Troubleshooting guide #4
Comments
|
Hi, |
|
Having the same issue, do i need to connect all 8 pins is pico? |
|
I think @zaphodatreides meant iPhone 8 |
|
Looks like |
|
Hi, I have the exact same error. Did you fixe yours ? |
|
If your lightning pinout (confirmed with multimeter) is correct, and the cable orientation is 100% correct, and the device is successfully demoted it should work. The error mainly happens when the electrical connection is incorrect |
|
I checked the lightning pinout with a multimeter and it is correct. For the orientation of the cable I place the GND on the left. Edit: |
|
Ok so, I made a new cable (shorter than the first one) and checked every connections. I have this error whether the iPhone is connected or not which makes me think the pinout is not OK. I tried:
and:
After checking the code, the second choice is the correct one but still no success. |
|
I'm also quite sure that my cable works well. Besides testing it with a multimeter, I did not throw away a second part of the extender and also soldered the jumper cables to it. The phone is fully detectable via both - System Information->USB and
btw, I'm using this lightning extender. |
|
Does reset & DCSD work? |
|
I'm not sure I understood your question. I'm unable to run openocd providing the bonobo-configs file. (Assertion 'false' failed) The only thing I can do is: And then: |
|
In your second paste you need to chose the mode. JTAG mode, DCSD, or reset the device. Does DCSD & reset work? |
|
Did you use the serial interface to set the Tamarin cable to JTAG mode? Is DCSD & Reset working? Thanks! |
|
Thank you ! I had not understood that you should enable JTAG first, then run openocd cmd ! |
|
Well... The GDB connection is dropped instantly :( |
|
+1 didn't understand at first that you have to set JTAG mode over a serial interface like this, thanks for the clarification! Now I'm also stuck with
and this how it loos form |
|
Hi. I understand correctly that only id0, l1n and l1p are involved in the code. id1, l0n and l0p are not involved in any way? |
Hello, I have encountered the same problem as you, did you solve it? I found that when I use openocd, the serial port doesn't have any logs about jtag. When I use forced jtag mode, the serial port still doesn't have any logs. Does this mean that entering jtag mode failed? I would be very grateful if someone could give me a little hint. |
|
Hi, nope, unfortunately, no. I just tried one more time on iPhone 7 as well, unfortunately, I don't see the message saying that CPU has been halted successfully, |
|
nvm, turned out I was using a newer version of Pico SDK, once I switched to > targets
TargetName Type Endian TapName State
-- ------------------ ---------- ------ ------------------ ------------
0 iphone.dbg mem_ap little iphone.cpu running
1 iphone.mem mem_ap little iphone.cpu running
2* iphone.cpu0 aarch64 little iphone.cpu running
3 iphone.cpu1 aarch64 little iphone.cpu poweroff
4 iphone.sep cortex_a little iphone.cpu unknown
> halt
target halted in AArch64 state due to debug-request, current mode: EL1T
cpsr: 0x800002c4 pc: 0x100000508
MMU: enabled, D-Cache: enabled, I-Cache: enabled(gdb) target remote :3333
Remote debugging using :3333
warning: No executable has been specified and target does not support
determining executable automatically. Try using the "file" command.
0x0000000100000508 in ?? ()
(gdb) x/5i $pc
=> 0x100000508: ret
0x10000050c: hint #0x45
0x100000510: b 0x100000510
0x100000514: stp x28, x27, [sp, #-96]!
0x100000518: stp x26, x25, [sp, #16]
(gdb) x/s 0x100000200
0x100000200: "SecureROM for t8010si, Copyright 2007-2015, Apple Inc."
(gdb) x/s 0x100000280
0x100000280: "iBoot-2696.0.0.1.33"(The above output is from iPhone 7., still can't halt IPhone X tho due to some timeout issue.) Don't know what to do with all of this from this point on, but it was a fun experiment, thanks folks! |
and others
Hi, watched the Defcon talk, and it got me really excited, so I decided to try the project for myself. Unfortunately, I'm a complete noob in all of these - pico, soldering, and kernel debugging 😅 So, I'm not sure what I am doing wrong here.
I made the cable out of this LIghtning extension adapter, soldered the jumping wires and verified it for continuity using a multimeter. Just in case, I made two of those.
Next, I soldered the pins to the Pico and flashed the firmware. I tried connecting the pins to the Pico the way it's described in the README, starting with
L1n(Purple) toGPIO1and in another way like it was shown on the slides -L1n(Purple) toGPIO0. I'm not sure which way is correct, but the pins on the Pico start withGPIO0.I'm using a demoted iPhone 7+ and
t8010.cfgbonobo config for it. (openocd was also built from your fork.)Unfortunatly I'm getting this error:
Here is a more verbose output with `-d` flag
Because there are so many parts involved in to this process, I honestly don't know where to start debugging it, would appriciate any suggestion. And thanks again for the talk. It was very inspiring!
The text was updated successfully, but these errors were encountered: