axi0mx / ipwndfu Goto Github PK

it took me a long time to figure out how to run this coding but finally figured out I was missing homebrew but now I have it and have had a few more battles with it and have managed to get past most but I am currently stuck here please tell me what I am doing wrong and how to make this work p.s. I have an iMac 4,1 intel core duo 1.83 ghz 2gb ram running os x 10.6.8 (below is what I got last time I tried to install with terminal)

MorpheinDs-iMac:~ MorpheinD$ brew install ipwndfu
Updating Homebrew...
==> Using the sandbox
==> Downloading https://github.com/axi0mX/ipwndfu
######################################################################## 100.0%
Warning: Cannot verify integrity of ipwndfu-null
A checksum was not provided for this resource
For your reference the SHA256 is: bb2b69bad8e48549bd8a6eba8cf121c5689ccd95532945286384a065999548be
==> ./configure --disable-silent-rules --prefix=/usr/local/Cellar/ipwndfu/null
Last 15 lines from /Users/MorpheinD/Library/Logs/Homebrew/ipwndfu/01.configure:
2017-04-16 20:16:20 -0600

./configure
--disable-debug
--disable-dependency-tracking
--disable-silent-rules
--prefix=/usr/local/Cellar/ipwndfu/null

Do not report this issue to Homebrew/brew or Homebrew/core!

Error: You are using macOS 10.6.
We (and Apple) do not provide support for this old version.
You may encounter build failures or other breakages.
Please create pull-requests instead of filing issues.

Error: Your Xcode (3.2) is outdated.
Please update to Xcode 3.2.6 (or delete it).
Xcode can be updated from
https://developer.apple.com/download/more/

Error: You are using macOS 10.6.
We (and Apple) do not provide support for this old version.
You may encounter build failures or other breakages.
Please create pull-requests instead of filing issues.

I don’t have a test device, anyone who has tried it, how long does it take to run the exploit then finish running the script? trying to make an estimate on how much power a SOC (raspberry pi zero with power saving techniques) that runs the exploit when it is turned on would take.

iPhone 3GS New BR.

Any PwnageTool IPSW or Sn0wBreeze IPSW I try to restore to gives me error 1600/1601. The only Custom IPSWs that work are RedSn0w ones. I am using Sn0wBreeze for the capability to restore to a pre-jailbroken IPSW and use bootlogos.

I use ipwndfu -p to pwn dfu, then install the exploit using ipwndfu -x and re-pwn dfu. After that, I try to restore to an iOS 6.1.3 Sn0wBreeze IPSW, but I get error 1600/1601 every time. I am using iTunes version 11.0.5.5. The only custom IPSWs that work are the RedSn0w ones, but they are not pre-jailbroken so I'd have to jailbreak tethered using redsn0w and use p0sixspwn to untether it. I find Sn0wBreeze to be better because the IPSWs are pre-jailbroken and have capability to use BootLogos.

What causes RedSn0w to work but PwnageTool and Sn0wbreeze not? Is there a fix? Thanks!

I've pwned my iPhone 4 GSM & CDMA and no custom ipsw's from Pwnagetool or Sn0wbreeze work. I've even tried using the pwn feature from your program and restore from osx, linux, windows and none of them worked. And the only phone I've ever been able to downgrade is my 3G and 3GS. iTunes versions don't make a difference towards this issue. What do I need to do?

