checkra1n / pongoos Goto Github PK

I have system in VMware Workstation 16, was working by this instruction: https://github.com/checkra1n/pongoOS#building-on-linux.
This is what i installed: cland llvm ld64 cctools-strip.
Here's my log: https://pastebin.com/EtnjeJYP

Sorry for my bad english, btw

when i try to boot android on iphone 7 ios13.3.1 i get the error "Failed to open dtree" how do i solve it?

I have an iphone 6s (N71mAP) with iOS 13.X that only booted into recovery mode after low storage. I tried to update with iTunes to iOS 14, but the update failed after about 1/3 (of progressbar during the update). I didn't try to restore from iTunes since I wanted to save data.

With PyBoot/eclipsa (as part of @danieltroger nice telnet ramdisk, thx!) I wasn't able to get into pwndfu mode. With king I was more successful and irecovery -s confirmed the checkm8 pwned dfu mode.

I tried to boot pongo /Applications/checkra1n.app/Contents/MacOS/checkra1n -p, but the iPhone boots straight into recovery mode. I tried multiple times with two different Macs.

everytime i do "./pongoterm" it says "connected" then "USBControlTransfer: (iokit/usb) pipe has stalled, error needs to be cleared" and doesnt give a shell. Why is this happening?

Linux says "device not responding to setup address" and mac doesn't recognize it at all.

TZ0 ends up being locked before pongoOS can do anything about it. I figure that's because of the new iBoot version.
Here's from 14.4.2:

#================== 
# 
# pongoOS 2.5.0-0cb6126f 
# 
# https://checkra.in 
# 
#================== 
Booted by: iBoot-6723.80.19 
Built with: Clang 12.0.0 (clang-1200.0.32.29) 
Running on: Apple A10 (T8010) 
 pongoOS> sep pwn  
image len 14b7a0 -> 14b7c8 
found victim block @ 14b7a0 
AP->SEP: endpoint ff, tag: 0, opcode: 1, param: 0, data: 0 
SEP->AP: endpoint ff, tag: 0, opcode: 65, param: 0, data: 0 
AP->SEP: endpoint ff, tag: 0, opcode: 5, param: 0, data: 0 
SEP->AP: endpoint ff, tag: 0, opcode: 69, param: 0, data: 0 
SEP->AP: endpoint ff, tag: 0, opcode: d2, param: 0, data: 2 
AP->SEP: endpoint ff, tag: 0, opcode: 1, param: 0, data: 0 
SEP->AP: endpoint ff, tag: 0, opcode: 65, param: 0, data: 0 
successfully obtained SEPROM code execution 
sepb @ 14b6c0 
patched out bpr check 
SEP payload ready to boot

All good. But if you restore to 14.5, you'll get this:

#================== 
# 
# pongoOS 2.5.0-0cb6126f 
# 
# https://checkra.in 
# 
#================== 
Booted by: iBoot-6723.102.4 
Built with: Clang 12.0.0 (clang-1200.0.32.29) 
Running on: Apple A10 (T8010) 
 pongoOS> sep pwn  
image len 152bf0 -> 152c18 
found victim block @ 152c00 
Registers are locked

root@toby-GA-970A-DS3:/home/toby# docker run docker.pkg.github.com/checkra1n/pongoos/build-pongo:latest
make: *** No targets specified and no makefile found. Stop.

I cannot build using the makefile, at the end I get this error:

could not process llvm bitcode object file, because /usr/bin/../lib/llvm/libLTO.so could not be loaded file '/tmp/stage3-419734.o' for architecture arm64

clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [Makefile:99: build/Pongo] Error 1

On attempt to communicate with pongoOS on Apple TV4 I get a timeout.

bash-3.2$ python issue_cmd.py ?
Traceback (most recent call last):
  File "issue_cmd.py", line 31, in <module>
    dev.ctrl_transfer(0x21, 3, 0, 0, sys.argv[1] + "\n")
  File "/usr/local/lib/python2.7/site-packages/usb/core.py", line 1043, in ctrl_transfer
    self.__get_timeout(timeout))
  File "/usr/local/lib/python2.7/site-packages/usb/backend/libusb1.py", line 883, in ctrl_transfer
    timeout))
  File "/usr/local/lib/python2.7/site-packages/usb/backend/libusb1.py", line 595, in _check
    raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 60] Operation timed out

The last messages on the TV screen.
...
Pongo shell requested, stopping here!
Enabling USB
Done!
pongoOS> set xnu boot arg cmdline to: [rootdev=md0]
pongoOS>

At the same time I am able to interact with pongoOS on iPhone.

Version: # Checkra1n beta 0.10.1

PongoOS from commit 4ebe9c5 always boots into Pongo shell, no matter the arguments to checkra1n. I'm running it as follows:

/Users/forcebru/Desktop/Jailbreak/checkra1n/checkra1n.app/Contents/MacOS/checkra1n -k /Users/forcebru/Desktop/Jailbreak/checkra1n/pongoOS/build/Pongo.bin

Setting CHECKRA1N_PONGO=0 before running the command doesn't help.

Setup:

• iPhone 6+
• iOS 12.4
• Checkra1n beta 0.9.8.2
• pongoOS 4ebe9c5

This doesn't happen with pongoOS shipped with Checkra1n (1.0-641...)

So I've built the example module and now trying to load it somehow.

First, is there any documentation on how to use this thing?

Since Checkra1n operates on devices in DFU mode, I put my iPhone into DFU mode as well. Then executed lines from scripts/module_load_boot.py line-by-line (BTW, my idProduct != 0x4141, so maybe no need to hard-code it), but it errors out here:

https://github.com/checkra1n/pongoOS/blob/1dc577ff3e139755545b94123b9a83e3e8c93bb2/scripts/module_load_boot.py#L31

Traceback:

>>> dev.ctrl_transfer(0x21, 2, 0, 0, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/usb/core.py", line 1043, in ctrl_transfer
    self.__get_timeout(timeout))
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/usb/backend/libusb1.py", line 883, in ctrl_transfer
    timeout))
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/usb/backend/libusb1.py", line 595, in _check
    raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 32] Pipe error

So, how can I solve this? Checkra1n itself runs fine, pyusb detects the device, iTunes detects it too, so there are no issues with the USB connection.

I've tried both brew and from source compilation of libusb.
I also tried reinstalling pyusb and using another python version.
However, it can still not detect my device.

In my own mvusblib it works and detects the device as PongoOS USB device, just like System Information app does.
However, making the control requests via my own USB library for sending a command leads to the device panicking.

The device used was an iPhone 6S, connected to a MacOS computer on El Capitan.
Please help me get my device detected so I can start developing pongoOS modules.

pongoOS normally boots as an iBoot payload, and the iBoot is loaded by SecureROM from the NAND. Can it boot from iBoot loaded in RAM(e.g. by DFU)? i.e. boot pongoOS without a NAND flash

Purpose

I want to use "checkra1n -k Pongo.bin" and just load "checkra1n-kpf-pongo" module, then boot xnu on iOS14/iPhone7. It was ok on iOS13/iPhone7 before.

Here is my steps:

1. Open terminal and input "/Applications/checkra1n.app/Contents/MacOS/checkra1n -k pongo_bin -v -c"
2. when in pongos shell, load "checkra1n-kpf-pongo" module, then just input "bootx" in pongos shell.

Problems

case1: iOS14/iPhone7

It's work well when use "checkra1n -k PongoConsolidated.bin"

case2: iOS14/iPhone7

it failed to bootx when use "checkra1n -k Pongo.bin" whether load checkra1n-kpf-pongo module or not

case3: iOS13/iPhone7

It's work well when use "checkra1n -k PongoConsolidated.bin" or "checkra1n -k Pongo.bin".

case4: iOS14/iPhone7

It's work well when use lastest checkra1n.app to jailbreak device.

Enviroment

• iPhone7/iOS14.4

• Lastest pongOS

• MacOS 10.15.7

Is it possible to control kernel patch finder by the 'kpf_flags' command so that to enable/disable sandbox patch/es?
It is interesting to play with the Siguza's sandbox escape bug in the sandboxed environment.

Would it be possible to pwn sep on Apple TV 4/4K?

When running sudo python3 ./issue_cmd.py help I get the output

❯ sudo python3 ./issue_cmd.py help              
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/usb/core.py", line 1055, in ctrl_transfer
    buff = util.create_buffer(data_or_wLength)
  File "/usr/lib/python3.9/site-packages/usb/util.py", line 164, in create_buffer
    return array.array('B', _dummy_s * length)
TypeError: can't multiply sequence by non-int of type 'str'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/usb/_interop.py", line 94, in as_array
    return array.array('B', data)
TypeError: cannot use a str to initialize an array with typecode 'B'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/cameron/Documents/pongoOS/scripts/./issue_cmd.py", line 31, in <module>
    dev.ctrl_transfer(0x21, 3, 0, 0, sys.argv[1] + "\n")
  File "/usr/lib/python3.9/site-packages/usb/core.py", line 1057, in ctrl_transfer
    buff = _interop.as_array(data_or_wLength)
  File "/usr/lib/python3.9/site-packages/usb/_interop.py", line 99, in as_array
    a.fromstring(data) # deprecated since 3.2
AttributeError: 'array.array' object has no attribute 'fromstring'

however running sudo python2 ./issue_cmd.py works with python 2.7

This issue is about tracking the progress of the port of pongoOS to Apple Silicon-based Macs.

Stay tuned!

Hi, I was trying to run linux using this build, however, I see that fdt is executed in pongoOS and does nothing in my iPhone 7 Plus, so I would like to compile the fdt module from pongoOS/src/modules/linux/libfdt but I can't seem to make it, running make in that directory pongoOS/src/modules/linux/libfdt through terminal returns make: *** No targets specified and no makefile found. Stop. even when there's a Makefile.libfdt so can you please tell me how to make fdt module from pongoOS/src/modules/linux/libfdt? thanks.

I m trying to load raw ibss from pongo shell. When I send raw ibss and bootr then it just hangs on a white screen doesn’t allow to send ibec. But if i send raw ibec From pongo shell it boots fine, but the problem is I want to load ibss first and then ibec as I can’t use go command properly with out. Please help. Thanks

Trying to compile the latest pongoOS with the kpf included, but looks like make all is only building Pongo & Pongo.bin. AFAIK, make all should build the kpf, so could this be looked at? Thanks.

building on macOS Catalina w/ Xcode & CLT installed, btw.

Forgive me if this is a known issue, but I updated my Mac to 11.3 and now checkra1n crashes after entering dfu mode. Hope this can be fixed!

device : iphone7
ios version : ios 14.6

Booted by: iBoot-6723.120.36
Built with: Clang 12.0.5 (clang-1205.0.22.11)
Running on: Apple A10 (T8010)
[modload_macho:i] Attempting to load a module
[modload_macho:+] Loaded module checkra1n-kpf2-12.0,14.5


#==================
#
# checkra1n kpf 0.12.4
#
# Proudly written in nano
# (c) 2019-2021 Kim Jong Cracks
#
# This software is not for sale
# If you purchased this, please
# report the seller.
#
# Get it for free at https://checkra.in
#
#====  Made by  ===
# argp, axi0mx, danyl931, jaywalker, kirb, littlelailo, nitoTV
# never_released, nullpixel, pimskeks, qwertyoruiop, sbingner, siguza
#==== Thanks to ===
# haifisch, jndok, jonseals, xerub, lilstevie, psychotea, sferrini
# Cellebrite (ih8sn0w, cjori, ronyrus et al.)
#==================
Found old-style rdsk!
Pongo shell requested, stopping here!
pongoOS> Set xnu boot arg cmdline to: [rootdev=md0]
pongoOS> sep pwn
pongoOS> tz      
TZ0 (locked):
    base: 17e09c (97e09c000)
    end:  7ed5b (87ed5c000)

TZ1 (unlocked):
    base: 0 (800000000)
    end:  0 (800001000)

pongoOS> sep peek 87ea5a000

!!stuck here!!

when i run sep peek at 87ea5c000 it stuck....anyone can tell me the reason？
https://raw.githubusercontent.com/windknown/presentations/master/Attack_Secure_Boot_of_SEP.pdf
i read the part about Bypass SEP External Memory Isolation and i think i can read the memory (eg:0x87ea5a000)after "sep pwn" because the TZ0 base is changed . Wrong i ?

Here are two confused questions about post kernel patch.

1, I didn't found the code that setup binpack, dropbear , mount checkra1n.dmg and so on.
how launchd process run processes like dropbear? by inject dyld?

2, any boot option/gBootFlag can skip setup loader.app or launch dropbear process after boot patched kernel?

I think the two questions maybe the same problem. Thank you so much for your response!

I compiled the testmodule under example folder. Then copied it to scripts folder.
I ran the following command but met with an error. Could you help? Thanks
python3 module_load.py test_module
Traceback (most recent call last):
File "module_load.py", line 36, in
dev.write(2,"")
File "/Library/Python/3.8/site-packages/usb/core.py", line 943, in write
return fn(
File "/Library/Python/3.8/site-packages/usb/backend/libusb1.py", line 819, in bulk_write
return self.__write(self.lib.libusb_bulk_transfer,
File "/Library/Python/3.8/site-packages/usb/backend/libusb1.py", line 920, in __write
_check(retval)
File "/Library/Python/3.8/site-packages/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 60] Operation timed out

pongoOS version: 2.4.5-f337e98a
Device: iPhone 7 (9,3/D101)

For some reason, any attempt to upload a file that's bigger than 16 MB fails (for example with bundled upload_data.py script)
Seems to only happen on builds bundled with checkra1n 0.12 beta and future versions.

Traceback (most recent call last):
  File "../pongoOS/scripts/upload_data.py", line 34, in <module>
    dev.write(2,data,1000000)
  File "/home/alula/.pyenv/versions/3.8.3/lib/python3.8/site-packages/usb/core.py", line 943, in write
    return fn(
  File "/home/alula/.pyenv/versions/3.8.3/lib/python3.8/site-packages/usb/backend/libusb1.py", line 819, in bulk_write
    return self.__write(self.lib.libusb_bulk_transfer,
  File "/home/alula/.pyenv/versions/3.8.3/lib/python3.8/site-packages/usb/backend/libusb1.py", line 920, in __write
    _check(retval)
  File "/home/alula/.pyenv/versions/3.8.3/lib/python3.8/site-packages/usb/backend/libusb1.py", line 595, in _check
    raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 5] Input/Output Error

Trying to see if somehow can jailbreak on 12.1.
Want to start modifying something in fs.
any basic example doing that?

were pongoOS 1.2.1-3a324c92 ??
I need for lunch linux arm64 on ip7

After building pongoOS how do I run it on my device?

While writing a pongoOS module, I noticed the device would sometimes hang at "Booting" after bootx was issued after a module was loaded:

At first I thought it was something my module was doing, but this issue is present on a module that just registers its own preboot hook that invokes checkra1n's preboot hook to run its KPF.

This happens around 10% of the time on an iPhone X running iOS 13.3.1, an iPhone 8 running iOS 13.6, and an iPhone SE (original, 2016) running iOS 13.6. The only device I could not get this issue to happen on is an iPhone 7 running iOS 13.1.2.

I attached the barebones module which causes the problem. I use libusb 1.0.23 to communicate with the device, and I compile this on macOS 10.15.4. To compile, unzip to some directory, cd to that directory, and make. Then: loader/loader module/module and boot the device to a pongo shell. checkra1n version is beta 0.10.2.

pongo_hanger.zip

Hi All,

I am trying to use either UnlockGo or 4UKey to get access to my old iPad Pro 9.7inch at iPadOS 14.5.1.

Years ago I was locked out by an issue with 2-step verification and that AppleID - I had to start over with a new one. I have been 'waiting' for the software ecosystem to bypass this all and be able to essentially start over with is as a device for my trainee Doctor gf.

I first have to remove the passcode lock, which those softwares do, but when I try to action any further steps, their is
an 'Activation lock' (Weird, since it was long-since activated), which to bypass invokes Checkra1n. The previous version of this 0.12.3 reported that it did not support iPadOS 14.5, so again I've been waiting until Checkra1n caught up and 0.12.4 seems to be okay with 14.5, so I try running it, but once in DFU mode, it looks like PongoOS loads - it get's to a command-line prompt >PongoOS ...and then times out, with an error -20. the suggestion is that this iPad has a non-standard tweak, but 'none that I know if' unless it's something that has been introduced by UnlockGo or 4Ukey, but this would seem unlikely, since they are 'attached' and in-train..?

So, is there some additional Boot argument I can make? Verbose boot doesn't seem to result in any further info on either iPad or Checkra1n (on MacOS).

I basically am stuck in this loop, and unless I can get this jailbroken, then there would seem to be no way around this iPad lockout. I had essentially given up on it a couple of years ago so this is more 'fun' than essential, but for all I know I am effectively 'bug reporting' on Checkra1n here, so thought I'd mentioning!

Thanks in advance.

I need in result to backup files from iPhone SE in recovery loop boot (seems because there is not enough free storage space to upgrade to new signed ipsw - error 14 when 75% of file system sent).

Therefore I want to restore 13.x version (because it has weight less about 1 GB).

Or may be is there a way to decrease size of current signed IPSW (iOS 14.3 (18C66) - https://ipsw.me/download/iPhone8,4/18C66) and boot it, to have access to iPhone file system?

Hi, I would like to type commands in the pongoOS shell, can you please tell me any method at all to type in the pongoOS shell? thanks.

About
pongoOS

come on, man

....
ld: warning: ignoring file newlib/aarch64-none-darwin/lib/libc.a, building for free standing-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
ld: warning: ignoring file newlib/aarch64-none-darwin/lib/libm.a, building for free standing-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
Undefined symbols for architecture arm64:
"_realloc", referenced from:
_public_api in cc-4117cf.o
(maybe you meant: _reallocate_loader_xfer_data)
"_strrchr", referenced from:
_fdt_subnode_offset_namelen in cc-4117cf.o
"_putchar", referenced from:
_command_main in cc-4117cf.o
_public_api in cc-4117cf.o
"_fgets", referenced from:
_command_main in cc-4117cf.o
"_strtoul", referenced from:
_poke_cmd in cc-4117cf.o
_sep_pwned_peek in cc-4117cf.o
_sep_pwned_poke in cc-4117cf.o
_sep_pwned_jump in cc-4117cf.o
_public_api in cc-4117cf.o
"_qsort", referenced from:
_command_register in cc-4117cf.o
_start_host_shell in cc-4117cf.o
"_strtoull", referenced from:
_md8_cmd in cc-4117cf.o
_phys_page_dump in cc-4117cf.o
_peek_cmd in cc-4117cf.o
_poke_cmd in cc-4117cf.o
_spawn_cmd in cc-4117cf.o
_tz0_set in cc-4117cf.o
_xnu_pf_get_kext_header in cc-4117cf.o
...
"_printf", referenced from:
_pongo_boot_linux in cc-4117cf.o
"_strdup", referenced from:
_modload_cmd in cc-4117cf.o
_hal_service_op in cc-4117cf.o
_hal_load_dtree_child_node in cc-4117cf.o
"_vfiprintf", referenced from:
_task_crash_internal in cc-4117cf.o
_public_api in cc-4117cf.o
"_strlcpy", referenced from:
_task_list in cc-4117cf.o
"_viprintf", referenced from:
_panic in cc-4117cf.o
"_strncmp", referenced from:
_device_clock_by_name in cc-4117cf.o
_dt_cbp in cc-4117cf.o
"_fflush", referenced from:
_print_state in cc-4117cf.o
_queue_rx_char in cc-4117cf.o
_command_main in cc-4117cf.o
"_strlen", referenced from:
_dt_find_cb in cc-4117cf.o
_pongo_entry_cached in cc-4117cf.o
_memstr in cc-4117cf.o
_memstr_partial in cc-4117cf.o
_command_main in cc-4117cf.o
_linux_cmdline_cmd in cc-4117cf.o
_aes_cmd in cc-4117cf.o
...
(maybe you meant: strlen)
"_fiprintf", referenced from:
_print_state in cc-4117cf.o
_wdt_reset in cc-4117cf.o
_task_crash_internal in cc-4117cf.o
_sep_handle_msg_from_sep in cc-4117cf.o
_sep_boot_auto in cc-4117cf.o
_seprom_fwload_race in cc-4117cf.o
_public_api in cc-4117cf.o
...
"_bzero", referenced from:
_pongo_entry_cached in cc-4117cf.o
_ppage_alloc in cc-4117cf.o
_alloc_init in cc-4117cf.o
_ttbpage_alloc in cc-4117cf.o
_vm_create in cc-4117cf.o
_proc_create_task in cc-4117cf.o
_task_create_extended in cc-4117cf.o
...
"_memchr", referenced from:
_pongo_entry_cached in cc-4117cf.o
_fdt_get_string in cc-4117cf.o
_fdt_subnode_offset_namelen in cc-4117cf.o
"_memcpy", referenced from:
_sync_exc_el0 in cc-4117cf.o
_dt_get_u32_prop in cc-4117cf.o
_dt_get_u64_prop in cc-4117cf.o
_dt_get_u64_prop_i in cc-4117cf.o
_pongo_entry_cached in cc-4117cf.o
_pongo_entry in cc-4117cf.o
_pongo_main_task in cc-4117cf.o
...
(maybe you meant: ___memcpy_chk, _memcpy_trap , memcpy )
"_strcat", referenced from:
_pongo_entry_cached in cc-4117cf.o
_pongo_main_task in cc-4117cf.o
"_strcmp", referenced from:
_dt_find_cb in cc-4117cf.o
_dt_prop in cc-4117cf.o
_dt_alloc_memmap in cc-4117cf.o
_dt_get_u32_prop in cc-4117cf.o
_dt_get_u64_prop in cc-4117cf.o
_dt_get_u64_prop_i in cc-4117cf.o
_dt_get_prop in cc-4117cf.o
...
(maybe you meant: strcmp)
"_free", referenced from:
_pongo_entry_cached in cc-4117cf.o
_vm_release in cc-4117cf.o
_task_release in cc-4117cf.o
_task_list in cc-4117cf.o
_proc_release in cc-4117cf.o
_filetable_release in cc-4117cf.o
_fdt_cmd in cc-4117cf.o
...
(maybe you meant: _ttbpage_free, _free_contig , _ttbpage_free_walk_recursive , _phys_force_free , _stack_freelist , _kernel_stack_free , _free_list , _free_pages , _free_phys , _phys_page_was_freed , _page_free , _ttb_freelist , _ttbpage_free_walk , _asid_free , _ppage_free , _jit_free )
"_memmem", referenced from:
_memstr in cc-4117cf.o
_memstr_partial in cc-4117cf.o
_xnu_pf_get_kext_header in cc-4117cf.o
_public_api in cc-4117cf.o
"__impure_ptr", referenced from:
_command_putc in cc-4117cf.o
_print_state in cc-4117cf.o
_wdt_reset in cc-4117cf.o
_task_crash_internal in cc-4117cf.o
_queue_rx_char in cc-4117cf.o
_command_main in cc-4117cf.o
_sep_handle_msg_from_sep in cc-4117cf.o
...
"_malloc", referenced from:
_pongo_entry_cached in cc-4117cf.o
_pongo_main_task in cc-4117cf.o
_vm_create in cc-4117cf.o
_task_list in cc-4117cf.o
_proc_create_task in cc-4117cf.o
_task_create_extended in cc-4117cf.o
_task_create in cc-4117cf.o
...
(maybe you meant: ___malloc_lock, ___malloc_unlock )
"_calloc", referenced from:
_pongo_entry_cached in cc-4117cf.o
_modload_cmd in cc-4117cf.o
_spawn_cmd in cc-4117cf.o
"___errno", referenced from:
_task_list in cc-4117cf.o
"_memset", referenced from:
_pongo_entry_cached in cc-4117cf.o
_task_restart_and_link in cc-4117cf.o
_task_register_unlinked in cc-4117cf.o
___memset_chk in cc-4117cf.o
_modload_cmd in cc-4117cf.o
_seprom_fwload_race in cc-4117cf.o
_fdt_add_subnode in cc-4117cf.o
...
(maybe you meant: ___memset_chk)
"_iprintf", referenced from:
_sync_exc_el0 in cc-4117cf.o
_pongo_entry_cached in cc-4117cf.o
_print_register in cc-4117cf.o
_pongo_main_task in cc-4117cf.o
_panic in cc-4117cf.o
_task_list in cc-4117cf.o
_task_switch_irq in cc-4117cf.o
...
"_puts", referenced from:
_pongo_entry_cached in cc-4117cf.o
_command_puts in cc-4117cf.o
_pongo_main_task in cc-4117cf.o
_panic in cc-4117cf.o
_task_switch_irq in cc-4117cf.o
_modload_cmd in cc-4117cf.o
_xnu_pf_emit in cc-4117cf.o
...
(maybe you meant: _screen_puts, _command_puts )
"_strchr", referenced from:
_aes_cmd in cc-4117cf.o
"_strcpy", referenced from:
_dt_alloc_memmap in cc-4117cf.o
_pongo_entry_cached in cc-4117cf.o
_pongo_main_task in cc-4117cf.o
_pongo_boot_xargs in cc-4117cf.o
_public_api in cc-4117cf.o
(maybe you meant: strcpy)
"_memmove", referenced from:
_pongo_entry_cached in cc-4117cf.o
_seprom_fwload_race in cc-4117cf.o
fdt_add_property in cc-4117cf.o
_fdt_setprop in cc-4117cf.o
_fdt_appendprop in cc-4117cf.o
_fdt_add_subnode in cc-4117cf.o
_fdt_open_into in cc-4117cf.o
...
"___stack_chk_fail", referenced from:
_pongo_entry_cached in cc-4117cf.o
_print_state in cc-4117cf.o
_hexprint in cc-4117cf.o
_aes_cmd in cc-4117cf.o
_sep_aes_kbag in cc-4117cf.o
_seprom_fwload_race in cc-4117cf.o
_sep_aes_cmd in cc-4117cf.o
...
"_putc", referenced from:
_command_putc in cc-4117cf.o
_print_state in cc-4117cf.o
_task_crash_internal in cc-4117cf.o
_queue_rx_char in cc-4117cf.o
_public_api in cc-4117cf.o
(maybe you meant: _screen_putc, _command_putc , _serial_putc )
"___stack_chk_guard", referenced from:
_pongo_entry_cached in cc-4117cf.o
_print_state in cc-4117cf.o
_hexprint in cc-4117cf.o
_aes_cmd in cc-4117cf.o
_sep_aes_kbag in cc-4117cf.o
_seprom_fwload_race in cc-4117cf.o
_sep_aes_cmd in cc-4117cf.o
...
"_strstr", referenced from:
_xnu_pf_get_kext_header in cc-4117cf.o
"_memcmp", referenced from:
_pongo_entry_cached in cc-4117cf.o
_seprom_fwload_race in cc-4117cf.o
_xnu_pf_ptr_to_data_match in cc-4117cf.o
fdt_get_property_namelen in cc-4117cf.o
_fdt_subnode_offset_namelen in cc-4117cf.o
fdt_add_property in cc-4117cf.o
_public_api in cc-4117cf.o
...
"_strncpy", referenced from:
_pongo_entry_cached in cc-4117cf.o
_proc_create_task in cc-4117cf.o
_task_create_extended in cc-4117cf.o
_task_create in cc-4117cf.o
_spawn_cmd in cc-4117cf.o
"_siprintf", referenced from:
_pongo_entry_cached in cc-4117cf.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [build/Pongo] Error 1

macOS Catalina, version 10.15.7
I reinstalled xcode command-line tools and updated xcode, clang, etc.
what should I do for it? thank you.

Is there any docs|notes for those about to start contributing to the project?
[ ]`s

I am trying to run project sandcastle using version 0.12.1 of checkrain, which includes a recent version of pongoOS. The sandcastle start script fails due to "Unknown command: fdt". Looking at the git history, is seems the command was removed in commit 696c1ee. Could you please tell me a little about why this command was removed. Is there an alternative option?

im trying to compile on Linux, I have all the dependencies, but i get this error during compilation
make -C newlib all
make[1]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib'
make -C /home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build all
make[2]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build'
make "AR_FLAGS=rc" "CC_FOR_BUILD=gcc" "CFLAGS=--target=arm64-apple-ios12.0 -Wall -O3 -ffreestanding -nostdlib -nostdlibinc -fno-builtin -fno-blocks -U__nonnull -D_LDBL_EQ_DBL " "CCASFLAGS=--target=arm64-apple-ios12.0 -Wall -O3 -ffreestanding -nostdlib -nostdlibinc -fno-builtin -fno-blocks -U__nonnull -D_LDBL_EQ_DBL " "CFLAGS_FOR_BUILD=" "CFLAGS_FOR_TARGET=" "INSTALL=/usr/bin/install -c" "LDFLAGS=" "LIBCFLAGS=" "LIBCFLAGS_FOR_TARGET=" "MAKE=make" "MAKEINFO=/bin/bash /home/ryan/iOS-downgrade-tethered/pongoOS/newlib/src/missing --run makeinfo " "PICFLAG=" "PICFLAG_FOR_TARGET=" "SHELL=/bin/bash" "EXPECT=if test -f ./../expect/expect; then echo ./../expect/expect; else echo expect; fi" "RUNTEST=if test -f /home/ryan/iOS-downgrade-tethered/pongoOS/newlib/src/newlib/../dejagnu/runtest; then echo /home/ryan/iOS-downgrade-tethered/pongoOS/newlib/src/newlib/../dejagnu/runtest; else echo runtest; fi" "RUNTESTFLAGS=" "exec_prefix=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib" "infodir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/share/info" "libdir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/lib" "prefix=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib" "tooldir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/aarch64-none-darwin" "top_toollibdir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/aarch64-none-darwin/lib" "AR=llvm-ar" "AS=as" "CC=clang -I/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/targ-include -I/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/src/newlib/libc/include" "LD=" "LIBCFLAGS=" "NM=" "PICFLAG=" "RANLIB=llvm-ranlib" "DESTDIR=" all-recursive
make[3]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build'
true "AR_FLAGS=rc" "CC_FOR_BUILD=gcc" "CFLAGS=--target=arm64-apple-ios12.0 -Wall -O3 -ffreestanding -nostdlib -nostdlibinc -fno-builtin -fno-blocks -U__nonnull -D_LDBL_EQ_DBL " "CCASFLAGS=--target=arm64-apple-ios12.0 -Wall -O3 -ffreestanding -nostdlib -nostdlibinc -fno-builtin -fno-blocks -U__nonnull -D_LDBL_EQ_DBL " "CFLAGS_FOR_BUILD=" "CFLAGS_FOR_TARGET=" "INSTALL=/usr/bin/install -c" "LDFLAGS=" "LIBCFLAGS=" "LIBCFLAGS_FOR_TARGET=" "MAKE=make" "MAKEINFO=/bin/bash /home/ryan/iOS-downgrade-tethered/pongoOS/newlib/src/missing --run makeinfo " "PICFLAG=" "PICFLAG_FOR_TARGET=" "SHELL=/bin/bash" "EXPECT=expect" "RUNTEST=runtest" "RUNTESTFLAGS=" "exec_prefix=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib" "infodir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/share/info" "libdir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/lib" "prefix=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib" "tooldir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/aarch64-none-darwin" "top_toollibdir=/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/aarch64-none-darwin/lib" "AR=llvm-ar" "AS=as" "CC=clang -I/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/targ-include -I/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/src/newlib/libc/include" "LD=" "LIBCFLAGS=" "NM=" "PICFLAG=" "RANLIB=llvm-ranlib" "DESTDIR=" DO=all multi-do # make
Making all in libc
make[4]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc'
Making all in argz
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/argz'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/argz'
Making all in stdlib
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/stdlib'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/stdlib'
Making all in ctype
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/ctype'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/ctype'
Making all in search
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/search'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/search'
Making all in stdio
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/stdio'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/stdio'
Making all in string
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/string'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/string'
Making all in signal
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/signal'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/signal'
Making all in time
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/time'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/time'
Making all in locale
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/locale'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/locale'
Making all in sys
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/sys'
Making all in .
make[6]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/sys'
make[6]: Nothing to be done for 'all-am'.
make[6]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/sys'
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/sys'
Making all in reent
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/reent'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/reent'
Making all in errno
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/errno'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/errno'
Making all in misc
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/misc'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/misc'
Making all in machine
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/machine'
Making all in aarch64
make[6]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/machine/aarch64'
make[6]: Nothing to be done for 'all'.
make[6]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/machine/aarch64'
Making all in .
make[6]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/machine'
make[6]: Nothing to be done for 'all-am'.
make[6]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/machine'
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/machine'
Making all in syscalls
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/syscalls'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/syscalls'
Making all in ssp
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/ssp'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc/ssp'
Making all in .
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc'
make[5]: Nothing to be done for 'all-am'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc'
make[4]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libc'
Making all in libm
make[4]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm'
Making all in math
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/math'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/math'
Making all in common
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/common'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/common'
Making all in complex
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/complex'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/complex'
Making all in fenv
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/fenv'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/fenv'
Making all in machine
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/machine'
Making all in aarch64
make[6]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/machine/aarch64'
make[6]: Nothing to be done for 'all'.
make[6]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/machine/aarch64'
Making all in .
make[6]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/machine'
make[6]: Nothing to be done for 'all-am'.
make[6]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/machine'
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm/machine'
make[5]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm'
make[5]: Nothing to be done for 'all-am'.
make[5]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm'
make[4]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/libm'
Making all in doc
make[4]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/doc'
make[4]: Nothing to be done for 'all'.
make[4]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build/doc'
Making all in .
make[4]: Entering directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build'
make[4]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build'
make[3]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build'
make[2]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib/build'
make[1]: Leaving directory '/home/ryan/iOS-downgrade-tethered/pongoOS/newlib'
clang -o build/Pongo --target=arm64-apple-ios12.0 -std=gnu17 -Wall -Wunused-label -Werror -O3 -flto -ffreestanding -U__nonnull -nostdlibinc -DTARGET_OS_OSX=0 -DTARGET_OS_MACCATALYST=0 -Inewlib/aarch64-none-darwin/include -nostdlib -static -Wl,-fatal_warnings -Wl,-dead_strip -Wl,-Z -fuse-ld=/usr/bin/ld64 -DPONGO_VERSION='"2.5.1-217eae6f"' -DAUTOBOOT -DPONGO_PRIVATE=1 -Isrc/lib -Iinclude -Iapple-include -Iinclude/modules/linux/ -Isrc/kernel -Isrc/drivers -Isrc/modules/linux/libfdt -Lnewlib/aarch64-none-darwin/lib -lc -lm -Wl,-preload -Wl,-no_uuid -Wl,-e,start -Wl,-order_file,src/sym_order.txt -Wl,-image_base,0x100000000 -Wl,-sectalign,__DATA,__common,0x8 -Wl,-segalign,0x4000 -DDER_TAG_SIZE=8 src/boot/entry.S src/boot/stage3.c src/boot/clearhook.S src/boot/patches.S src/boot/demote_patch.S src/boot/jump_to_image.S src/boot/main.c src/kernel/panic.c src/kernel/syscall.c src/kernel/lowlevel.c src/kernel/task.c src/kernel/mm.c src/kernel/vfs.c src/kernel/dtree.c src/kernel/legacy.c src/kernel/locks.c src/kernel/dtree_getprop.c src/kernel/main_task.c src/kernel/entry.c src/kernel/support/exit.c src/kernel/support/io.c src/kernel/support/process.c src/kernel/support/sbrk.c src/kernel/support/malloc.c src/dynamic/modload.c src/dynamic/modload_macho.c src/kernel/int.S src/shell/autoboot.c src/shell/hex.c src/shell/usbloader.c src/shell/main.c src/shell/linux.c src/shell/command.c src/drivers/tz/tz.c src/drivers/framebuffer/fb.c src/drivers/sep/sep.c src/drivers/plat/s8000.c src/drivers/plat/t7000.c src/drivers/plat/t8011.c src/drivers/plat/s8003.c src/drivers/plat/t8012.c src/drivers/plat/s5l8960.c src/drivers/plat/t8010.c src/drivers/plat/s8001.c src/drivers/plat/t7001.c src/drivers/plat/t8015.c src/drivers/usb/synopsys_otg.c src/drivers/mipi/mipi.c src/drivers/hal/hal.c src/drivers/aes/aes_a7.c src/drivers/aes/aes_a9.c src/drivers/aes/aes.c src/drivers/xnu/xnu.c src/drivers/timer/timer.c src/drivers/recfg/recfg.c src/drivers/recfg/recfg_soc.c src/drivers/gpio/gpio.c src/drivers/uart/uart.c src/drivers/sep/sep_racer.S src/drivers/xnu/xnu.S src/modules/linux/libfdt/fdt.c src/modules/linux/libfdt/fdt_ro.c src/modules/linux/libfdt/fdt_sw.c src/modules/linux/libfdt/fdt_empty_tree.c src/modules/linux/libfdt/fdt_overlay.c src/modules/linux/libfdt/fdt_wip.c src/modules/linux/libfdt/fdt_strerror.c src/modules/linux/libfdt/fdt_rw.c src/modules/linux/libfdt/fdt_addresses.c src/modules/linux/linux.c src/lib/lzma/lzmadec.c src/lib/libDER/DER_Decode.c src/lib/libDER/DER_Encode.c src/lib/libDER/oids.c src/lib/img4/img4.c
