Main OS gets stuck in data migration #26
Comments
|
What’s the status on springboard and OOB setup? |
|
@waterdragon78 One of the requirements to get to the UI is getting past the data migration step. The data migration step is ran even if the device has been newly restored, and it installs things like apps (Calculator, etc). We have attempted to patch all the blocking requirements out and the UI does show up and if we bypass the activation we also get to the Home Screen. Below is how that looks like: Screenshots
|
VisualEhrmanntraut
changed the title
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Wow, that's amazing that you're this close. I never thought open-source iOS emulation would happen, let alone the iPhone 11... |
|
Any guides here, like https://github.com/TrungNguyen1909/qemu-t8030/wiki/Bringing-up-the-emulator? |
|
No, sorry. This is just the upstream commits plus some patches to some files, controlled using a VNC daemon inserted into the system. It's not user-intuitive at all. We might make a blog post about this, but I'd recommend you wait until we have finished implementing enough components so patches aren't required. |
|
Ah okay, thanks! |
Could you possibly make a docker image with it setup? |
No. |
|
Here's some videos and screenshots click to expandHomeScreen.mp4BurgerKing.mp4
|
|
By the way, this fork is going to become obsolete; I am in the process of writing my own emulator from scratch in Rust. This will also allow for graphics acceleration via AGX emulation and HiDPI support and faster development times with less bugs. |
Holy sh*t dude you're awesome. P.S. thanks for NootedRed. |
|
Wow, this is so exciting. I've been waiting for years for an iOS emulator to be made that's not some proprietary cloud service or a scam |
So fascinating! In the first video, the flashlight and camera shortcut are cut off and the icon grid is overlapping and the home bar is still at the proper location then in the later images, it seems to be all fixed, what was the cause of the former shorter screen? |
Just the aspect ratio of the resolution previously used was not expected. Seems to not be very adaptive to different aspect ratios. |
|
Would your emulator allow an easy way to experiment with the aspect ratio? |
Well, obviously this issue is with iOS and not with the emulator. If the resolution is kept native the UI should look fine. I'm not sure how exactly I'm going to handle resolution, but I think it would be fun to be able to mess with the aspect ratio and cause iOS to look funky. I will have to warn you however that you can't change the resolution of the internal display while iOS is running because it reads it only once. |
Yes, I'm interested in that. |
Hey, I'm super curious what patches you made to get the UI to show up! I've been trying to get past the same Data Migration step on iOS 15. I've been working on hacking iOS to run on vma2 (Virtualization.framework), and have only gotten PreBoard.app to show up, otherwise, my attempts to patch Data Migration seem to get stuck on a black screen, and I wonder if your patches would make the difference... |
Responded about this to your Telegram message. |
|
By the way, I should mention that me and (mostly) @chris-pcguy have been silently working on getting sepOS emulation working the past year. He seems to be reaching close to the finish line. It is possible we'll get the emulated SEP working before the simulated one. |
|
If this is completed, where will you put it? Will there be a comment on this issue or somewhere else? |
|
I forgot to mention that SEP emulation was indeed completed, you can see it in the feat-sep_emu branch |
|
@VisualEhrmanntraut Does this mean I can try to set it up now, or is there another hurdle? |
|
Well, no, there's still a lot of hoops to jump through. You need a decrypted SEP/OS, SEP ROM, you need to patch the filesystem to remove some graphics-acceleration-related things. |
Without WiFi emulation, a reverse proxy could work I assume. |
Not exactly, still need to modify the filesystem to at least disable GPU acceleration for some frameworks. Not sure if there's any workaround, we're still working on it. But we're working very hard. |
|
Is there anything that the wider community can do to help with the project? |
|
@itsnotrin Yes, actually. Leak all of Apple’s source code and/or documentation. (for legal reasons: this is a joke) :-D |
|
I meant more in terms of Development help but that works too 😂 |
|
If you get at least basic build docs live I'm happy to try and work on anything needed- understand if not and it's more of a "figure it out yourself" kind of story though. |
|
Hello guys, thanks a lot for your huge contribution, I have been looking at your project very close and collaborated with Martjin in some tests for the ipod_touch 2g which sometimes I have used in my classes, I had tried to make the shell working but there was some major functionality working i.e. no network and no usb and that blocked my port of the aleph research tunnel to use usbmuxd. I am not sure how useful it can be on a complex device such as the ip11. But maybe would serve as an inspiration. Cheers. |
|
Hello there. I am aware of this code base, the code for the multitouch was a bit useful but unfortunately we are unlucky and they changed the multitouch firmware communication exactly on the t8030 chip, every chip before that used the same communication as the code you’ve linked. |
|
too bad <sigh>\ thanks for the quick response... |
|
I got it working on my machine yesterday, so now I know exactly what to do about the data migration: SpringyBoardSetup.mp4 |
wow, so data migration struggles are not a problem now? 😮 |
|
Technically not. I know the exact problems and workarounds, and can come up with solutions. |
btw, I see you're working on Apple Sillicon, it's KVM virtualization or just arm64 QEMU emulation? can't wait to try Aleph research virtualization patches |
|
Lol, this is ChefKiss, not Aleph Security, we are not related to that team but I have talked with Afek from them. And it's emulated, not KVM (and KVM is a Linux thing, macOS has Hypervisor.framework). |
Yes I am aware of that. Ofc I know this is not that team. I just mentioned because I am curious how those virtualization patches could work on this xnu-qemu fork once it's ready and try them on Linux since it's Unix based system. I think I didn't expressed well so sorry for that confusion tho 🙃 Anyways, I'll keep following your progress closely. What's your new target once data migration will be fixed? |
e.mp4 |
|
iOS 17 is now partially booting 
|
Wow, such an awesome progress. There's a kernel panic due to memory mapping differences, how did you used to handle SMC on iOS 14? |
the former |
|
Do you think once you finish these 3 things it will be worth it for me to try installing it? As far as I can tell, currently it requires patches that are complicated to apply properly and require macOS, because otherwise the OS will crash (even though they're not needed). Once they're done, will the patches no longer be necessary? |
Feel free to implement gpu acceleration yourself.
