#futurerestore-help

I was sleepy af

i dont wanna leak my ECID or whatever ill dm you and tb

hi what did I miss

nothing honestly

nothing new

Testing if 90 days can be bypass

it cannot

pallas refuses

They trying lol

i tried it already lol

Froggy wants to make a tweak

anyways not sure if yall know yet but we found out a few things

tss server is confirmed the same

it's just a bunch of added properties in the request

a14 is a server side issue

target ios version, ECID, sep nonce, managed, and bcert

ye

what are the added properties

and how come 14.3 is still signed then

write up

check the write up

oh ok

that gist?

for supervised devices

yes

it’s signed so enterprises can check the software out before actually installing it on employees managed devices

I didn't update the gist yet with what we learned about the tss stuff

these are the added properties

@zealous bridge can explain more

oh ok

So apple can shit this down?

ok

After 90 days

well how it goes is

a request is made to pallas

with the added fields

“supervised” “delayperiod” and “delayenabled”

supervised should be true

Lol tanbeer why are you not genius

delayperiod should be an int between 1-90

and anything inbetween

delayenabled should also be true

once is this request is made

the tss request goes out

with the added fields mentioned above

sadly it looks like BCert is specific to the version and device

maybe some SEP UID key idk

so thats why we cant save ota blobs for other versions

or check the signing status of other versions

well once you get the response from pallas you get the available ota and then you download etc, fast forward to tss

oh yeah

that happens

That's interesting. So that's why Ota is still signed

yes

Tanbeer for genius

what's bcert?

we had siguza's help lol

^ was gonna say

I spent the whole day trying to sniff and tanbeer does it in 5 minutes? lol

bcert is required for @Managed = 1

Froggy genius too

which is another key required

bcert is asn1

type of cryptography signature

uhh

what can i compare it to

or you can reply here

contains sepnonce, productmarketingversion, ecid, and something called SKS, which may be SEP Key Service

@royal flint what can i compare asn1 to

that people acc know

same structure as x509 website ssl certificates

like ssl certificates yeah

anyways

since bcert is cryptographically signed

we have an issue

am back

what yall speaking of

pwn has a secret club

Siguza is trying to see if we can create BCerts with the pwned A10 SEP, but as bcert includes the chip ID, unless they used the same key it might not work for A11+

now @zealous bridge can explain blobs i still know about jack shit about it

need to read up when I have the time

the way iOS codesigning works is there is a public key which is embedded in bootrom, tatsu(tss) is the private key which signs the bootchain, bootrom matches the signed bootchain with the public cert

I don't think they're talking about signing

lol

I know

we were talking about how it requests ota updates

at least i interpreted it that way

how it signs delayed ota updates*

ah

@lilac wren 14.3 ended up showing but

Yes because spoofing

nah

i only got the mdm from earlier installed

so yes spoofing

but mdm

Still won't install lol

Verify error

yeah :/

the difference is?

yeah I dont think it'll work

I changed version back still doesn't work

MDM is 3 hours late lmho

lol

true

Lol no I got 14.3

you have it too?

or before

Before

When u left

I thought you both got 14.4 before

oh wow

I mean that's good I guess

Changed to 14.3 like instantly lol

But still won't install so

It's useless

yep

But from how tanbeer explained signed deny firmwares then it should work lol

Why it have verify error

because sep

?

It's compatible bro lol

14.4.2 to 14.3

yeah I don't really understand the SEP argument

thats ipsw

I don't either

not compatible with ota

Oh I get it

Ota has sep lol

It doesn't work backwards

Only update works

ipsw sep compatibility and ota sep compat is different

OTA does or doesn't have a SEP

it does

It does

if it has a SEP then it will just downgrade it then?

just like an iOS update?

ota’s are unable to downgrade sep

^^

ah

they physically can’t

ok that actually makes sense

which is why you can’t downgrade

U can't downgrade sep u could only update sep

okay

yeah im dumb

then i’m back to fdr waiting room

rip

thats hell on earth

unless you guys can make magic with pwndfu and ota blobs

That's y there's verify error it can't read the sep @zealous bridge

pwndfu is hype lol

if you connect it to console

True

you’ll see exactly what goes wrong

U can't Ota with dfu tho

Lol

no ofc not

and I assume no incrementals exist for downgrades lol

you would assume correctly

Pwn dfu the return of cfw?

i mean

i’d be down for tethered cfw

which is possible atm right ?

