bootstrap does. So extract cydia bootstrap and remove /Applications/Cydia.app just to be on the safe side.

[michaeldvinci]

how come yours doesn't have the openssh or openssl debs included?

[kpwn]

Because he extracted them. His one is correct AFAICT

[michaeldvinci]

awesome, ok I'll play with that then ! Thanks!

EDIT: OK! that makes a ton of sense.

So once the untether is installed without patcyh, can you install a version of cydia for testing or is that still going to cause a crash??

[kpwn]

permissions seem wrong on that tar. not sure if it's going to be an issue but eh

[qfdk]

http://apt.saurik.com/debs/
you can find *.deb

I have modified the file run.sh and i fixed the problem of file not find and the code can be compile.
I run the app, but it has a crash, i tied serval time for this....

I fetchsymbols with armv7, i can run the app and i got the log like this

yalubreak iso841 - Kim Jong Cracks Research
Credits:
qwertyoruiop - sb escape & codesign bypass & initial kernel exploit
panguteam: kernel vulns
windknown: kernel exploit & knows it's stuff
_Morpheus_: this guy knows stuff
jk9356: kim jong cracks anthem
JonSeals: crack rocks supply (w/ Frank & haifisch)
ih8sn0w: <3
posixninja: <3
xerub <3
its_not_herpes because thanks god it wasnt herpes
eric fuck off
Kim Jong Un for being Dear Leader.
RIP TTWJ / PYTECH / DISSIDENT
SHOUT OUT @ ALL THE OLD GANGSTAS STILL IN THE JB SCENE
HEROIN IS THE MEANING OF LIFE

BRITTA ROLL UP [no its not pythech!] 
[i] iomasterport: 0x0000070b / gasgauge user client: 0x0000050b
jk++
ret: 28dea000
ret: 00000000
ret: 0000000d
yalubreak iso841 - Kim Jong Cracks Research
Credits:
qwertyoruiop - sb escape & codesign bypass & initial kernel exploit
panguteam: kernel vulns
windknown: kernel exploit & knows it's stuff
_Morpheus_: this guy knows stuff
jk9356: kim jong cracks anthem
JonSeals: crack rocks supply (w/ Frank & haifisch)
ih8sn0w: <3
posixninja: <3
xerub <3
its_not_herpes because thanks god it wasnt herpes
eric fuck off
Kim Jong Un for being Dear Leader.
RIP TTWJ / PYTECH / DISSIDENT
SHOUT OUT @ ALL THE OLD GANGSTAS STILL IN THE JB SCENE
HEROIN IS THE MEANING OF LIFE

BRITTA ROLL UP [no its not pythech!] 
[i] iomasterport: 0x0000070b / gasgauge user client: 0x0000050b
jk++
ret: 22a68000
ret: 00000000
found overlapping object
ret: 00000048
yalubreak iso841 - Kim Jong Cracks Research
Credits:
qwertyoruiop - sb escape & codesign bypass & initial kernel exploit
panguteam: kernel vulns
windknown: kernel exploit & knows it's stuff
_Morpheus_: this guy knows stuff
jk9356: kim jong cracks anthem
JonSeals: crack rocks supply (w/ Frank & haifisch)
ih8sn0w: <3
posixninja: <3
xerub <3
its_not_herpes because thanks god it wasnt herpes
eric fuck off
Kim Jong Un for being Dear Leader.
RIP TTWJ / PYTECH / DISSIDENT
SHOUT OUT @ ALL THE OLD GANGSTAS STILL IN THE JB SCENE
HEROIN IS THE MEANING OF LIFE

BRITTA ROLL UP [no its not pythech!] 
[i] iomasterport: 0x0000070b / gasgauge user client: 0x0000050b
jk++
ret: 22a68000
ret: 00000000
ret: 0000000d

I got the same things with #30 exploit failed .
Can you give me some tips or just try to run... until i can see 5-6 RET?
Thx

[michaeldvinci]

It seems as though nothing is working anymore... do I need to restore to 8.4.1 again and start fresh? It seems to not be able to find anything now... regardless of download path

Mounting DDI...
ERROR: stat: ./data/DeveloperDiskImage.dmg: No such file or directory
Couldn't mount DDI. Not an issue if Xcode's running, an issue if it isn't.
Fetching symbols...
Error. Exiting...
[+] Device connected: iPhone4,1, iOS 8.4.1.
[-] Can not connect to com.apple.dt.fetchsymbols service.
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
Error. Exiting...
[+] Device connected: iPhone4,1, iOS 8.4.1.
[-] Can not connect to com.apple.dt.fetchsymbols service.
Compiling jailbreak files...
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: unknown architecture specification flag: in specifying thin operation: -thin
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: known architecture flags are: any little big ppc64 x86_64 x86_64h arm64 ppc970-64 ppc i386 m68k hppa sparc m88k i860 veo arm ppc601 ppc603 ppc603e ppc603ev ppc604 ppc604e ppc750 ppc7400 ppc7450 ppc970 i486 i486SX pentium i586 pentpro i686 pentIIm3 pentIIm5 pentium4 m68030 m68040 hppa7100LC veo1 veo2 veo3 veo4 armv4t armv5 xscale armv6 armv6m armv7 armv7f armv7s armv7k armv7m armv7em arm64v8
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: Usage: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo [input_file] ... [-arch <arch_type> input_file] ... [-info] [-detailed_info] [-output output_file] [-create] [-arch_blank <arch_type>] [-thin <arch_type>] [-remove <arch_type>] ... [-extract <arch_type>] ... [-extract_family <arch_type>] ... [-verify_arch <arch_type> ...] [-replace <arch_type> <file_name>] ...
mv: rename dyld to dyld.fat: No such file or directory
/Users/USER/yalu/run.sh: line 128: /Users/USER/yalu./bin/jtool: No such file or directory
/Users/USER/yalu/run.sh: line 129: /Users/USER/yalu./bin/jtool: No such file or directory
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
/Users/USER/yalu/run.sh: line 136: cd: /Users/USER/yalu./data/dyldmagic: No such file or directory
/Users/USER/yalu/run.sh: line 137: ./make.sh: No such file or directory
Copying files to device...
/Users/USER/yalu/run.sh: line 141: ./bin/afcclient: No such file or directory
/Users/USER/yalu/run.sh: line 142: ./bin/afcclient: No such file or directory
/Users/USER/yalu/run.sh: line 143: ./tmp/bootstrap.tar: No such file or directory
/Users/USER/yalu/run.sh: line 144: ./bin/afcclient: No such file or directory
/Users/USER/yalu/run.sh: line 145: ./bin/afcclient: No such file or directory
.Tap on the jailbreak icon to crash the kernel (or 0wn it if you're in luck!)
da225-02-13569:~ USER$

[qfdk]

ERROR: stat: ./data/DeveloperDiskImage.dmg

you must verify if the $ddi exists ...

[schnabelnator]

I stil can't get further than @michaeldvinci in the OP.
I am trying it on an iPhone 5 with @qfdk bootstrap but the lipo error is still unresolved unfortunately...

Mounting DDI...
Couldn't mount DDI. Not an issue if Xcode's running, an issue if it isn't.
Fetching symbols...
[+] Device connected: iPhone5,2, iOS 8.4.1.
[*] Receiving /usr/lib/dyld...
[*] Received 0.21 MB of 0.21 MB (100%).
[+] Done receiving /usr/lib/dyld.
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
[+] Device connected: iPhone5,2, iOS 8.4.1.
[*] Receiving /System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7s...
[*] Received 411.69 MB of 411.69 MB (100%).
[+] Done receiving /System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7s.
Compiling jailbreak files...
Extracting /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit at 0x2990000 into cache.IOKit
Extracting /System/Library/Frameworks/IOKit.framework/IOKit at 0x2990000 into cache.IOKit
Extracting /usr/lib/system/libsystem_kernel.dylib at 0x1072b000 into cache.libsystem_kernel.dylib
fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: dyld.fat (No such file or directory)
2015-11-11 01:13:24.357 main[11365:1532615] cs_size = 4e0
Generated exploit dylib
Copying files to device...
Uploaded 3454176 bytes to PhotoData/KimJongCracks/Library/PrivateFrameworks/GPUToolsCore.framework/GPUToolsCore
Uploaded 92912 bytes to drugs
Uploaded 0 bytes to PhotoData/KimJongCracks/bootstrap.tar
Uploaded 324288 bytes to PhotoData/KimJongCracks/tar
Tap on the jailbreak icon to crash the kernel (or 0wn it if you're in luck!)
Loviss-MacBook-Air:yalu Lovis$ 

