Huge problems with ATV jailbreak

HI,

First of all - sorry for my English. I know it's not perfect :)

I bought used aTV2 - the seller told me that there are some problems with this particular device, but I've read a lot of post in the internet and decided to take a risk. The situation is like this:

1. Every time I turn on the device I can see iTunes logo with USB cable below. Device is in the recover mode. Ok - my understading is that I have to update iOS. Let's try...

2. First step was to update device in recover mode:

- opton 1 - recover with latest iOS (6.1 as today) - failed with ITunes error 9

- option2 - recover with iOS 5.3 (alt key pressed) - failed with iTunes error 9

3. Ok. So I've decided to swith device into DFU mode. Again:

- opton 1 - recover with latest iOS (6.1 as today) - failed with ITunes error 9. The difference is I how reboot loop with Apple logo at the beginning.

- option2 - recover with iOS 5.3 (alt key pressed) - failed with iTunes error 9

- option 3 - recover with custom iOS 5.3 (prepared with Seas0npass) - failed with iTunes error 9

In iTines log I can find interesting part:

2014-03-26 19:10:41.000 iTunes[1756:1311b]: requested restore behavior: Erase
2014-03-26 19:10:41.000 iTunes[1756:1311b]: amai: AMAuthInstallBundleCopyBuildIdentityForVariant: No baseband chipid reported. Will match Build Identity based on ap chipid and boardid only.
2014-03-26 19:10:41.000 iTunes[1756:1311b]: device did not return saved USB log
2014-03-26 19:10:41.000 iTunes[1756:1311b]: device had saved panic logs: panic(cpu 0 caller 0x8cb2196d): "no free blocks 0 "
Debugger message: panic
OS version: 11D169b
Kernel version: Darwin Kernel Version 14.0.0: Fri Feb 21 19:41:10 PST 2014; root:xnu-2423.10.67~1/RELEASE_ARM_S5L8930X
Kernel slide:     0x000000000c200000
Kernel text base: 0x8c201000
  Boot    : 0x0000004b 0x00000000
  Sleep   : 0x00000000 0x00000000
  Wake    : 0x00000000 0x00000000
  Calendar: 0x00000052 0x000aec8b

Panicked task 0x80194c00: 5690 pages, 66 threads: pid 0: kernel_task
panicked thread: 0x80247d80, backtrace: 0x8bd4bd38
                0x8c3189f1
                0x8c319597
                0x8c204b2d
                0x8cb2196d
                0x8cb1e67f
                0x8cb11c6f
                0x8cb2bdbb
                0x8c283a31
                0x8c2838f3
                0x8c28408d
                0x8c4b048b
                0x8c21f05c

Task 0x80194c00: 5690 pages, 66 threads: pid 0: kernel_task
Task 0x80194950: 352 pages, 3 threads: pid 1: launchd
Task 0x801946a0: 539 pages, 1 threads: pid 2: launchctl
Task 0x801943f0: 659 pages, 1 threads: pid 3: restored_externa
Task 0x80194140: 1063 pages, 8 threads: pid 4: restored_externa