Undefined symbols for architecture arm64:
"__strtold_r", referenced from:
pongo$exports in lto.o
"_acoshl", referenced from:
pongo$exports in lto.o
"_acosl", referenced from:
pongo$exports in lto.o
"_asinhl", referenced from:
pongo$exports in lto.o
"_nexttoward", referenced from:
pongo$exports in lto.o
"_cbrtl", referenced from:
pongo$exports in lto.o
"_nexttowardl", referenced from:
pongo$exports in lto.o
"_asinl", referenced from:
pongo$exports in lto.o
"_strtold", referenced from:
pongo$exports in lto.o
"_atanl", referenced from:
pongo$exports in lto.o
"_remainderl", referenced from:
pongo$exports in lto.o
"_nexttowardf", referenced from:
pongo$exports in lto.o
"_nearbyintl", referenced from:
pongo$exports in lto.o
"_strtold_l", referenced from:
pongo$exports in lto.o
"_tanhl", referenced from:
pongo$exports in lto.o
"_ilogbl", referenced from:
pongo$exports in lto.o
"_tgammal", referenced from:
pongo$exports in lto.o
"_coshl", referenced from:
__cchshl in libm.a(lib_a-cephes_subrl.o)
_ccoshl in libm.a(lib_a-ccoshl.o)
_csinhl in libm.a(lib_a-csinhl.o)
_ctanhl in libm.a(lib_a-ctanhl.o)
_ctanl in libm.a(lib_a-ctanl.o)
pongo$exports in lto.o
"_atanhl", referenced from:
pongo$exports in lto.o
"_wcstold", referenced from:
pongo$exports in lto.o
"_scalbnl", referenced from:
pongo$exports in lto.o
"_tanl", referenced from:
pongo$exports in lto.o
"_roundl", referenced from:
pongo$exports in lto.o
"_expl", referenced from:
__cchshl in libm.a(lib_a-cephes_subrl.o)
_cexpl in libm.a(lib_a-cexpl.o)
_cpowl in libm.a(lib_a-cpowl.o)
pongo$exports in lto.o
(maybe you meant: _explicit_bzero)
"_sinl", referenced from:
_ccoshl in libm.a(lib_a-ccoshl.o)
_ccosl in libm.a(lib_a-ccosl.o)
_cexpl in libm.a(lib_a-cexpl.o)
_cpowl in libm.a(lib_a-cpowl.o)
_csinhl in libm.a(lib_a-csinhl.o)
_csinl in libm.a(lib_a-csinl.o)
_ctanhl in libm.a(lib_a-ctanhl.o)
...
"_wcstold_l", referenced from:
pongo$exports in lto.o
"_fabsl", referenced from:
__cchshl in libm.a(lib_a-cephes_subrl.o)
__ctansl in libm.a(lib_a-cephes_subrl.o)
_csqrtl in libm.a(lib_a-csqrtl.o)
_ctanl in libm.a(lib_a-ctanl.o)
pongo$exports in lto.o
"_finitel", referenced from:
pongo$exports in lto.o
"_ldexpl", referenced from:
pongo$exports in lto.o
"_fdiml", referenced from:
pongo$exports in lto.o
"_atan2l", referenced from:
_catanl in libm.a(lib_a-catanl.o)
_clogl in libm.a(lib_a-clogl.o)
pongo$exports in lto.o
"_hypotl", referenced from:
_csqrtl in libm.a(lib_a-csqrtl.o)
pongo$exports in lto.o
(maybe you meant: ___ieee754_hypotl)
"_logl", referenced from:
_catanl in libm.a(lib_a-catanl.o)
_clogl in libm.a(lib_a-clogl.o)
_cpowl in libm.a(lib_a-cpowl.o)
pongo$exports in lto.o
"_powl", referenced from:
_cpowl in libm.a(lib_a-cpowl.o)
pongo$exports in lto.o
"_lrintl", referenced from:
pongo$exports in lto.o
"_copysignl", referenced from:
_cprojl in libm.a(lib_a-cprojl.o)
_csqrtl in libm.a(lib_a-csqrtl.o)
pongo$exports in lto.o
"_expm1l", referenced from:
pongo$exports in lto.o
"_scalblnl", referenced from:
pongo$exports in lto.o
"_erfl", referenced from:
pongo$exports in lto.o
"_truncl", referenced from:
pongo$exports in lto.o
"_nextafterl", referenced from:
pongo$exports in lto.o
"_llrintl", referenced from:
pongo$exports in lto.o
"_nanl", referenced from:
pongo$exports in lto.o
"_remquol", referenced from:
pongo$exports in lto.o
"_erfcl", referenced from:
pongo$exports in lto.o
"_modfl", referenced from:
pongo$exports in lto.o
"_sqrtl", referenced from:
_csqrtl in libm.a(lib_a-csqrtl.o)
pongo$exports in lto.o
"_exp2l", referenced from:
pongo$exports in lto.o
"_lroundl", referenced from:
pongo$exports in lto.o
"_log10l", referenced from:
pongo$exports in lto.o
"_ceill", referenced from:
pongo$exports in lto.o
"_logbl", referenced from:
pongo$exports in lto.o
"_log2l", referenced from:
pongo$exports in lto.o
"_log1pl", referenced from:
pongo$exports in lto.o
"_cosl", referenced from:
_ccoshl in libm.a(lib_a-ccoshl.o)
_ccosl in libm.a(lib_a-ccosl.o)
_cexpl in libm.a(lib_a-cexpl.o)
_cpowl in libm.a(lib_a-cpowl.o)
_csinhl in libm.a(lib_a-csinhl.o)
_csinl in libm.a(lib_a-csinl.o)
_ctanhl in libm.a(lib_a-ctanhl.o)
...
"_llroundl", referenced from:
pongo$exports in lto.o
"_lgammal", referenced from:
pongo$exports in lto.o
"_frexpl", referenced from:
pongo$exports in lto.o
"_sinhl", referenced from:
__cchshl in libm.a(lib_a-cephes_subrl.o)
_ccoshl in libm.a(lib_a-ccoshl.o)
_csinhl in libm.a(lib_a-csinhl.o)
_ctanhl in libm.a(lib_a-ctanhl.o)
_ctanl in libm.a(lib_a-ctanl.o)
pongo$exports in lto.o
"_fmodl", referenced from:
pongo$exports in lto.o
"_fminl", referenced from:
pongo$exports in lto.o
"_fmaxl", referenced from:
pongo$exports in lto.o
"_rintl", referenced from:
pongo$exports in lto.o
"_fmal", referenced from:
pongo$exports in lto.o
"_floorl", referenced from:
pongo$exports in lto.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [Makefile:99: build/Pongo] Error 1

