SSH RamDisk on iPhone 6S with iOS 15

[RealLast]

Hey all,

just a quick question: Can Ramiel start a RamDisk on devices running iOS 15?
I have an iPhone 6S with broken display and want to backup some data (if possible) using an SSH Ramdisk.
Ramiel works quite intiuitive. The device is detected in DFU mode and I select Boot SSH Ramdisk. I input an iOS15 IPWS, however Ramiel says that iOS15 (Beta) is not supported yet. I understand, but figured I could also try an older IPSW, thus downloaded iOS14 and input it to Ramiel. With that, the RamDisk creation succeeds. It is send to the device and says "booting device" and after a while "waiting for device", finally it shows "you can now connect to the device using ssh root@localhost -p 2222". However, when I try that, it says "SSH connection reset by remote host".

So I wonder, if the RamDisk really booted successfully and the SSH server started, or something went wrong (or if its another problem?).

Is there any information / hint about that? Is it possible to just use an older iOS Version IPFW on a phone running a newer version? Or does the IPFW need to match the version currently installed?
I also tried iOS 11, 12 and 13 with no luck.

Any help is highly appreciated!

Best

[sen0rxol0]

hi, SSH connection resets when ~/.ssh/known_hosts file exists, idk if deleting that file will help
Edit: also thank you for confirming that ssh ramdisk can be achieved

[RealLast]

Hi, thank you very much for your reply! I appreciate it.
It's a good hint and I tried deleting the known_hosts file.
Sadly, still the same problem :( I also checked some other settings related to ssh (i.e. in /etc/ssh/ssh_config) and also reinstalled openssh. Still, no luck so far.

Any other ideas by any chance?

[idmasse]

@RealLast i had trouble with this too. this set of steps worked for me (mac m1, os 12.4)

• make sure you have sshpass on path. brew is lil bitch and wont install it normally, so use this instead:
  brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb
• make sure you cd ~ && rm .ssh/known_hosts before every ramdisk attempt
• check and see how many versions of python you have installed. Ive found that Ramiel only needs 2.7 and if you have 2.7, 3, 3.8, 3.9, 3.10, python-tk etc... installed, both ssh and exploits just fail after a long spin.
  goodluck.

*edit --yes, iOS15 can be ramdisk. ramdisked? rammed with a disk? w/e - yes. Go Ram(iel)disk your shiz.

[sen0rxol0]

Hello=), actually, what happened to your iDevice in that process ? @RealLast
i think the device is just rebooting itself and no connection is being maintained.

Edit: after some tests i can confirm SSH ramdisk by Ramiel :) works

[RealLast]

Hello,

@blkf0xx Thank you very much for your ideas and suggestions! I haven't had the time to test them out yet, but I will do within the next two days probably and share my findings. It sounds promising though! Also, great humor on your side hahaha !

@sen0rxol0 Also thanks very much to you! The problem is, the phone's display output is not working properly. It has some water damage, which I treated and also replaced display. It still turns on, the display just shows some stripes on white background, so no proper output, but I believe the phone is trying to boot. But there is no way for me to know whether it boots sucessfully or get's stuck in the process.
Also putting it in DFU mode still works and then I also see it in iTunes. Thus, I figured a ramdisk would be the way to go to at least get the data. When starting the process with Ramiel, it seems to work well, it runs the checkm8 exploit, creates the ramdisk and copies it to the phone. Then says sth like waiting for iBSS and iBEC (if I remember correctly), then says "waiting for device" and finally says "You can now connect to your phone by using ssh root@localhost -p2222"

Also, the phone screen stays black during the whole process (as I mentioned, even though the screen does not work, usually when starting it shows stripes on a white background so it at least turns on).
Do you have any idea how I could verify that it booted the ramdisk successfully and not just reboots?

Best

[sjsl061687]

Can someone tell me exactly how to do it? Ssh wont connect

[RealLast]

Hello all,

sadly, I did not have any luck getting it to work. I tried all your suggestions @blkf0xx carefully, but it just wouldnt connect :'(
I wonder whether its really the problem of the phone, maybe it really doesn't boot the Ramdisk properly but just reboots, as @sen0rxol0 suggested.

Best

[sen0rxol0]

Hi yall, it should boot properly, i mean it does. But it is still buggy.
That said, Ramiel is not a SSH ramdisk tool, it uses that as a method to dump the SHSH from device.