When running ./ipwndfu -x I just get this:
Installing alloc8 exploit to NOR.
Dumping NOR, part 1/8.
Dumping NOR, part 2/8.
Dumping NOR, part 3/8.
Dumping NOR, part 4/8.
Dumping NOR, part 5/8.
Dumping NOR, part 6/8.
Dumping NOR, part 7/8.
Dumping NOR, part 8/8.
NOR backed up to file: nor-backups/nor-000000B2360563CE-20190927-175103.dump
Preparing modified NOR with alloc8 exploit.
Sending iBSS.
Waiting for iBSS to enter Recovery Mode.
Sending iBSS payload to flash NOR.
Traceback (most recent call last):
File "./ipwndfu", line 110, in
device.flash_nor(new_nor.dump())
File "/Users/axelwinkvist/Downloads/ipwndfu-master/dfuexec.py", line 274, in flash_nor
assert len(payload) <= MAX_SHELLCODE_LENGTH
AssertionError

I am using alloc8 on Linux Ubuntu and when i type in the command to obtain the IBSS, the output file which is "n88ap-iBSS-4.3.5.img3" says it is 0 bytes and when i try to run "sudo ./ipwndfu -x" the exploit fails saying that the filw is in the right place however is 0 bytes. I have tried running the command as root and have all dependencies installed succesfully. Furthermore I looked at other peoples solutions to this problem and none have worked. I suppose a download link to this file would probably be a solution but none are available. Plz Help.

iMac-di-alby:ipwndfu alby$ ./ipwndfu -x
Traceback (most recent call last):
File "./ipwndfu", line 5, in
import binascii, datetime, getopt, hashlib, struct, subprocess, sys, time, usb
ImportError: No module named usb

Already installed python and pyusb

Output message:

`sudo ./ipwndfu -x

Installing alloc8 exploit to NOR.
Dumping NOR, part 1/8.
Dumping NOR, part 2/8.
Dumping NOR, part 3/8.
Dumping NOR, part 4/8.
Dumping NOR, part 5/8.
Dumping NOR, part 6/8.
libusb 0.000000 info [event_thread_main] thread exiting
Dumping NOR, part 7/8.
Dumping NOR, part 8/8.
NOR backed up to file: nor-backups/not-0000005786136D0E-20170621-200016.dump
libusb 22.550642 info [event_thread_main] thread exiting
Sending iBSS.`

I already installed the custom firmware (3.1.3) made with PwnageTool and that was successful. But, I'm still stuck in DFU.

I tried using iDeviceRestore and iTunes
If it helps: I was trying to use alloc8 to "upgrade" from 3.1 (also downgraded alloc8) to 5.0.1 (backup restore), and I used sn0wbreeze. It seems to have flashed NAND, and now my phone is stuck in DFU. I tried again selecting new bootrom, but it wouldn't restore. I tried using redsn0w's "Downgrade from iPad baseband" and it failed/did nothing. Any and all help is appreciated.

iDeviceRestore Log: https://pastebin.com/my5QsdrJ

When I try to restore, I get error 28:(

hey i am trying to exploit my 3gs but i'm getting the following error:
Sending iBSS.
Waiting for iBSS to enter Recovery Mode.
Sending iBSS payload to flash NOR.
Traceback (most recent call last):
File "./ipwndfu", line 523, in
device.flash_nor(new_nor)
File "./ipwndfu", line 418, in flash_nor
recovery.send_data(device, payload)
File "/home/user/Downloads/ipwndfu-master/recovery.py", line 32, in send_data
assert device.write(0x04, data[index:index + amount], 1) == amount
AssertionError

When I try to enter pwn dfu, it says:
ERROR: Exploit failed. Device did not enter pwned DFU Mode.
But when I enter pwn dfu with redsn0w, it works.
Using the pwn dfu from redsn0w, I ran --flash-nor, and I get this error:
ValueError: The device has no langid
How do I fix both of these errors?
(i ran both commands with and without sudo)

Sorry for my bad english
I try to use this command "./ipwndfu -p" in ubuntu (My 3GS is in DFU)
but it show me ValueError : The Device Has no langid
How to fix it? Thanks

So, i don't personally own a mac, so dual booting my system with windows 10 and ubuntu to run the ipwndfu software was my only option. I started with putting my device in normal dfu mode and then ran the command "sudo ./ipwn -p, successfully went into pwned dfu mode. Then, I went into windows 10 and tried to restore to IOS 5.1.1 and after extracting software I got the error 3194. Tried itunes version 11.0.0.163, 11.0.5.5, and latest version, all x64 based.. Help is greatly appreciated, thanks!

iPhone 3Gs,
Serial: 79 0 17...
Model: MC131ZA/A
Modem Firmware :05.16.08
iOS 6.1.6 Jailbroken with p0isxpwn

Linux is not my main OS, there is any tutorial for installing ipwndfu?