2014-03-26 19:10:41.000 iTunes[1756:1311b]: connected to service com.apple.mobile.restored
2014-03-26 19:10:41.000 iTunes[1756:1311b]: using protocol version 12
2014-03-26 19:10:41.000 iTunes[1756:1311b]: unable to open device_map.txt: No such file or directory
2014-03-26 19:10:41.000 iTunes[1756:1311b]: board config = k66ap
2014-03-26 19:10:41.000 iTunes[1756:1311b]: no value returned for BootArgs
2014-03-26 19:10:41.000 iTunes[1756:1311b]: _copyDeviceProperty() failed for restore bootargs
2014-03-26 19:10:41.000 iTunes[1756:1311b]: no value returned for MarketingPartNumber
2014-03-26 19:10:41.000 iTunes[1756:1311b]: _copyDeviceProperty() failed for mpn
2014-03-26 19:10:41.000 iTunes[1756:1311b]: requested restore behavior: Erase
2014-03-26 19:10:41.000 iTunes[1756:1311b]: amai: AMAuthInstallBundleCopyBuildIdentityForVariant: No baseband chipid reported. Will match Build Identity based on ap chipid and boardid only.
2014-03-26 19:10:41.000 iTunes[1756:1311b]: value query for 'HardwareModel' returned 'K66AP'
2014-03-26 19:10:45.000 iTunes[1756:13303]: received kAMDeviceDetached action, device id 91BC87B7D471519A (0x600000355450)
2014-03-26 19:10:45.000 iTunes[1756:25507]: Looking up device with muxID:27
2014-03-26 19:10:45.000 iTunes[1756:25507]: Muxed device disconnected
2014-03-26 19:10:45.000 iTunes[1756:1311b]: 2014-03-26 19:10:45.000 iTunes[1756:25507]: RestoreOS mode device disconnected
recv(43, 4) failed: connection closed
2014-03-26 19:10:45.000 iTunes[1756:1311b]: unable to read message size: -1
2014-03-26 19:10:45.000 iTunes[1756:1311b]: unable to read message from device
2014-03-26 19:10:45.000 iTunes[1756:1311b]: AMRAuthInstallDeletePersonalizedBundle
2014-03-26 19:10:45.000 iTunes[1756:1311b]: <Restore Device 0x608000136620>: Restore failed (result = 9)
2014-03-26 19:10:45.000 iTunes[1756:2420b]: iTunes: Waiting for post-restore appearance
2014-03-26 19:10:54.000 iTunes[1756:2107]: device connected (isDFU = 0)
2014-03-26 19:10:54.000 iTunes[1756:25507]: Recovery mode device connected
2014-03-26 19:10:54.000 iTunes[1756:25507]: Found new device.
2014-03-26 19:10:54.000 iTunes[1756:707]: iTunes: SCEP 2
2014-03-26 19:10:54.000 iTunes[1756:2420b]: iTunes: Restore error 9

4. Than I decided to use Seas0pass to make upgrade (DFU mode). Hmmm... After switching to DFU mode Seas0npass uploads:

iBEC.k66ap.RELEASE.dfu file

iBSS.k66ap.RELEASE.dfu file

Than it starts "Extracting..." and.... nothing happens. LED blinks fast.

5. OK. I have custom firmware prepared with Seas0npass so maybe I can use idevicerestore directly? ;). Let's try:

idevicerestore -d -c AppleTV2,1_5.3_10B809_SP_Restore.ipsw

I'm not happy with the output:

dentified device as AppleTV2,1
Science
Extracting Restore.plist from IPSW
Product Version: 6.1.4
Product Build: 10B809 Major: 10
Custom firmware requested. Disabled TSS request.
WARNING: Unhandled component 'apticket.img3'WARNING: unhandled component apticket.img3
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Extracting filesystem from IPSW
[==================================================] 100.0%
opening device 05ac:1281...
Setting to configuration 1
Setting to interface 0:0
Setting to interface 1:1
INFO: device serial number is C07DW1ASDDR5
Extracting iBEC.k66ap.RELEASE.dfu...
Writing data to iBEC.k66ap.RELEASE.dfu
Sending iBEC (223684 bytes)...
opening device 05ac:1281...
Setting to configuration 1
Setting to interface 0:0
Setting to interface 1:1
irecv_get_nonce: got length: 46
irecv_get_nonce: buf=' NONC:B1A33FACCF1ADA0DBAF1586251E7D47EFAF28D3E'
Getting nonce in recovery mode... b1 a3 3f ac cf 1a da 0d ba f1 58 62 51 e7 d4 7e fa f2 8d 3e
Recovery Mode Environment:
iBoot build-version=iBoot-1219.43.32
iBoot build-style=RELEASE
Sending AppleLogo...
Extracting applelogo~appletv.s5l8930x.img3...
Writing data to applelogo~appletv.s5l8930x.img3
Sending AppleLogo (18201 bytes)...
Extracting 048-5479-003.dmg...
Writing data to 048-5479-003.dmg
Sending RestoreRamDisk (26069316 bytes)...
Extracting DeviceTree.k66ap.img3...
Writing data to DeviceTree.k66ap.img3
Sending RestoreDeviceTree (50649 bytes)...
Extracting kernelcache.release.k66...
Writing data to kernelcache.release.k66
Sending RestoreKernelCache (6286980 bytes)...
About to restore device...
Waiting for device...
Attempt 1 to connect to restore mode device...
Attempt 2 to connect to restore mode device...
Attempt 3 to connect to restore mode device...
Attempt 4 to connect to restore mode device...
Attempt 5 to connect to restore mode device...

and so on, and so on :-(

Interesting part is:

iBoot build-version=iBoot-1219.43.32
Hmmmm.... looks like iOS 4.4 (5.0 - 5.0.1 in iPhone world)???? Well it's not signed by Apple anymore :( How can I upgrade iBoot to 1537.9.55 (iOS 5.3 aka 6.1.4). 

6. I've also checked irecover -s to see what is inside iBoot:

irecover -s

uart_set_baud_rate: port 4, baud 250000, sample 16, divider 5, actual baud 250000
uart_set_mode: port 4, mode 1
DP: dp_controller_start, 360: dp inited
[NAND] h2fmiPrintConfig:421 Chip ID EC D7 94 72 54 42 on FMI0:CE0
[NAND] h2fmiPrintConfig:421 Chip ID EC D7 94 72 54 42 on FMI1:CE8


=======================================
::
:: iBoot for k66ap, Copyright 2011, Apple Inc.
::
::    BUILD_TAG: iBoot-1219.43.32
::
::    BUILD_STYLE: RELEASE
::
::    USB_SERIAL_NUMBER: CPID:8930 CPRV:20 CPFM03 SCEP:02 BDID:10 ECID:000001CF01115D4E IBFL:03 SRNM:[C07DW1ASDDR5]
::
=======================================

[FTL:MSG] Apple NAND Driver (AND) RO
[NAND] h2fmiPrintConfig:421 Chip ID EC D7 94 72 54 42 on FMI0:CE0
[NAND] h2fmiPrintConfig:421 Chip ID EC D7 94 72 54 42 on FMI1:CE8
[FTL:MSG] FIL_Init            [OK]
[FTL:MSG] BUF_Init            [OK]
[FTL:MSG] FPart Init          [OK]
read new style signature 0x43313131 (line:389)
[FTL:MSG] VSVFL Register  [OK]
[WMR:MSG] Metadata whiteing is set in NAND signature
[FTL:MSG] VFL Init            [OK]
[FTL:MSG] VFL_Open            [OK]
[FTL:MSG] YAFTL Register  [OK]
yaFTL::YAFTL_Open(l:3117): CXT is not valid . Performing full NAND R/O restore ...
[FTL:MSG] FTL_Open            [OK]
Boot Failure Count: 0    Panic Fail Count: 0
Entering recovery mode, starting command prompt

Again CXT is not valid is not the best thing I can see :(

So.... the question is:

Can I repair this device or is it just a brick? I've checked about 10 different microUSB cables, I reproduced the steps above in Windows and on Mac OSX (Mavericks), on different notebooks and desktops (rear USB ports), with and without power cord. No idea... but I do believe there is some procedure to have a success.

Guys.... any ideas? I would love to use XBMC on this aTV :)

 

Thanks a lot,

Michal

 

the unit is bricked there's nothing that can be done for the unit

Never say never ;)

I've installed fresh Windows XP SP3 on my Macbook Pro using Parallels Desktop 9. No I have error 1611 in Recovery mode (shift + Restore) and error 21 in DFU mode (shift restore again). I'm trying to restore with this firmware:

AppleTV2,1_5.3_10B809_Restore.ipsw

Maybe something will change ;)

m

Any luck with latest attempt ?, my atv2 is also bricked… Did all of the above … No luck.

the unit is bricked there’s nothing that can be done with that unit. you will just be wasting your time

i LOOKED UP ERROR 9 AND FOUND THIS:

[b]"Check your security software

Related errors: 2, 4, 6, 9, 1000, 1611, 9006. Sometimes security software can prevent your device from communicating with either the Apple update server or with your device.[/b]"

You can check error codes here: http://support.apple.com/kb/TS3694

Carpenter 940
I tried removing avg9 on one computer… Restarted … Same error 9, I deleted iTunes and re installed same error 9.
Tried on another computer … Same error 9

Ps I also reset hosts…
No resolution… Same error 9

I never want to say never… But I’m at a dead end… I’m keeping on researching !

Any suggestions welcomed… Will post any updates…

I guess we have the blind leading the blind, if you aren’t going to take the bottom cover off and change out the board you are wastiing your time

@micheal96
Where can I get a board to swap out…and…is their any soldering involved?

You would have to find an ATV that has a bad power supply, I don’t think you’ll find just the board for sale. IF you do get a hold of one, there is no soldering, just a few screws, pretty easy