10 posts / 0 new / Last post
#1  January 12, 2011 - 4:00am
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

I have a Black ATV with 4.2.1 installed and jailbroken. I understand that this is a tethered boot, no problem. I have not tried aTV Flash yet, just seas0npass, as well as doing it the pwnage way.

The problem I am looking at is that the only machine anywhere close to the TV that I am setting this up on is a G4 Mac Mini. I have tried booting it using thetherboot from a "tether" fodler on my desktop, at first the universal binary woudln't work, so I recompiled it and got it to get at least partway through.

 

Is there any solution for tethering this thing to a non-intel mac for the boot? It's either that or I have to haul an iMac into the living room just to boot Frown

  January 12, 2011 - 4:40am
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

Guess I need to wait until morning to get an answer Frown

  January 12, 2011 - 8:11am
james's picture
Staff
Offline
Joined: Jun 2008
Posts: 13,424
Kudos: 1,098

Unfortunately Seas0nPass requires OSX 10.6 or later.

You may be best served by waiting for the 'un-tethered' jailbreak to become available.

Infuse 6 for iOS and Apple TV is now available!

  January 12, 2011 - 1:36pm
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

That is what I figured. I was just hoping there might be a way to get the booter part of it on PPC since I can run the jailbreak part on my 10.6 machine Smile

  January 12, 2011 - 7:19pm
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

I am going to add to this just for the sake of getting it out there in case someone else is attempting this.

Using my little G4 MacMini, I can compile a native version of tetheredboot and/or injectpois0n, then using the commands  shown on the internet I can  run tetheredboot or injectpois0n -t and it starts to work, but then this happens:

 

Device must be in DFU mode to continue

opening device 05ac:1227...

Found device in DFU mode

Checking if device is compatible with this jailbreak

Checking the device type

Identified device as AppleTV2,1

Preparing to upload limera1n exploit

Resetting device counters

Sending chunk headers

libusb:error [darwin_transfer_status] transfer error: device not responding (value = 0xe00002ed)

this error repeats 11 times total then  we get:

libusb:error [submit_control_transfer] control request failed: no connection to an IOService

this error repeats 42 times, then we get:

Sending exploit payload

libusb:error [submit_control_transfer] control request failed: no connection to an IOService

Sending fake data

libusb:error [submit_control_transfer] control request failed: no connection to an IOService

libusb:error [submit_control_transfer] control request failed: no connection to an IOService

libusb:error [darwin_reset_device] ResetDevice: no connection to an IOService

libusb:error [submit_control_transfer] control request failed: no connection to an IOService

this error repeats 4 times, then we get:

libusb:error [darwin_reset_device] ResetDevice: no connection to an IOService

Exploit sent

Reconnecting to device

libusb:error [darwin_close] USBDeviceClose: no connection to an IOService

Waiting 2 seconds for the device to pop up...

Connection failed. Waiting 1 sec before retry.

this error repeats 10 times then we get:

Command completed successfully

Unable to reconnect

Unable to upload exploit data

DFU Exploit injection failed (4294967295)

Exiting libpois0n

-------------------------------------------

So, this seems to indicate to me that the issue lies either with with libusb directly or with libusb.dylib and Apple's own HID driver grabbing the device exclusively. Now, I have no clue how to fix this, and I am probably totally incorrect anyway.  Anyone that is smarter than me have any insight as this seems to be the only issue making it so that people cannot use an older PPC Mac (10.5 anyway) like a G4 Mac Mini Smile to do the tethered boot.

 

I don't mind waiting too awful much for an untethered jb for this thing, but it would be cool to not have to restore the thing every 20 minutes while I am trying to get something to work Smile

  January 12, 2011 - 7:50pm
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

Another update. Disregard my post above  I was being stupid.

 

Anyone have any idea on this? I don't really want to wait for who knows how long until the untethered jb is out

Device must be in DFU mode to continue

opening device 05ac:1227...

Found device in DFU mode

Checking if device is compatible with this jailbreak

Checking the device type

Identified device as AppleTV2,1

Preparing to upload limera1n exploit

Resetting device counters

Sending chunk headers

Sending exploit payload

Sending fake data

libusb:error [darwin_transfer_status] transfer error: timed out

libusb:error [darwin_reset_device] ResetDevice: no connection to an IOService

Exploit sent

Reconnecting to device

libusb:error [darwin_close] USBDeviceClose: no connection to an IOService

Waiting 2 seconds for the device to pop up...

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

Connection failed. Waiting 1 sec before retry.

opening device 05ac:1281...

Setting to configuration 1

Setting to interface 0:0

Uploading iBSS.k66ap.RELEASE.dfu to device

dyld: lazy symbol binding failed: Symbol not found: _fopen$UNIX2003

  Referenced from: /Users/gevans/Desktop/tethered/./tetheredboot

  Expected in: /usr/lib/libSystem.B.dylib

 

dyld: Symbol not found: _fopen$UNIX2003

  Referenced from: /Users/gevans/Desktop/tethered/./tetheredboot

  Expected in: /usr/lib/libSystem.B.dylib

 

Trace/BPT trap

  January 13, 2011 - 1:31am
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

UPDATE: I now have Seas0npass running on a G4 Mac. It is not working properly yet, but it is indeed running. Here is what I have done so far

  1. Built a new libcurl. This is required to make tetheredboot work
  • After building the new libcurl, I replaced the libcurl in MacOS X 10.5.8 with it. I could have done it a better way, but I don't particularly care about this box and figured it would work anyway
  • mv /usr/lib/libcurl.4.dylib libcurl.4.dylib.old
  • cp /path/to/new/libcurl/libcurl.4.dylib /usr/lib/
  1. Installed the latest libUSB from MacPorts
  • after installing macports ( http://www.macports.org/install.php )
  • port install libusb
  • cd /path/to/your/seas0npass_source
  • mv libusb-1.0.0.dylib libusb-1.0.0.dylib.intel 
  • cp /opt/lib/libusb-1.0.0.dylib /path/to/your/seas0npass_source/
  • mkdir patches
  • mkdir scripts
  1. Installed XCode on the G4
  2. Right click on Targets->seas0npass in Xcode and changed the following
  • BaseSDK Changed to 10.5 from 10.6
  • Checked, Build Active Architecture Only
  • added 'ppc' to valid architectures
  • unchecked Strip Debug Symbols During Copy (probably doesn't matter to be honest)
  1. Right click on Targets->dbHelper in XCode and changed the following
  • BaseSDK Changed to 10.5 from 10.6
  • Checked, Build Active Architecture Only
  • added 'ppc' to valid architectures
  • unchecked Strip Debug Symbols During Copy (probably doesn't matter to be honest)
  1. Build the project

and Here are the results[[wysiwyg_imageupload:42:]]

Unfortunately, this is what happens when you try to Boot Tethered (note: the IPSW creation failed, which is fine since I can do that on my intel Mac in the other room)

[[wysiwyg_imageupload:43:]]

  January 13, 2011 - 4:50am
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

Another update Smile

 

Found some more problems that had I used XCode at all before would have been glaringly obvious. They are fixed now, but that of course brought up some more problems. Downloaded Chronic-Dev-Syringe from github and am now going to fix those issues as well. I am hoping that once I have all of this fixed, I might have a working PPC version of seas0npass. If so I will either talk to these guys about getting it on the site, or will upload it somewhere. If I have to do it myself, I will probably just call it seas0nassPPC because I am boring.

 

So far I have an app that runs, but fails on PPC. Pretty good for someone who has barely touched XCode in the past and is learning as he goes Smile

  January 13, 2011 - 7:52am
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

Last update for tonight:

 

Problem  seems to lie in the tetheredboot. It goes as follows:

 

Found device in DFU mode

Checking if device is compatible with this jailbreak

Checking the device type

Identified device as AppleTV2,1

Preparing to upload limera1n exploit

Resetting device counters

Sending chunk headers

Sending exploit payload

Sending fake data

libusb:error [darwin_transfer_status] transfer error: timed out

libusb:error [darwin_reset_device] ResetDevice: no connection to an IOService

Exploit sent

Reconnecting to device

libusb:error [darwin_close] USBDeviceClose: no connection to an IOService

Waiting 2 seconds for the device to pop up...

At this point, iTunes fails to recognize the device, so it fails.  If,  however you manually go to dfu mode again,  it will try to continue.  

Here is the relevant bit from /var/log/system.log

Jan 13 00:01:59 g4-mac-mini [0x0-0x55055].com.firecore.Seas0nPass[13592]: Reconnecting to deviceJan 13 00:01:59 g4-mac-mini [0x0-0x55055].com.firecore.Seas0nPass[13592]: libusb:error [darwin_close] USBDeviceClose: no connection to an IOServiceJan 13 00:01:59 g4-mac-mini [0x0-0x55055].com.firecore.Seas0nPass[13592]: Waiting 2 seconds for the device to pop up...

So it seems that somehow, from what I have gathered from some google searches that libusb is not reenumerating the device properly for the G4 mac, which makes iTunes and therefore the tetheredboot not see it. It could be a USB port problem as well though I  suppose, not a physical or not working properly for the way it was intended to work issue mind you, but something else. I dunno, maybe I am  wrong. 

I know that NOBODY other than me probably cares about this, and unfortunately I am not anywhere near a good enough programmer to know how to begin to fix it, but at least I have a vague idea of what the actual  problem is and maybe, just maybe the guys at firecore would build a PPC version, because it compiles pretty easily, and they have the know how to debug this usb issue. If I knew more, I  would be doing it myself and either modifying the source as required using libusb or just using the built-in Apple HID api/framework/library? to do it, which I think would make it work Smile

Oh well, I hope somebody somewhere got something out of this...

  January 13, 2011 - 7:13pm
zagurim's picture
Offline
Joined: Jan 2011
Posts: 27
Kudos: 0

with the number of views on this thread,it seems that it is worth continuing to work on. If you  are able to code or are able to test, please send me a pm and we can do  some work together and see if we can't get a PPC version of at least the booter working