Unable to decrypt disk image file for iPhone1,1_1.1.4_4A102 #4
Description
I tried to run iExectractor for iPhone1,1_1.1.4_4A102 but it failed during decrypt disk image file.
Log:
$ ./run_no_pack_fs_no_dyld iPhone1,1_1.1.4_4A102
* Change working directory to scripts/
* Download firmware image
Firmware file already exists at .././ipsw/iPhone1,1_1.1.4_4A102_Restore.ipsw Do you want to continue?[y/N] Not continuing.
* Unpack firmware image
[debug] Creating folder .././out/iPhone1,1_1.1.4_4A102 if does not exist ...
[debug] Unpacking ipsw file .././ipsw/iPhone1,1_1.1.4_4A102_Restore.ipsw to .././out/iPhone1,1_1.1.4_4A102 ...
[debug] unzip -o -qq .././ipsw/iPhone1,1_1.1.4_4A102_Restore.ipsw -d .././out/iPhone1,1_1.1.4_4A102
* Decrypt disk image file
[error] There is no .dmg file in .././out/iPhone1,1_1.1.4_4A102
[error] Folder .././out/iPhone1,1_1.1.4_4A102 doesn't store contents of an unpacked .ipsw file.
* Decrypt kernelcache
[debug] Change working directory to bin/
[debug] ./decrypt_kernel .././out/iPhone1,1_1.1.4_4A102/kernelcache.release.s5l8900xrb
[debug] No kernelcache key or iv provided. Assuming they are not required and not decrypting kernelcache image.
[debug] Creating a hardlink from .././out/iPhone1,1_1.1.4_4A102/kernelcache.release.s5l8900xrb to kernelcache file in .././out/iPhone1,1_1.1.4_4A102/kernelcache.decrypted ...
[debug] ln -f .././out/iPhone1,1_1.1.4_4A102/kernelcache.release.s5l8900xrb .././out/iPhone1,1_1.1.4_4A102/kernelcache.decrypted
[debug] Unpacking kernelcache file .././out/iPhone1,1_1.1.4_4A102/kernelcache.decrypted (offet ) to .././out/iPhone1,1_1.1.4_4A102/kernelcache.mach.arm ...
[debug] ../tools/lzssdec/lzssdec -o < .././out/iPhone1,1_1.1.4_4A102/kernelcache.decrypted > .././out/iPhone1,1_1.1.4_4A102/kernelcache.mach.arm
* Extract sandbox extension
[debug] Change working directory to bin/
[debug] ./extract_sandbox_extension .././out/iPhone1,1_1.1.4_4A102/kernelcache.mach.arm
[debug] Extracting sandbox extension from .././out/iPhone1,1_1.1.4_4A102/kernelcache.mach.arm to .././out/iPhone1,1_1.1.4_4A102/com.apple.security.sandbox.kext ...
[debug] ../tools/joker/joker.universal -K com.apple.security.sandbox .././out/iPhone1,1_1.1.4_4A102/kernelcache.mach.arm
./extract_sandbox_extension: line 18: 23302 Segmentation fault: 11 "$JOKER" -K com.apple.security.sandbox "$kernelcache" > /dev/null 2>&1
[error] Previous command ended with error. Turn on debugging and run manually to investigate.
* Mount root filesystem
Password:
[error] There is no disk image file in .././out/iPhone1,1_1.1.4_4A102
[error] Make sure you unpacked the contents of an .ipsw file and you have unpacked/decrypted the disk image file.
* Copy sandboxd
[error] No volume is mounted in /mnt/ios/iPhone1,1_1.1.4_4A102
* Unmount root filesystem
[error] No volume is mounted in /mnt/ios/iPhone1,1_1.1.4_4A102
* Extract sandbox profiles
[error] There is no com.apple.security.sandbox.kext file in .././out/iPhone1,1_1.1.4_4A102
[error] There is no sandboxd file in .././out/iPhone1,1_1.1.4_4A102
* Reverse sandbox profiles
[error] There is no sb_ops file in .././out/iPhone1,1_1.1.4_4A102
This can be fixed by modifying /scripts/decrypt_fs to accept regex ^[0-9]\{3\}-[0-9]\+-[0-9]\+.dmg instead of ^[0-9]\{3\}-[0-9]\+-[0-9]\{3\}.dmg
Note that extracted files are:
$ ls out/iPhone1,1_1.1.4_4A102/
022-3894-4.dmg 022-3900-4.dmg Restore.plist kernelcache.mach.arm
022-3896-4.dmg Firmware kernelcache.decrypted kernelcache.release.s5l8900xrb