Nobody is forcing you to use it.
Not complicated at all, there are quite a few approaches to script that.
For now, until read-write apfs on e.g. Linux, BSD or Windows gets more reliable.
Crashing, as in kernel panic? It won't crash without the user-space patches.
The plan is to make it require as few patches as possible. |
|
Thanks for your response, @chris-pcguy . I feel there’s a lack of understanding about the immense effort required to make this work properly. Some questions can come off as disrespectful, even if unintentionally. Exposing projects to the public comes with challenges, but it also has immense educational value, even when unfinished. A great example is the iPod2g, which provides invaluable insights. Many seem to overlook Moore’s law and the exponential complexity of modern devices. While emulating older systems like the Game Boy, PS1, or iPod2g is challenging but feasible, emulating a currently produced device is a completely different level of complexity. Let’s respect the work being done here. It’s a monumental task, and the dedication behind it deserves appreciation. |
Sorry for implying otherwise, I think there's a misunderstanding and I'm sorry. I phrased my comment wrong. I am amazed by this finally existing (and hopefully my earlier comments express that), after so many years of only one proprietary cloud service achieving fully working emulation of modern versions and a bunch of scams, and am very excited to try it out for myself
This is a misunderstanding - I wasn't trying to imply that the process was unnecessarily complicated or that it's not worth my time. I mistakenly thought the patches were temporary and would be depreciated soon, and didn't want to have to ask a bunch of questions to trying to get them working. I see I was wrong about that. The "even though they're not needed" part meant that I thought iOS required the patches because it would fail even though the hardware isn't necessary, not that the patches themselves are unnecessary
I was referring to the data migration issue |
|
Unfortunately, especially the data migration issue which is in part caused due to lack of GPU acceleration and the built-in software renderer being partially broken at least in this iOS version, patches are unavoidable until the GPU is emulated. This is a complicated task on its own, but with QEMU probably not even possible to implement at least for macOS hosts due to OpenGL support not being able to be enabled. Maybe for Linux hosts, but I don't use Linux, so I can't test or implement it. |
|
In other words, the current situation is:
|
|
@Anonymous941 Does this help you understand better? |
|
Oh, and not all patches can be removed, at least not kernel patches, as they are required for iOS versions that are not longer signed. |
Yes, thanks for the explaination. It doesn't really matter that much to me personally, I can always just make a macOS VM to apply them, or dig out my old MacBook. I was assuming that it would require unpacking some obscure proprietary format (on second thought, not sure why I assumed that). Can jailbroke iOS have RW access to APFS images by any chance?
Can't you import the keys from a real iPhone with SHSH2 blobs? Or would that require more hardware implemented? (of course it's moot atm because some of the patches are still needed)
This type of low-level programming is outside of my skill set, but I'd be happy to assist with testing if anyone ever wants to implement this in the future |
Nah. The ipsw is just a zip, and the NAND is more or less just standard NVMe with a few namespaces and in one of them being the main filesystem, which is just GPT partitioning and an APFS partition with data/system/etc volumes like macOS.
Don't know.
The problem is that if you don't have the blobs, the files aren't signed, so the kernel rejects some things e.g. the touch screen firmware (so the touch screen stops working). For this particular iOS version, we don't have them, so we have to forge the ticket, so the signatures aren't really valid. |
Causes:
Lack of MultitouchimplementedThe text was updated successfully, but these errors were encountered: