This is on an iPhone 5, downgraded to 7.1.2 with n1ghtshade and the ramdisk is Sliver 6.2 alternate ramdisk option

derik@Deriks-MBP usbpatchd-main % ./install-usbpatchd.sh           
You should now boot your SSH-capable ramdisk and mount the System (/dev/disk0s1s1)
volume in /mnt1.
If you are using u/meowcat454\'s ramdisk, you should type `bash /usr/bin/mount_root`.
After that, run iproxy with `iproxy 4242 22`. You may need to replace 22 with 44.
Press Enter to continue...
Warning: Permanently added '[localhost]:4242' (RSA) to the list of known hosts.
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
Unable to rename rootfs snapshot! Please file a bug report.
derik@Deriks-MBP usbpatchd-main % ./install-usbpatchd.sh
You should now boot your SSH-capable ramdisk and mount the System (/dev/disk0s1s1)
volume in /mnt1.
If you are using u/meowcat454\'s ramdisk, you should type `bash /usr/bin/mount_root`.
After that, run iproxy with `iproxy 4242 22`. You may need to replace 22 with 44.
Press Enter to continue...
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
Unable to rename rootfs snapshot! Please file a bug report.

Hello, when I attempt to use this script with sshrd_script. It fails because of an "Invalid argument" error from fs_snapshot_rename.

I'm using this script on Linux, I'm unable to use the provided sshramdisk script as it requires a mac.

Is there any way to fix this?

Hi @nick-botticelli!

Thank you so much for sharing this tool. I have an iPhone X running iOS 16.4 with a broken screen that I'd like to backup, and I hope to be able to connect a USB keyboard to enter the passcode.

After successfully creating and uploading meowcat454's ramdisk and getting SSH access, I ran install-usbpatchd.sh but the snappy binary was always exiting with Killed: 9. I commented the lines about the system snapshot and I was able to install the necessary files in the filesystem.

However, the instructions at the end of the process were not very clear on how to finish patching the USB restriction:

Finished installing usbpatchd.
Now you can reboot and run checkra1n (either from CLI or from Recovery mode)
to finish patching USB restriction. After that, SSH should now be accessible
from the lock screen when using iproxy or tcprelay (`iproxy 2222 44`)!

When I rebooted the iPhone the USB restriction was still applied and the Mac didn't recognize it. I also tried putting it directly into DFU mode, right after running usbpatchd, and installing the latest checkra1n from the CLI but it complains that something isn't right (not sure what).

I have also noticed that when I run mount from the ramdisk the system partition has a different name, it's /dev/disk1s1 instead of /dev/disk0s1s1. I've also tried changing it in usbpatchd.sh but the USB restriction is still being applied.

Do you have any pointers about what may be failing? I'd be happy to contribute with a PR if I get it working, thanks!

Hello,

Thanks for your hard work.
I get the following error once I run iproxy :

fs_snapshot_rename: Invalid argument

and here is the output of some commands you asked on reddit :

root@ (/var/root)# /mnt1/usr/bin/snappy -s
System Snapshot: com.apple.os.update-5BC2B14114A412931ACC06ED68B29800E14268BB230913656F584819E3D85E725FC81BE3F3184A4C84A702137873E366
root@ (/var/root)# /mnt1/usr/bin/snappy -f
snappy: option requires an argument -- f
Usage: snappy -f DIR [OPTIONS...]
	-h, --help		Print this help
	-f, --filesystem DIR	Filesystem to operate on (mountpoint)
	-l, --list		List snapshots on filesystem
	-c, --create NAME	Create a snapshot named NAME
	-d, --delete NAME	Delete a snapshot named NAME
	-r, --rename NAME	Rename a snapshot named NAME to name supplied by --to
	-m, --mount NAME	Mount snapshot named NAME to path specified by --to
					(Mount currently not working on iOS)
	-t, --to NAME
	-v, --revert NAME	Revert to snapshot named NAME
	-s, --showhash		Show the name of the system snapshot for this boot-manifest-hash
	-x, --to-system		Set the target snapshot name to be the iOS system-snapshot
	-o, --orig		Revert to the original pre-jailbreak snapshot
root@ (/var/root)# /mnt1 -l
-bash: /mnt1: is a directory

Also running this command /mnt1/usr/bin/snappy -f /mnt1 -r "com.apple.os.update-5BC2B14114A412931ACC06ED68B29800E14268BB230913656F584819E3D85E725FC81BE3F3184A4C84A702137873E366" -t orig-fs is returning the following :

Will rename snapshot com.apple.os.update-5BC2B14114A412931ACC06ED68B29800E14268BB230913656F584819E3D85E725FC81BE3F3184A4C84A702137873E366 on fs /mnt1 to orig-fs
fs_snapshot_rename: No such file or directory
Failure

Thanks in advance for your help !