I've got an old iPhone 4(iPhone3,1; Model A1332) from when I was in middle school, and if at all possible, I'd like to recover any old photos I might have on it. Unfortunately, I've got no idea as to what the passcode could be, I've tried everything I can remember. I've been trying to brute force the passcode, but I'm getting stuck when trying to load a ramdisk image. Here's what I've done so far, step by step:
I'm a windows user, so this is the first time I've used MacOS.
First, I downloaded VMware Workstation and used Auto Unlocker to allow MacOS on VMware Workstation. I then configured some additional settings to help with VMware->iPhone interaction:
Specified USB Connections: "Connect the device to the foreground virtual machine"
Next, I did some research and deduced that Mojave was probably the best choice for accessing older iOS devices, so I created a VM with Mojave 10.14.6.
I then booted into my new VM, and using the terminal I downloaded a few things:
-Legacy iOS Kit by LukeZGD
-Sliver 6.2 by u/appletech752
-32bit-SSH-Ramdisk-0.2-Brute by u/AJAIZ
-"dependencies.sh" by u/appletech752
After Installing all of these tools/running them in terminal, I began to attempt to load the ramdisk on my device.
I first kept my phone in Normal mode and ran Legacy iOS Kit to determine my iPhone's exact model and iOS, which was determined to be iPhone3,1 and iOS 7.1.1.
Then, I put my iPhone into DFU mode and booted up Sliver6.2. I used Sliver to put my phone into pwndDFU mode, and it was successful.
From there, I opened a new terminal and used the steps listed in the README of u/AJAIZ's 32bit SSH Ramdisk 0.2 Brute package.
I moved the terminal to the folder by typing "cd 32bit-SSH-Ramdisk-0.2-Brute"
Once in the folder, I created a ramdisk by typing "bash create.sh -d iPhone3,1 -i 7.1.1"
This operation succeed in creating a ramdisk.
Next, I attempted to load the ramdisk by typing "bash load.sh -d iPhone3,1"
I got a prompt telling me to "enter pwned DFU mode, then press Enter to continue."
I pressed enter.
iBSS was sent to 100%.
iBEC was sent to 100%.
Error: Unable to connect to device.
Back to square one.
Once this operation ended, the iPhone would have a faint glow and then when I checked the VM's Available USB's, it labeled the Apple iPhone as in "Recovery Mode."
I've tried this a few more times since, and twice the phone flashed white and then the apple logo popped up. All other times, it was put into recovery mode and remained black with a faint glow.
If anyone has any tips as to how I can get passed this step in the process and move towards unlocking my phone so I can retreive my old photos, it would be much appreciated. Thanks
EDIT
I can consistently get the white flash then the apple logo when I fix the order of operations I previously describe.
First, I put the device into DFU mode.
Then I run "bash create.sh -d iPhone3,1 -i 7.1.1"
Then I put the device into pwned DFU mode
Finally, I run "bash load.sh -d iPhone3,1"
After I correct that order of operations, I get 100% on "iBSS", "iBES", and "sending device tree"; but once it starts "Sending ramdisk..." I get the "ERROR: Unable to connect to device" message.