Hello Everyone,

Spending all day searching the forums, i did not find an answer. This seems something new

Today i listened music, and was not able to turn it of anymore. I had to hard-reset my phone. (HOME+POWER)
It than tried to boot, but soon rebooted again; this time only to the Recovery-mode. It now remains in a Recovery-mode loop

I have an 8 GB iPhone (org 1.0.2) with 1.1.4 and unlocked with iLiberty+ a long time ago. I guess however this fsck-fix question is also valid for 2.x models...

After many hours searching, i am still not able to access the data. It seems the filesystem /dev/rdisk0s2 is corrupted and cannot be fixed by fsck.

With help of iBooter i could boot into single user mode.
(boot-args -s -v). Than the phone just sits and waits on the '#'-root prompt.
I did not find a way to access it.

With the boot-args set to -v and help of a photo camera i managed to find out where it is stuck.

...
Mac Address: 00:1c:b3:xx:xx:xx
Invalid node structure (4, 883)
/dev/rdisk0s2 (hfs) EXITED WITH SIGNAL 8
THE FOLLOWING FILE SYSTEM HAD AN UNEXPECTED INCONSISTENCY:
/dev/rdisk0s2 (/private/var)
** /dev/rdisk0s1
** Root file system
** Checking HFS Plus volume.
** Detecting a case-sensitive catalog.
** Checking Extents Overflow file.
** Checking Catalog file.
** Checking multi-linked files.
** Checking Catalog hierarchy.
** Checking External Attributes file.
** Checking volume bitmap.
** Checking volume information.
** The volume information LittleBear4A102.UserBundle appears to be Ok.
** /dev/rdisk0s2
** Checking HFS Plus volume.
** Detecting a case-sensitive catalog.
** Checking Extents Overflow file.
** Checking Catalog file.
Invalid node structure (4,883)
** Volume check failed.
/dev/rdisk0s2 (hfs) EXITED WITH SIGNAL 8
fsck failed! Leaving the root file system read-only...
Dec 21 16:00:54 launchd[1]: mkdir(~/var/tmp/launchd~): No such file or directory
/dev/disk0s1 on / (hfs, local, noatime)
mount_hfs: Invalid argument
Bug: launchctl.c:1288 (1.88):2: fwexec(mount_tool, true != -1


The main problem seems to be a corrupted filesystem (Invalid node structure), and mounting root read-only. fsck seems not able to get rid of the problem.

Some of the things i tried
- iDemocracy: will not see the iPhone (when in Recovery Mode)
- iBooter: Can boot to single User mode (-s), normally stays in recovery-mode loop.
- iPHUC: does not seem to have the right commands..
(First it gets into iPHUC-Recovery mode, and when at the single-user prompt, it just waits for the iPhone)
- DiskAid: cannot access the iPhone
- iRecovery: cannot get it to run win Win32 (the Win32 version)
- iLiberty+: cannot get it out of the Recovery mode: reboots (shows the above messages when boot-args=-v) and puts it in Recovery again.
Message: "Device is currently in in recovery mode, so payloads cannot be uploaded at this time" (

So the problem with iLiberty+ (and iPlus2) seems that: the screen on the iPhone reports running the script and then stops with:
"singleuser boot -- fsck not done
Root device is mounted read-only
"If you want to make modifications to files:
/sbin/fsck -fy
/sbin/mount -uw / "

I tried to edit the payload from iLiberty+ with this fsck+mount command, but the payload phase seems not to run in Recovery-mode
Here is the message from iLiberty+:

DEBUG ON
Jailbraking...Done
Enabling AFC2...Done
No payload found, pass 2 skipped
Unmounting...
umount: /mnt2: not currently mounted
** /dev/rdisk0s1
** Checking HFS Plus volume.
** etc...



So the iPhone continuously reboots and enters recovery-mode. It is not possible to SSH into it because it simply does not get to the TCP loading part
Does anyone have any idea how to make it that iLiberty+ will do a 'fsck' (fix the filesystem), or know any other way this could be accomplished?
Or maybe know how to access a file in Single-User mode (or Recovery, or DFU mode)?

Any help is greatly appreciated...
Thanks a lot for replying
Have a nice day,
Ralfko

Hi,

I am making some progress. I hex-edited iLiberty+ and can now change the script. Even before the Jailbraking starts. (A similar trick was used by Jonathan Zdziarski, to crack the iPhone Passcode in "iPhone Passcode Easily Defeated").

Now i need some help with the fsck_hfs command.
The main script from iLiberty+ does this:

fsck_hfs -fy /dev/disk0s1
check_result
fsck_hfs -fy /dev/disk0s2
check_result
mount_hfs -o noasync,sync /dev/disk0s1 /mnt1
check_result
mount_hfs -o noasync,sync /dev/disk0s2 /mnt2
check_result
ROOTFS="/mnt1"
USERFS="/mnt2"

I'd like to change this code a bit, so the file system /dev/disk0s2 is mounted. It now fails to mount while "Checking Catalog file" with an "Invalid node structure (4, 883)" error.

Does anyone know which fsck_hfs option fixes an "Invalid node structure" error?
Or maybe were to find a man page for fsck_hfs which applies to the iPhone.

Thanks in advance for any insight...
rko

Hi,

I finally solved the problem..
The solution was to run an fsck_hfs -r /dev/disk02s
I tried to run this through iLiberty+ (by hex-editing the Ramdisk and even the main program) but did not succeed because of a continuous "BSD Root: md0, major 2, minor 0" error.