When trying to install the 24kpwn/alloc8 exploit, I get this error...
Installing alloc8 exploit to NOR.
Dumping NOR, part 1/8.
Dumping NOR, part 2/8.
Dumping NOR, part 3/8.
Dumping NOR, part 4/8.
Dumping NOR, part 5/8.
Dumping NOR, part 6/8.
Dumping NOR, part 7/8.
Dumping NOR, part 8/8.
NOR backed up to file: nor-backups/nor-000003C95A0A03AE-20170908-211437.dump
Traceback (most recent call last):
File "./ipwndfu", line 77, in
nor = nor.NorData(dump)
File "/Users/dominic/Downloads/ipwndfu-master/nor.py", line 11, in init
assert img2_crc == binascii.crc32(dump[:48]) & 0xffffffff
AssertionError
Same thing happens with sudo. What's going on?
Note that this is on a mac running 10.12.6.

I get this error when typing the command ./ipwndfu -x and ./ipwndfu -p
How do i fix this?

My iPhone 3GS is a New BR on iOS 3.1 after downgrading with 24Kpwn, my mac is running MacOS Sierra 10.12.4

./ipwndfu -p

./ipwndfu -x

I can't activate the phone after recovery? Is there any easy way to do so?

NOR backed up to file: nor-backups/nor-000000D5E9047577-20190324-014439.dump
Traceback (most recent call last):
File "./ipwndfu", line 77, in
nor = nor.NorData(dump)
File "/Users/anthonyfranklin/Desktop/ipwndfu-master/nor.py", line 11, in init
assert img2_crc == binascii.crc32(dump[:48]) & 0xffffffff
AssertionError

here's the error I'm getting

When i try and Run ipwndfu this is the result i get
(Yes i have installed pyusb and libusb already I am on Yosemite 10.10)

./ipwndfu
Traceback (most recent call last):
File "~/ipwndfu/ipwndfu", line 6, in
import usb # pyusb: use 'pip install pyusb' to install this module
ImportError: No module named usb

I was wondering if it is possible to enable carrier? I have my SIM in my 3G[S] and it just stays at No Service. Before I had 3G with most (if not all) bars. Is it just the pwnagetool ipsw I used on reddit? (https://www.reddit.com/r/LegacyJailbreak/comments/68ecux/tutorial_alloc8_for_dummies/#)

Thanks for any help fixing this, if its possible. Also, thanks to axi0mX for alloc8 to get 3.1.3 running at all!
EDIT: if it helps, I have AT&T US
UPDATE: Synced with iTunes and now I have 1 bar of nothing.

MacBook-Pro:ipwndfu-master $ ./ipwndfu -p
*** based on limera1n exploit (heap overflow) by geohot ***
Found: CPID:8920 CPRV:14 CPFM:03 SCEP:01 BDID:00 ECID:000003A8720DBD8E SRTG:[iBoot-359.3]
Traceback (most recent call last):
File "./ipwndfu", line 495, in
limera1n.exploit()
File "/Users//Downloads/ipwndfu-master/limera1n.py", line 200, in exploit
limera1n_libusb1_async_ctrl_transfer(device, 0x21, 1, 0, 0, 'A' * 0x800, 10)
File "/Users//Downloads/ipwndfu-master/limera1n.py", line 137, in limera1n_libusb1_async_ctrl_transfer
if usb.backend.libusb1._lib is not device._ctx.backend.lib:
AttributeError: '_LibUSB' object has no attribute 'lib'

please can anyone help?