[Andir00t]

Hello everybody !
To get rid of the error:
fatal error: /Applications/Xcode.app/Contents ...
Correct lines in the script run.sh (section # Mount ddi)

from
lipo -info dyld.fat | grep arm64 >/dev/null && ./bin/fetchsymbols -f "$(./bin/fetchsymbols -l 2>&1 | (grep arm64 || abort ) | tr ':' '\n'|tr -d ' '|head -1)" tmp/cache64
to
lipo -info ./tmp/dyld.fat | grep arm64 >/dev/null && ./bin/fetchsymbols -f "$(./bin/fetchsymbols -l 2>&1 | (grep arm64 || abort ) | tr ':' '\n'|tr -d ' '|head -1)" tmp/cache64
and
lipo -info dyld.fat | grep arm64 >/dev/null && (
to
lipo -info dyld | grep arm64 >/dev/null && (

If an error occurs: zcat: can not stat: ./data/bootstrap.tgz,
correct line
zcat ./data/bootstrap.tgz> ./tmp/bootstrap.tar
to
gunzip -c ./data/bootstrap.tgz> ./.tmp/bootstrap.tar

In the end result

Mounting DDI...
Couldn't mount DDI. Not an issue if Xcode's running, an issue if it isn't.
Fetching symbols...
[+] Device connected: iPhone5,2, iOS 8.4.1.
[] Receiving /usr/lib/dyld...
[] Received 0.21 MB of 0.21 MB (100%).
[+] Done receiving /usr/lib/dyld.
[+] Device connected: iPhone5,2, iOS 8.4.1.
[] Receiving /System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7s...
[] Received 411.69 MB of 411.69 MB (100%).
[+] Done receiving /System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7s.
Compiling jailbreak files...
Extracting /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit at 0x2990000 into cache.IOKit
Extracting /System/Library/Frameworks/IOKit.framework/IOKit at 0x2990000 into cache.IOKit
Extracting /usr/lib/system/libsystem_kernel.dylib at 0x1072b000 into cache.libsystem_kernel.dylib
2015-11-10 10:08:20.867 main[1972:27978] cs_size = 4e0
Generated exploit dylib
Copying files to device...
Uploaded 3454176 bytes to PhotoData/KimJongCracks/Library/PrivateFrameworks/GPUToolsCore.framework/GPUToolsCore
Uploaded 92912 bytes to drugs
Uploaded 8151040 bytes to PhotoData/KimJongCracks/bootstrap.tar
Uploaded 324288 bytes to PhotoData/KimJongCracks/tar
Tap on the jailbreak icon to crash the kernel (or 0wn it if you're in luck!)
Mac-Admin:yalu-master admin$ ./idevicediagnostics restart

with @qfdk bootstrap.tgz ssh does not start.
Maybe someone has a work bootstrap ?

[qfdk]

@Andir00t @schnabelnator My bootstrap.tgz is only OpenSSH&OpenSSL but it does't have a Cydia, You must ADD the Cydia in the same package. Have you got any log? Look at the log.
For bootstrap.tgz, you must make it yourself. For me i think just the exp doesn't work.
For * (No such file or directory)* I have fixed this problem #34

[Andir00t]

@qfdk please tell me how to view the log?
Do you have a bootstrap, with cydia ?

[qfdk]

I suggest qwupz.me/Cydia-8.4r3-Raw.txz - remember to remove patcyh files. if you don't you'll brick your phone.

@Andir00t
So you can find the Cydia, to make the bootstrap.tgz please read our conversation. #30
To view the log, you can find via Linux or use some tools like itools.
The log name is kjc_jb.log
Merci d'avancer

[Andir00t]

@qfdk How do I get to kjc jb.log (/ var / mobile / Media / kjc jb.log) if I can not access the device via ssh ?

Maybe I do not understand

[qfdk]

To view the log, you can find via Linux or use some tools like itools.

If the jailbreak code execute, il will create this file.
or you can wait for @kpwn to get some official response.

