nick-botticelli / usbpatchd Goto Github PK
View Code? Open in Web Editor NEWPatch iOS USB restriction for SSH over USB on the lock screen on checkm8-compatible devices
License: GNU General Public License v3.0
Patch iOS USB restriction for SSH over USB on the lock screen on checkm8-compatible devices
License: GNU General Public License v3.0
Hello, when I attempt to use this script with sshrd_script. It fails because of an "Invalid argument" error from fs_snapshot_rename.
I'm using this script on Linux, I'm unable to use the provided sshramdisk script as it requires a mac.
Is there any way to fix this?
Hello,
Thanks for your hard work.
I get the following error once I run iproxy :
fs_snapshot_rename: Invalid argument
and here is the output of some commands you asked on reddit :
root@ (/var/root)# /mnt1/usr/bin/snappy -s
System Snapshot: com.apple.os.update-5BC2B14114A412931ACC06ED68B29800E14268BB230913656F584819E3D85E725FC81BE3F3184A4C84A702137873E366
root@ (/var/root)# /mnt1/usr/bin/snappy -f
snappy: option requires an argument -- f
Usage: snappy -f DIR [OPTIONS...]
-h, --help Print this help
-f, --filesystem DIR Filesystem to operate on (mountpoint)
-l, --list List snapshots on filesystem
-c, --create NAME Create a snapshot named NAME
-d, --delete NAME Delete a snapshot named NAME
-r, --rename NAME Rename a snapshot named NAME to name supplied by --to
-m, --mount NAME Mount snapshot named NAME to path specified by --to
(Mount currently not working on iOS)
-t, --to NAME
-v, --revert NAME Revert to snapshot named NAME
-s, --showhash Show the name of the system snapshot for this boot-manifest-hash
-x, --to-system Set the target snapshot name to be the iOS system-snapshot
-o, --orig Revert to the original pre-jailbreak snapshot
root@ (/var/root)# /mnt1 -l
-bash: /mnt1: is a directory
Also running this command /mnt1/usr/bin/snappy -f /mnt1 -r "com.apple.os.update-5BC2B14114A412931ACC06ED68B29800E14268BB230913656F584819E3D85E725FC81BE3F3184A4C84A702137873E366" -t orig-fs
is returning the following :
Will rename snapshot com.apple.os.update-5BC2B14114A412931ACC06ED68B29800E14268BB230913656F584819E3D85E725FC81BE3F3184A4C84A702137873E366 on fs /mnt1 to orig-fs
fs_snapshot_rename: No such file or directory
Failure
Thanks in advance for your help !
Hi @nick-botticelli!
Thank you so much for sharing this tool. I have an iPhone X running iOS 16.4 with a broken screen that I'd like to backup, and I hope to be able to connect a USB keyboard to enter the passcode.
After successfully creating and uploading meowcat454's ramdisk and getting SSH access, I ran install-usbpatchd.sh
but the snappy
binary was always exiting with Killed: 9
. I commented the lines about the system snapshot and I was able to install the necessary files in the filesystem.
However, the instructions at the end of the process were not very clear on how to finish patching the USB restriction:
Finished installing usbpatchd.
Now you can reboot and run checkra1n (either from CLI or from Recovery mode)
to finish patching USB restriction. After that, SSH should now be accessible
from the lock screen when using iproxy or tcprelay (`iproxy 2222 44`)!
When I rebooted the iPhone the USB restriction was still applied and the Mac didn't recognize it. I also tried putting it directly into DFU mode, right after running usbpatchd, and installing the latest checkra1n from the CLI but it complains that something isn't right (not sure what).
I have also noticed that when I run mount
from the ramdisk the system partition has a different name, it's /dev/disk1s1
instead of /dev/disk0s1s1
. I've also tried changing it in usbpatchd.sh but the USB restriction is still being applied.
Do you have any pointers about what may be failing? I'd be happy to contribute with a PR if I get it working, thanks!
This is on an iPhone 5, downgraded to 7.1.2 with n1ghtshade and the ramdisk is Sliver 6.2 alternate ramdisk option
derik@Deriks-MBP usbpatchd-main % ./install-usbpatchd.sh
You should now boot your SSH-capable ramdisk and mount the System (/dev/disk0s1s1)
volume in /mnt1.
If you are using u/meowcat454\'s ramdisk, you should type `bash /usr/bin/mount_root`.
After that, run iproxy with `iproxy 4242 22`. You may need to replace 22 with 44.
Press Enter to continue...
Warning: Permanently added '[localhost]:4242' (RSA) to the list of known hosts.
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
Unable to rename rootfs snapshot! Please file a bug report.
derik@Deriks-MBP usbpatchd-main % ./install-usbpatchd.sh
You should now boot your SSH-capable ramdisk and mount the System (/dev/disk0s1s1)
volume in /mnt1.
If you are using u/meowcat454\'s ramdisk, you should type `bash /usr/bin/mount_root`.
After that, run iproxy with `iproxy 4242 22`. You may need to replace 22 with 44.
Press Enter to continue...
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
sh: /mnt1/usr/bin/snappy: Bad CPU type in executable
Unable to rename rootfs snapshot! Please file a bug report.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.