NOR is dumped and backed up. The error message is as follows:

`File "./ipwndfu", line 522, in
new_nor = device.add_alloc8_exploit_to_nor(nor)
File "./ipwndfu", line 335, in add_alloc8_exploit_to_nor
new_nor_firmware += Image3(img3_data.newDecryptedImage3()
File "./ipwndfu", line 109, in newDecryptedImage3
assert len(versTag) == 1
AssertionError

Hi I've been getting this error when trying to run the exploit
"NOR backed up to file: nor-backups/nor-00000232B91D3DF5-20170421-112743.dump
Sending iBSS.
ERROR: n88ap-iBSS-4.3.5.img3 is corrupted or wrong.
Download iPhone2,1_4.3.5_8L1_Restore.ipsw and use the following command to extract iBSS:
unzip -p iPhone2,1_4.3.5_8L1_Restore.ipsw Firmware/dfu/iBSS.n88ap.RELEASE.dfu > n88ap-iBSS-4.3.5.img3"
I've tried re-downloading the ipsw multiple times and rerunning the command but continue to get the error.

Hi. While looking at yours exploit , i was wondering how did you observe a heap while you overflow it. I mean is almost impossible to write an exploit while only looking at static asm code. You need to look at chunk position in memory and etc. Did you use crash dumps (or what) or something similar in your debugging process ?

I have an iPhone OS 3.1 custom downgrade IPSW made with PwnageTool that I want to downgrade to, but every time I try to restore to it with iTunes, I get error 6 (but the pineapple from PwnageTool still appears on the iPhone 3GS :/). I have tried on 2 computers with different versions of macOS (10.14 and 10.11) with both of them having the error. I have also tried different cables, but with no success.

iTunes version used is 12.9.2.5

When ever I try to put my iPod Touch 4G into pwnedDFU mode, I get:
*** based on SHAtter exploit (segment overflow) by posixninja and pod2g ***
Found: CPID:8930 CPRV:20 CPFM:03 SCEP:01 BDID:08 ECID:000003E66D04438C IBFL:00 SRTG:[iBoot-574.4]
Traceback (most recent call last):
File "./ipwndfu", line 57, in
SHAtter.exploit()
File "/Users/ninhax44/Desktop/ipwndfu-master/SHAtter.py", line 35, in exploit
dfu.reset_counters(device)
File "/Users/ninhax44/Desktop/ipwndfu-master/dfu.py", line 27, in reset_counters
assert device.ctrl_transfer(0x21, 4, 0, 0, 0, 1000) == 0
File "/Users/ninhax44/Desktop/ipwndfu-master/usb/core.py", line 1034, in ctrl_transfer
self._ctx.managed_claim_interface(self, interface_number)
File "/Users/ninhax44/Desktop/ipwndfu-master/usb/core.py", line 102, in wrapper
return f(self, *args, **kwargs)
File "/Users/ninhax44/Desktop/ipwndfu-master/usb/core.py", line 167, in managed_claim_interface
self.backend.claim_interface(self.handle, i)
File "/Users/ninhax44/Desktop/ipwndfu-master/usb/backend/libusb1.py", line 811, in claim_interface
_check(self.lib.libusb_claim_interface(dev_handle.handle, intf))
File "/Users/ninhax44/Desktop/ipwndfu-master/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno None] Other error

I am running macOS Mojave (10.14.2) and am using iTunes 12.8.

I have a 2011 Week 36 iPhone 3GS (new BootROM) that I purchased off eBay, successfully restored to iOS 5.1.1 using a 24kpwn IPSW made with redsn0w, and booted using alloc8. My issue, however, is that the device did not come with a SIM card, so I am unable to get past activation. Is there any way for me to bypass activation on this device without a SIM? (I don't care about cellular capabilities.) Thanks in advance, Zach. :) :)

My device has been restored with iOS 5.0.1 and starts in DFU mode. I tried to run ./ipwndfu -x but now I'm stuck at

Device is not in pwned DFU Mode. Try again

Then I tried to run ideviceinfo and get No device found. But if I plug in an iPhone 5S, ideviceinfo can provide all informations.
I tested this on a Mac, windows and on a linux debian and all get the No device found error wehen I run ideviceinfo.