Finally i hex-exited iPlus1.2 (the iplus.dat source) and run "ipdo -a -j"
(In the iplus.dat, i changed all fsck_hfs -fy /dev/disk0s2 enties in fsck_hfs -r /dev/disk0s2
The manual enties for fsck_hfs can also be found inside iplus.dat :-))

My iPhone booted twice, running fsck_hfs and fixed the filesystem.
After that my Springboard came up and all was Ok again; so no need to extract data, or to reinstall; just a run with a patched iplus.dat was enough to get my phone working again... ))

Christmas greetings, 4estita Koleda,
Ralfko

Hi Ralfko!
It seems i am in the very same mess that you are in. Except that i am not as tech-savvy as you are, my friend. Before christmas i had to send my mac in for service, so i have no recent backup, and every picture from this holiday is now on my iphone which endlessly shows the apple logo.

I have not been able to SSH into my iPhone.

I am currently using a borrowed powerbook to try and fix this, but i can´t even get iBooter and the libusb to work. Maybe i´m not installing it correctly.

If you could be so kind as to walk me through this i would be very, very grateful... i´m desperate! :/

Hi ameneon,

if you cannot use the vt100 utility (the nvram command), it is also possible to set the iPhone to verbose mode with iPHUC (which can be found e.g. in the iPlus 1.2 package), you do not need iBooter. (BTW, iBooter also needs the iPhone in recovery mode to work, so that might be your problem to begin with).

Make sure your iPhone is in recovery mode. (evt use iLiberty+ for that). Now start iPHUC and enter the following commands:

(iPHUC Recovery) #: cmd setenv boot-args -v
(iPHUC Recovery) #: cmd saveenv
(iPHUC Recovery) #: cmd fsboot

This should do the trick, and with a camera or so you should be able to find you where the problem is...

Good luck

Thank you for your reply!

Unfortunately i did not think about the fact that i am running firmware 2.1...
I guess that´s why i receive an error when i try to run IPHUC?
Is there another way to get into my phones files? I really need to extract this data...

edit:
I made another attempt at iBooter, but it says iPhone is not in recovery mode, although iTunes says it has detected an iPhone in recovery mode. Weird...

Edit 2:
Perhaps i could try the thing that solvd your problem? If you uploaded the editet dat-file and tell me how to run it on a mac or a PC?

I would not recommend using any of the 1.x hack-tools on an 2.x version. As stated, my solution is for 1.x only. Sorry, i cannot be of any help..

if you have ubuntu you could try iRecovery if you can find the sources and compile it... it gives you more control than iphuc

also if yourve having reconition problems u should put your iphone in dfu mode, idk if iphuc will discover it but it might help

since your a windows user i would suggest downloading ubuntu and installing it into windows that way you have both for these kind of situations where windows is kinda useless

Hi rafiko,
Please help me. I could run iRecovery in Mac.
I can run some commands, but I'm not as tech savvy as any of you, so I fear to make a mess inside my iPhone.

I get continuously into Recovery Mode upon iPhone reboot. I thought it was a corrupted filesystem and now I confirm it after running iRecovery.

BTW: I'm running 2.2.1 firmware on a 1st gen 8 GB iPhone (non 3G)

Please see below messages displayed by iRecovery:

[FTL:MSG] Apple NAND Driver (AND) RO
[NAND] Device ID 0x2555d5ec
[NAND] BANKS_TOTAL 4
[NAND] BLOCKS_PER_BANK 8192
[NAND] PAGES_PER_BANK 1048576
[NAND SECTORS_PER_PAGE 4
[NAND] BYTES_PER_SPARE 64
[FTL:MSG] FIL_Init [OK]
[FTL:MSG] BUF_Init [OK]
[FTL:MSG] FPart Init [OK]
read old style signature 0x43303034 (line:286)
[FTL:MSG] VFL Register [OK]
[FTL:MSG] VFL Init [OK]
[FTL:MSG] VFL_Open [OK]
[FTL:MSG] FTL Register [OK]
[FTL:MSG] FTL_Open [OK]
Boot Failure Count: 0 Panic Fail Count: 0
Delaying boot for 0 seconds. Hit enter to break into the command prompt...
HFSInitPartition: 0x180355f0
Loading kernel cache at 0xb000000...data starts at 0xb000180
size mismatch from lzss 7144480, should be 7144472
Entering recovery mode, starting command prompt


So I understand it's failing on checking the size of the kernel. I believe I should run some kind of fsck. But I don't know how to do this from within iRecovery.

I can make my iPhone boot entering the following:

setenv auto-boot true
saveenv
fsboot

But I want to avoid the necessity of my Mac to make my iPhone boot. I need to fsck both iPhone partitions as far as I understand.

Could you give me a hand? Please tell me how to procede.

Thanks in advance.

Hey guys! I think I may have solved it! At least my specific problem. I'll confirm in 2 days time if the problem doesn't come back anyway.

It appears it wasn't a corrupted filesystem, but a wrong instruction within nvram (I haven't ever touched inside that, but who knows... I've installed tons of official --cracked-- and unofficial --cydia/installer.app-- packages, so I have no COMPLETE control about what's happened "under the hood")

Anyway. All I had to do is make my iPhone boot off from iRecovery into iPhone OS by typing "fsboot", Once inside iPhone OS, open Terminal (or login via SSH) and type the following:

# nvram auto-boot=true
# sync
# reboot

Voilá!

I've already rebooted like 10 times and until now, not a single failed boot. Hope the problem is solved. You'll see more from me otherwise! :-P.

I hope this info results useful for someone else.

Best for all of you