checkra1n ran normally gives me usbmux error -79 (Linux) or error -20 (Mac).

However, building pongoOS and specifying it with

checkra1n -k Pongo.bin

brings me to a PongoOS shell.

I have 2 questions:

1. How do I load the checkra1n module to continue the exploit and get a jailbreak?
2. If that fails, can I set a nonce with pongoterm in nvram to restore to 14.3?

Hi, I have some problems with blackbird exploit on A10 device (7 Plus iOS 12.4).
Running checkra1n with command:
checkra1n -c -k build/PongoConsolidated.bin -p
Running Pongo-shell commands:

sep tz0 
sep fwload

Output:

0x120094> 0: ff 00 ff 00 00 00 00 00 8e e4 28 6f 21 15 7c 3e 
0x120094300x120094300: 93 41 64 f7 ab a1 d9 0d 9d a7 60 87 eb 0d dc fb

And SEP panic on the device side.

I have been working on getting project sandbox to work on iOS 14.7 and on all new versions of checkra1n/pongoOS it fails. Version 10.1 boots into android fine but touchscreen does not work, 10.2 is less consistent but will boot without touchscreen functionality. The issues get worse from there
10.1-10.2: boots but touchscreen isn't functional
11.0: crashes in the pongo shell
12.0-12.1: pongo does not boot
12.2-present: pongo does not allow the transfer of the image

When booted to pongoOS over iBoot we lose read/write access to persistent storage.

Pongo ought to provide access to these methods, as they are key to the setup of the next phase boot loader