[schnabelnator]

@qfdk I thought one should NOT add cydia to the bootstrap but install it later via ssh. or should i just leave the cydia.app out of the bootstrap but let it copy the other files?

[schnabelnator]

So now I am getting no errors on the mac side (http://pastebin.com/HMNYUPdt) but I can't get my phone to crash! Everytime I try it with the app the screen goes black for a few seconds (statusbar still visible) and then it crashes to the homescreen. One time it crashed the phone (restarted) but it didn't install anything and the log didnt even show the crash... here is the log from the last few times i have been trying: http://pastebin.com/15VRwb5n
I am using @qfdk bootstrap but put Cydia-8.4r3-Raw.txz in there (deleted patchy files and cydia.app) what am I doing wrong?

[kpwn]

It is not supposed to restart the phone fwiw.
I suggest watching the output of idevicesyslog while running the app.

2015-11-11 15:28 GMT+01:00 schnabelnator notifications@github.com:

So now I am getting no errors on the mac side (
http://pastebin.com/HMNYUPdt) but I can't get my phone to crash!
Everytime I try it with the app the screen goes black for a few seconds
(statusbar still visible) and then it crashes to the homescreen. One time
it crashed the phone (restarted) but it didn't install anything and the log
didnt even show the crash... here is the log from the last few times i have
been trying: http://pastebin.com/15VRwb5n
I am using @qfdk https://github.com/qfdk bootstrap but put
Cydia-8.4r3-Raw.txz in there (deleted patchy files and cydia.app) what am I
doing wrong?

—
Reply to this email directly or view it on GitHub
#32 (comment).

[Andir00t]

1. put the folders of Cydia-8.4r3-Raw + openssh + openssl in bootstrap.tgz
2. run.sh (script run without errors)
3. tap jailbreak app (screen goes black for a few seconds)
4. idevicediagnostics restart

As a result, kjc_jb.log:

yalubreak iso841 - Kim Jong Cracks Research
Credits:
qwertyoruiop - sb escape & codesign bypass & initial kernel exploit
panguteam: kernel vulns
windknown: kernel exploit & knows it's stuff
Morpheus: this guy knows stuff
jk9356: kim jong cracks anthem
JonSeals: crack rocks supply (w/ Frank & haifisch)
ih8sn0w: <3
posixninja: <3
xerub <3
its_not_herpes because thanks god it wasnt herpes
eric fuck off
Kim Jong Un for being Dear Leader.
RIP TTWJ / PYTECH / DISSIDENT
SHOUT OUT @ ALL THE OLD GANGSTAS STILL IN THE JB SCENE
HEROIN IS THE MEANING OF LIFE

BRITTA ROLL UP [no its not pythech!]
[i] iomasterport: 0x0000070b / gasgauge user client: 0x0000050b
jk++
ret: 203e3000
ret: 00000000
found overlapping object
ret: 00000048

connect via ssh does not work = (
why ?!

[kpwn]

found overlapping object
ret: 00000048
It should find two overlapping objects.
ret: 00000048 means it failed finding the second. which means failure.
reboot, retry.
I suggest doing a fetchcaches before re-running the jailbreak icon.

2015-11-11 15:35 GMT+01:00 Andiroot notifications@github.com:

1. put the folders of Cydia-8.4r3-Raw + openssh + openssl in
   bootstrap.tgz
2. run.sh (script run without errors)
3. tap jailbreak app (screen goes black for a few seconds)
4. idevicediagnostics restart

As a result, kjc_jb.log:

yalubreak iso841 - Kim Jong Cracks Research
Credits:
qwertyoruiop - sb escape & codesign bypass & initial kernel exploit
panguteam: kernel vulns
windknown: kernel exploit & knows it's stuff
Morpheus: this guy knows stuff
jk9356: kim jong cracks anthem
JonSeals: crack rocks supply (w/ Frank & haifisch)
ih8sn0w: <3
posixninja: <3
xerub <3
its_not_herpes because thanks god it wasnt herpes
eric fuck off
Kim Jong Un for being Dear Leader.
RIP TTWJ / PYTECH / DISSIDENT
SHOUT OUT @ ALL THE OLD GANGSTAS STILL IN THE JB SCENE
HEROIN IS THE MEANING OF LIFE

BRITTA ROLL UP [no its not pythech!]
[i] iomasterport: 0x0000070b / gasgauge user client: 0x0000050b
jk++
ret: 203e3000
ret: 00000000
found overlapping object
ret: 00000048

connect via ssh does not work = (
why ?!