Do I need to install a special version of libimobiledevice?

I restored with 4.3.3 and then put it in pwn dfu mode with -p then I executet it with -x and after dumping NOR I get an error: 24Kpwn LLB was not found.
But my 3GS has the new bootrom

Figured I should post this. The 8GB model I believe came with iOS 6 out of the box. Restoring to 4.3.3 errors out. Restoring to 5.x just freezes iTunes in the preparing stage. Does not get out of recovery mode.

redsn0w does not support Custom IPSW with iOS 6 so that's pretty much no go.

Hello, im having this issues using ipwndfu on high sierra. I have a 2011, new bootrom iphone 3GS
macOS 10.13
libusb installed with brew

any ideas?

XXXX:ipwndfu-master XXXXX$ ./ipwndfu -p
*** based on limera1n exploit (heap overflow) by geohot ***
Found: CPID:8920 CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:xx SRTG:[iBoot-359.3.2]
Traceback (most recent call last):
File "./ipwndfu", line 53, in
limera1n.exploit()
File "/Users/xxxxx/Downloads/ipwndfu-master/limera1n.py", line 215, in exploit
dfu.request_image_validation(device)
File "/Users/xxxxx/Downloads/ipwndfu-master/dfu.py", line 62, in request_image_validation
device.ctrl_transfer(0xA1, 3, 0, 0, 6, 1000)
File "/Users/xxxxx/Downloads/ipwndfu-master/usb/core.py", line 1043, in ctrl_transfer
self.__get_timeout(timeout))
File "/Users/xxxxx/Downloads/ipwndfu-master/usb/backend/libusb1.py", line 883, in ctrl_transfer
timeout))
File "/Users/xxxxx/Downloads/ipwndfu-master/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 60] Operation timed out

Would it be possible to get window support or is there a way to boot linux on a windows computer

Please check my records, and help me check the problem.

https://drive.google.com/file/d/0Byc05ob_QVywMEF3Tm9rbW1GaFE/view?usp=sharing

Thank you

[It's work now. I just found and used my old white MacBook(13-inch, Mid 2009)(Mac OS X 10.9.5)‬, and it's success to took my 3GS downgrade to 3.1.3.

Thank you so much]

(Updated date: 16 April 2017)

Traceback (most recent call last):
File "./ipwndfu", line 77, in
nor = nor.NorData(dump)
File "/Users/merculous/Documents/ipwndfu/nor.py", line 11, in init
assert img2_crc == binascii.crc32(dump[:48]) & 0xffffffff
AssertionError

./ipwndfu -p
*** based on SHAtter exploit (segment overflow) by posixninja and pod2g ***
Found: CPID:8930 CPRV:20 CPFM:03 SCEP:01 BDID:08 ECID:00000085AE1343F5 IBFL:00 SRTG:[iBoot-574.4]
Traceback (most recent call last):
File "./ipwndfu", line 57, in
SHAtter.exploit()
File "/Users/User/Desktop/ipwndfu-master/SHAtter.py", line 41, in exploit
dfu.request_image_validation(device)
File "/Users/User/Desktop/ipwndfu-master/dfu.py", line 59, in request_image_validation
assert device.ctrl_transfer(0x21, 1, 0, 0, '', 1000) == 0
File "/Users/User/Desktop/ipwndfu-master/usb/core.py", line 1043, in ctrl_transfer
self.__get_timeout(timeout))
File "/Users/User/Desktop/ipwndfu-master/usb/backend/libusb1.py", line 883, in ctrl_transfer
timeout))
File "/Users/User/Desktop/ipwndfu-master/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 60] Operation timed out

OS X Yosemite (10.10.5)

Mac-admin:ipwndfu admin$ ./ipwndfu -p
*** based on limera1n exploit (heap overflow) by geohot ***
Found: CPID:8920 CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:000002C07509550C SRTG:[iBoot-359.3.2]
ERROR: This request succeeded, but it should have raised an exception. Exiting.
Mac-admin:ipwndfu admin$

NOR backed up to file: nor-backups/nor-000002D3261C63CE-20170412-184607.dump
Traceback (most recent call last):
File "./ipwndfu", line 523, in
new_nor = device.add_alloc8_exploit_to_nor(nor)
File "./ipwndfu", line 336, in add_alloc8_exploit_to_nor
new_nor_firmware += Image3(img3_data).newDecryptedImage3()
File "./ipwndfu", line 123, in newDecryptedImage3
decrypted = self.getDecryptedPayload()
File "./ipwndfu", line 103, in getDecryptedPayload
decrypted_keybag = device.decrypt_keybag(keybag)
File "./ipwndfu", line 432, in decrypt_keybag
assert len(keybag) == KEYBAG_LENGTH

How Do i fix this after i do the -x it goes through the 8 steps and says this
ERROR: n88ap-iBSS-4.3.5.img3 exists, but is empty (size: 0 bytes)

Hi, I'm trying to downgrade my iPhone 3GS to iPhone OS 3.1.3. I made a custom 3.1.3 firmware using PwnageTool. I was able to put the device into pwned dfu mode and restore to the custom firmware successfully. When I went to install Alloc8 and boot by typing ./ipwndfu -x into Terminal, the process fails on Dumping NOR, at any random step. I've tried multiple times, sometimes it gets to stage 4 and fails, sometimes it fails on the first stage with the error "The device has no langid". I've pasted the output I'm getting from the terminal. Any ideas on how to solve this? I'm using Mac OS X 10.9 Mavericks. Thank you so much.

Tims-Mac:ipwndfu-master Janiszewski$ sudo ./ipwndfu -x
Installing alloc8 exploit to NOR.
Dumping NOR, part 1/8.
Dumping NOR, part 2/8.
Traceback (most recent call last):
File "./ipwndfu", line 532, in
nor = device.nor_dump(saveBackup=True)
File "./ipwndfu", line 297, in nor_dump
(retval, received) = self.execute(struct.pack('<6I', read, bdev, self.config.load_address + 8, i * NOR_PART_SIZE, 0, NOR_PART_SIZE), NOR_PART_SIZE)
File "./ipwndfu", line 242, in execute
assert self.identifier == device.serial_number
File "/Users/Janiszewski/Desktop/ipwndfu-master/usb/core.py", line 830, in serial_number
self._serial_number = util.get_string(self, self.iSerialNumber)
File "/Users/Janiszewski/Desktop/ipwndfu-master/usb/util.py", line 314, in get_string
raise ValueError("The device has no langid")
ValueError: The device has no langid

Installing alloc8 exploit to NOR.
Dumping NOR, part 1/8.
Dumping NOR, part 2/8.
Dumping NOR, part 3/8.
Dumping NOR, part 4/8.
Dumping NOR, part 5/8.
Dumping NOR, part 6/8.
Dumping NOR, part 7/8.
Dumping NOR, part 8/8.
NOR backed up to file: nor-backups/nor-000002D3261C63CE-20170905-124450.dump
Preparing modified NOR with alloc8 exploit.
Sending iBSS.
Waiting for iBSS to enter Recovery Mode.
ERROR: No Apple device in Recovery Mode 0x1281 detected. Exiting.

Im running Mac Os 10.12.4 and get this when i run ./ipwndfu -p, (I've reinstalled python and libusb)
*** based on limera1n exploit (heap overflow) by geohot ***
Found: CPID:8920 CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:0000025445143DAE SRTG:[iBoot-359.3.2]
Traceback (most recent call last):
File "./ipwndfu", line 569, in
limera1n.exploit()
File "/Volumes/LaCie 500GB/Projects/ipwndfu/limera1n.py", line 223, in exploit
dfu.request_image_validation(device)
File "/Volumes/LaCie 500GB/Projects/ipwndfu/dfu.py", line 59, in request_image_validation
device.ctrl_transfer(0xA1, 3, 0, 0, 6, 100)
File "/Volumes/LaCie 500GB/Projects/ipwndfu/usb/core.py", line 1043, in ctrl_transfer
self.__get_timeout(timeout))
File "/Volumes/LaCie 500GB/Projects/ipwndfu/usb/backend/libusb1.py", line 883, in ctrl_transfer
timeout))
File "/Volumes/LaCie 500GB/Projects/ipwndfu/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 60] Operation timed out

I don't know how to operate it.

I try to place my iPhone3,1 into pwned dfu mode and get this:

masons-mbp:ipwndfu shmadul$ ./ipwndfu -p
*** based on SHAtter exploit (segment overflow) by posixninja and pod2g ***
Found: CPID:8930 CPRV:20 CPFM:03 SCEP:01 BDID:00 ECID:000000D6360A7DAD IBFL:00 SRTG:[iBoot-574.4]
Traceback (most recent call last):
File "./ipwndfu", line 57, in
SHAtter.exploit()
File "/Users/shmadul/ipwndfu/SHAtter.py", line 45, in exploit
dfu.get_data(device, 0x2C000)
File "/Users/shmadul/ipwndfu/dfu.py", line 51, in get_data
ret = device.ctrl_transfer(0xA1, 2, 0, 0, part, 5000)
File "/Users/shmadul/ipwndfu/usb/core.py", line 1034, in ctrl_transfer
self._ctx.managed_claim_interface(self, interface_number)
File "/Users/shmadul/ipwndfu/usb/core.py", line 102, in wrapper
return f(self, *args, **kwargs)
File "/Users/shmadul/ipwndfu/usb/core.py", line 167, in managed_claim_interface
self.backend.claim_interface(self.handle, i)
File "/Users/shmadul/ipwndfu/usb/backend/libusb1.py", line 811, in claim_interface
_check(self.lib.libusb_claim_interface(dev_handle.handle, intf))
File "/Users/shmadul/ipwndfu/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno None] Other error

When I try and run ./ipwndfu -p i get this
*** based on limera1n exploit (heap overflow) by geohot ***
Traceback (most recent call last):
File "./ipwndfu", line 487, in
limera1n.exploit()
File "/Users/shmadul/Documents/ipwndfu/limera1n.py", line 173, in exploit
device = dfu.acquire_device()
File "/Users/shmadul/Documents/ipwndfu/dfu.py", line 11, in acquire_device
device = usb.core.find(idVendor=0x5AC, idProduct=0x1227)
File "/Library/Python/2.7/site-packages/usb/core.py", line 1263, in find
raise NoBackendError('No backend available')
usb.core.NoBackendError: No backend available

When I run ./ipwndfu -p a pop-up comes up saying "Python quit unexpectedly while using the libusb-1.0.dylib plug-in" then I get Illegal instruction: 4 on terminal. When I run the command again I get "IndexError: array index out of range" and then "ValueError: The device has no langid" on macOS Sierra.
Thanks!

Hello, I am looking forward to use ipwndfu to downgrade my iPhone SE from 12.4 to 10.2, Thanks
Do you also have instructions since i am new to this, i dont know do i just have to run ipwndfu -p and then restore. or not

Hi, I have executed the command to run the alloc8 patcher (./ipwndfu -x) and am stuck on "Dumping NOR part 1/8". Is there something wrong? I tried 2 versions of iTunes (iTunes 10.6.3 and 11.0.3) and no solution. PyUSB, Libusb, and the iBSS files are installed correctly. I have Python 2.7. I am also running OS X Snow Leopard 10.6.8. Does this exploit even work on Snow Leopard?

Mac: iMac Intel Core 2 Duo Late 2006 1.83 GHZ

Note that I am NOT running this on a virtual machine.