Python "bad magic" error

[cody151]

Platform: Lubuntu latest

Describe the bug
It seems like it almost gets to the end but then some Python-related issue prevents it from finishing, saying "bad magic"

[*] Waiting for devices
[*] Detected DFU mode device
[*] Getting device info...
[*] Waiting for network
[*] Creating ramdisk
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Stage: SETUP
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Stage: SPRAY
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Stage: PATCH
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Now you can boot untrusted images.
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
Compiled with plist: YES
Saved IM4M to work/IM4M
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: BuildManifest.plist
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: Firmware/dfu/iBSS.ipad5b.RELEASE.im4p
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: Firmware/dfu/iBEC.ipad5b.RELEASE.im4p
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: Firmware/all_flash/DeviceTree.j81ap.im4p
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: Firmware/078-34285-078.dmg.trustcache
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: kernelcache.release.ipad5b
100% [===================================================================================================>]
download succeeded
Version: 3fc8c093f4660f6c6e07c0c9214618733da01ffc - 36
libfragmentzip version: 0.60-120447d0f410dffb49948fa155467fc5d91ca3c8
init pzb: https://updates.cdn-apple.com/2022SummerFCS/fullrestores/012-41685/A12D2F85-A629-49EF-B5F7-FDF71C040564/iPad_64bit_TouchID_15.6_19G71_Restore.ipsw
init done
getting: 078-34285-078.dmg
100% [===================================================================================================>]
download succeeded
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Now you can boot untrusted images.
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Now you can boot untrusted images.
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
main: Starting...
iOS 15 iBoot detected!
getting get_sigcheck_patch() patch
applying patch=0x18038c554 : 000080d2
applying patch=0x18038c510 : 000080d2
main: Writing out patched file to work/iBSS.patched...
main: Quitting...
none
main: Starting...
iOS 15 iBoot detected!
getting get_boot_arg_patch(rd=md0 debug=0x2014e wdt=-1 serial=3 -restore) patch
getting get_debug_enabled_patch() patch
getting get_unlock_nvram_patch() patch
getting get_sigcheck_patch() patch
applying patch=0x87000d5a4 : 000080d2
applying patch=0x87000d560 : 000080d2
applying patch=0x870001d00 : 000080d2c0035fd6
applying patch=0x870001d58 : 000080d2c0035fd6
applying patch=0x87002c600 : 000080d2c0035fd6
applying patch=0x87000f178 : 200080d2
applying patch=0x870010700 : fa650510
applying patch=0x87001b3bc : 72643d6d64302064656275673d30783230313465207764743d2d312073657269616c3d33202d726573746f726500
applying patch=0x870013f90 : 1f2003d5
main: Writing out patched file to work/iBEC.patched...
main: Quitting...
none
krnl
main: Starting...
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-8020 inputted
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str loc at 0x95ec61
get_amfi_out_of_my_way_patch: Found Internal Error: No cdhash found. str ref at 0x1052c64
get_amfi_out_of_my_way_patch: Patching AMFI at 0x104e2a8
main: Writing out patched file to work/kcache.patched...
main: Quitting...
krnl
dtre
rtsc
rdsk
Reading work/ramdisk.dmg...
Image4 payload outputted to: work/ramdisk.im4p
Reading work/ramdisk.im4p...
Reading work/IM4M...
Outputting Image4...
Image4 file outputted to: sshramdisk/ramdisk.img4
none
[*] Booting ramdisk
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7001
Found the USB handle.
Now you can boot untrusted images.
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
[==================================================] 100.0%
Error connecting to device: No error information
[*] Dumping apticket
[*] Patching the kernel
[*] Waiting for network
[*] Downloading BuildManifest
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2024WinterFCS/fullrestores/052-42241/91FEA8EE-AEE8-4D4A-831D-CB5CF69B9D63/iPad_64bit_TouchID_15.8.2_19H384_Restore.ipsw
init done
getting: BuildManifest.plist
100% [===================================================================================================>]
download succeeded
[*] Downloading kernelcache
Version: 9bfdde2b2456181045f74631683fba491d8bf4f2 - 38
libfragmentzip version: 0.64-aaf6fae83a0aa6f7aae1c94721857076d04a14e8-RELEASE
init pzb: https://updates.cdn-apple.com/2024WinterFCS/fullrestores/052-42241/91FEA8EE-AEE8-4D4A-831D-CB5CF69B9D63/iPad_64bit_TouchID_15.8.2_19H384_Restore.ipsw
init done
getting: kernelcache.release.ipad5b
100% [===================================================================================================>]
download succeeded
[*] Patching kernelcache
Reading work/kernelcache...
[NOTE] Image4 payload data is LZSS compressed, decompressing...
Extracted extra Image4 payload data: to work/kpp.bin.
Extracted Image4 payload data to: work/kcache.raw
Bad magic: 20206d6f

After this, the iPad needs to be restored via iTunes before I can try again.

Any ideas?

[inkiebear]

Having the same issue. Mac OS 11, Python 3. Have tried running in Python 2.7 but did not help.

[cody151]

Having the same issue. Mac OS 11, Python 3. Have tried running in Python 2.7 but did not help.

I'm experimenting with different Python versions but haven't had any luck same error regardless of the version

[Hashim1999164]

It's not on python, This error is basically coming up on line # 799 and it worked once accidently for me and I was on pyimg 0.7 but it never worked again, tried new ipsw installation, new git repo pulled everything i tried, but failed.

remote_cmd "/mnt6/$active/kpf /mnt6/$active/System/Library/Caches/com.apple.kernelcaches/kcache.raw /mnt6/$active/System/Library/Caches/com.apple.kernelcaches/kcache.patched"