3utools Stuck At Waiting For Nand

Posted on by

As a few people had this issue, I decided to dig a little into it and get to see what cause the error 'Waiting for device' in libimobiledevice app during a CFW restore.
The issue: Incorrect usage of patches for iBEC and iBSS, ASR. If you use the patches without having an iBOOT exploit, your device would likely fail with that error.

It's hard to tell whether your iPhone is stuck in DFU Mode or simply freezes at the black screen. You can easily check the status of your device on 3uTools. If you're in trouble with DFU Mode or can not exit DFU mode manually, this post is a helper for you. The method I'm going to introduce is workable on all models of iPhone. In 3U tools it remain stuck at 20% Sending FDRTrustData. If its a NAND issue then would the existing NAND work after being reprogrammed or a new NAND is needed please? Can it be any other issue apart from NAND please? 3utools Flash Stuck At 20 - cleverllc Apr 16, 2020 'Mankind is a weak and wounded creature. It claws at life as all hope fades.' - Coven LeBlanc, Coven Zyra and her prestige edition, and the legendary Coven Morgana are now available, including new chromas and icons! In NAND Flash, the gate terminals of multiple memory cells in different strings are connected together as a page. To unselect a cell in the string, the entire page need to be unselected, which means the readout voltage needs to be applied to the gate terminals of all the cells in a page. I tried to update to iOS 11 but it made my iPhone stuck in recovery mode. I found 3utools to fix recovery mode stuck by restoring system to ios 10.3.3, fail. Stuck at 'Data.img' thru odin. Possible EMMC brick fix! Thanks to Jaymoon pg.#44 So here's the deal. I just couldn't help myself and I flashed shabbys ICS test build this morning. Well the more I started reading in the thread about guys having. This 3utools on this iphone 6 got -2 error, stuck at 19%, 3utools was waiting for it to boot up properly but boots direct to DFU again after 3utools prompted it to reboot to start loading OS from manually put into DFU mode), Every time I reboot or turn it back on after if I disconnect battery) was originally bootlooping.

The NAND ATTACK:
The NAND attack consists in using cached files in the phone's memory from a failed attempt. By using them, your device has chances to skip ASR as the verification went to 100% already.
For that you need to skip patching part (iBEc and iBSS and ASR).

In the video I show the concept of NAND Attack and also how to fix Waiting for Device issue.
As a bonus, I show you where to find the correct Base Addr for iBOOT in IDA so you can start researching if you have Assembly knowledge.

The NAND (NOT AND GATE) is a non-volatile memory chip that is used in all iDevices. This is the chip who stores anything from the system (including USER DATA and SYSTEM FILES). The main DMGs are being monted on this chip and it defines the storage of the device (from 4GB up to 128GB depending on the model).

Stuck

If you want to attack the ROOT File System, this is where you will start.

What only a few people know is that although this chip shows only two visible File Systems, it actually has more, such as NVRAM, BOOT Files, SCFG (System Configuration) and so on, so it is a valuable piece for Jailbreakers too.https://yellowsite854.weebly.com/blog/animate-cc-2015-1521.

iCloud Bypass in it's standard concept is not very hard. You have to remove (by some way) the Setup.app inside the ROOT FS, in the Applications folder. By doing so, your device will start but the 'Hello Screen' which is in fact this Setup.app, won't appear as it was removed.

In a normal case, during the BOOT, the Springboard (containing all apps) loads first, and on top of it, the Setup.app. That's why if you overload the Setup.app (with emojis) you will make it crash, and for a second you can see the springboard. It is under Setup.app.

If we remove the Setup.app entirely, there would be nothing to start on top of Springboard and also there would be no lock in process to make Springboard freeze, therefore you will be able to use iPhone's apps.

On iPhone 4 and all A4 processor devices from Apple, limera1n exploit made it easy to SSH into the System via Power Cord and SSH Ramdisk file, and you can use a SCP client like WinSCP in order to remove this Setup.app.

The lack of such exploit for A6 devices and A5 ones (iPhone 4S, 5, 5C etc.) makes it impossible to SSH into it, therefore, we use CFW already patched.

Although this tutorial is provided as 'iOS 9.2.1', it works for all versions for which you can grab ROOT KEYS (AES) to decrypt the DMGs.

You can find such keys on The iPhone Wiki (a link was added at the links section down bellow, check it out).

3utools Stuck At Waiting For Nand Windows

Libimobiledevice: //quamotion.mobi/iMobileDevice/download
Keys: //www.theiphonewiki.com/wiki/Firmware

CFW making tutorial: //www.youtube.com/watch?v=KQNYkp64oL4
(Just skip the patching part)

Tested on iPhone 4S, but works on all devices that have keys published.

Download redsn0w 0.9.2 for mac. I made a dissembled iBOOT for n42 and n49 available on the forum.
//forum.fce365.info

3utools Stuck At Waiting For Nand Phone


//WORK IN PROGRESS