—
Reply to this email directly or view it on GitHub
#32 (comment).

[schnabelnator]

where can i find the idevicesyslog i only see kjc_jb.log or do you mean that? How would I do a fetchcaches? sorry for the noob questions and thank you very much for your support @ALL !

[qfdk]

I suggest doing a fetchcaches before re-running the jailbreak icon.

Look at #34 i have added fetchsymbols_armv7.sh ...

I try to use idevicesyslog but i got this...

I dont think it works :x

and if it crash

problem of signature ?

[schnabelnator]

ok so if i got it right it should work like this:
run.sh
then tap jailbreak and look for two overlapping objects in kjc_jb.log, if there are not two, --> idevicediagnostics restart, run fetchsymbols and tap jailbreak repeat...
Problem is i have restarted my phone like 20 times and it never finds these two objects...
Am I doing something wrong?

[kpwn]

I'm not sure if I included a printf for the second object being found.
Look for anything that isn't "ret: 00000048".

"ret: ffffff80" and some other hex numbers should work.

2015-11-11 21:29 GMT+01:00 schnabelnator notifications@github.com:

ok so if i got it right it should work like this:
run.sh
then tap jailbreak and look for two overlapping objects in kjc_jb.log, if
there are not two idevicediagnostics restart, run fetchsymbols and tap
jailbreak repeat...
Problem is i have restarted my phone like 20 times and it never finds
these two objects...
Am I doing something wrong?

—
Reply to this email directly or view it on GitHub
#32 (comment).

[kpwn]

Hmm.
That "invalid signature" looks like you did not get the DDI mounted.
Mounting the DDI is needed after each reboot.

2015-11-11 17:17 GMT+01:00 Lee notifications@github.com:

I suggest doing a fetchcaches before re-running the jailbreak icon.

Look at #34 #34 i have added
fetchsymbols_armv7.sh ...

—
Reply to this email directly or view it on GitHub
#32 (comment).

[qfdk]

its so strange :X in my script i have put the mount_ddi first ... strange after reboot my Mac, there is no problem.
i got this 2 times

ret: 22bfc000
ret: 00000000
ret: 0000000d

and 20 times

ret: 21890000
ret: 00000000
found overlapping object
ret: 00000048

It comes randomly .

[schnabelnator]

I really cant get it to crash, always getting "ret: 00000048" or no overlay at all. her is my log from some tries http://pastebin.com/uw4Xe0ge unfortunately i have no idea how to read it.

[qfdk]

try idevicesyslog | grep something your want to get
i can get 50 blue screen, 2 ret: 0000000d, 20 ret: 00000048 ....
the probability is so small

[schnabelnator]

but what would i want to get to recognize that it suceeded?
or is looking in the kjc_jb.log enough to be sure it failed?
It just takes so long to always reboot fetch and tap jailbreak... a script would be nice haha but i guess one can not remotly start an app or would it be possible?

[kpwn]

Hmm. Mind sharing panic logs? Could be a kernel exploit gadget located
differently for your device. I can fix the bug if that's it.

2015-11-11 23:45 GMT+01:00 schnabelnator notifications@github.com:

but what would i want to get to recognize that it suceeded?
or is looking in the kjc_jb.log enough to be sure it failed?
It just takes so long to always reboot fetch and tap jailbreak... a script
would be nice haha but i guess one can not remotly start an app or would it
be possible?

—
Reply to this email directly or view it on GitHub
#32 (comment).

[Andir00t]

@kpwn you tried your jb code with iPhone 5 or 5s ?l

[Andir00t]

When I run the application Jailbreak I see it in device log:
##############
Nov 12 09:14:43 ipon SpringBoard[43] : Forcing crash report of <FBApplicationProcess: 0x166ac050; MobileReplayer; pid: 1100> (reason: 1, description: developer.apple.wwdc-Release failed to launch in time)
Nov 12 09:14:43 ipon ReportCrash[1102] : task_set_exception_ports(B07, 400, D03, 0, 0) failed with error (4: (os/kern) invalid argument)
Nov 12 09:14:43 ipon ReportCrash[1102] : [CrashReport _extractBinaryImageInfoUsingSymbolicator] caught exception: *** setObjectForKey: object cannot be nil (key: ExecutablePath) (0x2b258f8f 0x39909c8b 0x2b1747d3 0x4ff3b 0x311bb2a9 0x4fc57 0x4edff 0x58143 0x4e273 0x4e46d 0x39f7eb85 0x57c1d 0x3a000e17 0x3a000d8b 0x39ffeb14)
Nov 12 09:14:43 ipon com.apple.xpc.launchd1 : Service exited due to signal: Killed: 9
Nov 12 09:14:43 ipon SpringBoard[43] : Application 'UIKitApplication:developer.apple.wwdc-Release[0xe2d3]' exited abnormally via signal.
Nov 12 09:14:44 ipon SpringBoard[43] : Unable to deliver -[UIRemoteApplication showTopMostMiniAlertWithSynchronizationPort:] message to port 0: (ipc/send) invalid destination port

• crash report
  {"app_name":"MobileReplayer","share_with_app_devs":false,"name":"MobileReplayer","app_version":"","is_first_party":true,"os_version":"iPhone OS 8.4.1 (12H321)","bug_type":"109","slice_uuid":"c66ed122-a328-3d90-af1b-e992f65653b0","build_version":""}
  Incident Identifier: C94536C2-86C3-494A-8FAB-B51D7753EFB0
  CrashReporter Key: 894cffcceed93dfb329c666eb6de362f99d81ada
  Hardware Model: iPhone5,2
  Process: MobileReplayer [1100]
  Path: MobileReplayer
  Identifier: MobileReplayer
  Version: ???
  Code Type: ARM (Native)
  Parent Process: launchd [1]

Date/Time: 2015-11-12 09:14:43.861 +0300
Launch Time: 2015-11-12 09:14:23.726 +0300
OS Version: iOS 8.4.1 (12H321)
Report Version: 105

Exception Type: 00000020
Exception Codes: 0x000000008badf00d
Highlighted Thread: 0

Application Specific Information:
developer.apple.wwdc-Release failed to launch in time

Elapsed total CPU time (seconds): 5.840 (user 5.840, system 0.000), 15% CPU
Elapsed application CPU time (seconds): 0.026, 0% CPU

Error Formulating Crash Report:
*** setObjectForKey: object cannot be nil (key: ExecutablePath)
0x2b258f8f
0x39909c8b
0x2b1747d3
0x0004ff3b
0x311bb2a9
0x0004fc57
0x0004edff
0x00058143
0x0004e273
0x0004e46d
0x39f7eb85
0x00057c1d
0x3a000e17
0x3a000d8b
0x39ffeb14

Thread 0:
0 ??? 0x5001d60c 0 + 1342297612
1 ??? 0xfffffffc 0 + -4

No thread state (register information) available
Binary Images:
0x1fe6b000 - 0x1fe8efff dyld armv7s <6cf411b599e93791b3f40ced325786dd> /usr/lib/dyld

*** setObjectForKey: object cannot be nil (key: ExecutablePath) (0x2b258f8f 0x39909c8b 0x2b1747d3 0x4ff3b 0x311bb2a9 0x4fc57 0x4edff 0x58143 0x4e273 0x4e46d 0x39f7eb85 0x57c1d 0x3a000e17 0x3a000d8b 0x39ffeb14)

which means this exception?

[schnabelnator]

here is my complete devicesyslog http://pastebin.com/xjwa2pbe
the kjc_jb.log http://pastebin.com/MYtFLe2G
and the mobilereplayer crashlog http://pastebin.com/cWmf0G1N

hope that helps!

[russspooner]

@kpwn Is there any way you could make the Cydia bootstrap tar available again, Im struggling to find a copy of it so I can make the SSH bootstrap? Or could someone post a link to a working one?

[salmon111]

@kpwn @qfdk Can I still get the Cydia-8.4r3-Raw？

[leo98gomez]

@Andir00t @schnabelnator @kpwn could I get step by step instructions, and maybe links to the files I have to download , and changes that have to be done to,the code before running Yalu. Thank you