Yea

@zealous bridge did cryptic get ipwndfu working with v195?

and i think there’s stuff in the works for it

yes but none exist neither the tools for it exist

i dont see any new commits

he said he got it working but deleted it

and that its not hard to fix

true

Pwn dfu allow old sep to downgrade?

there’s stuff for tethered downgrades

no, patches sep

no

Declined to authorize this image on this device for this user
This means TSS got your request, but denied to sign it, right?

and gets iboot to ignore it

Patches sep like for Checkm8?

yes, or you requested something impossible

oh ok

patches sep using checkm8 i think

correct me if im wrong

So a11 sep fix coming or nah?

nope

Then how does it patch sep lol

i plan on using ipwndfu to 13.7 for checkra1n

magic hax

this uses checkm8

checkra1n uses seprom exploit which is blackbird

not sep itself

Checkm8 can be used for so much shady stuff lol

sep verification

it basically tells sep

to lie low?

“idc what you are, or if ur supposed to be here, just load”

lol

ah

To fk off lol

lmao

So any sep from the firmware will work?

yes

That's cool for fr

so as long as u have blobs, u can use em

for A11-

But bb still a problem

which reminds me

@zealous bridge bb isnt an issue right?

how save OTA blobs

It is

Onboard?

ig

System info

taurine time

I tho u already jb

Been 2 days

just copy the tss response, put it into a file with the extension .shsh2

bam saved blobs

with delayed? u cant unless u dump

nah i basically havent touched the se since upgrading lol

Lol

.shsh2 is a tss response backup

thats all it is

i wasnt running mitmproxy back then 😦

restore.log should have it

So onboard lol?

shit ur right

no

yep

just look for tss-response

why did taurine break

bruh

it got unsigned

lmfao

Sign it again

At least mybloxx gave u 2 credit

Unlike sileo

i'm keeping this for as long as i can

lol

yes

And tanbeer saying Mac only my ass

That was funny

lol

is a ssh server already installed with taurine

i'm guessing no

no

install openssh on sileo

aight

jailbreak on a modern phone is so much nicer than the fucking 6 plus

Lol

Wasn't it 6s?

nope 6+

so stuck on 12 too

Like me LMAOOO

Hi quick question

OK

I'm getting blob doesnt match

What I do ;0 ;-;

@zealous bridge it's not in restore.log

?

you sure

tss response

yea

lemme look for the exact line

ohh

you got the wrong restore.log

whats the path to urs

/var/MobileSoftwareUpdate/restore.log

path

why is it tiny

idk

mine is 500kb

tss_submit_job: ----Begin response

hmm

thats been shortened

double check the path

you’re using the one in /var/mobile/MobileSoftwareUpdate

its just /var/MSU

cd ..

oh wait

hm

did you even successfully OTA restore @royal flint

the fuck

its in settings

the privacy thing

but its not in the restore.log

oh true

yes

bro ios logging jank

He was the first one lol

To restore

OTAUpdate.ips is the same as restore.log

he was the first...

...

oh this isnt ur 6+

Lmao

it's literally named "froggy said to change name" lol

But he used the wipe method lol

I thought it was for some reason

beautiful

ye

everything from <plist to </plist>

plist has been saved as a new file

U could get shsh blobs from ssh now?

it’s called cat

beautiful

Is it fr usable?

no

Then why u need it lol

maybe it will be soon

if cryptic fixes pwn64bit

So it's like onboard?

but only A11-

No not onboard

But similar concept?

Fr usable

Soon

onboards were never broken

they always worked

for all devices

Lol but whats the issue

but most people OTA’d so the onboards were also OTA

which dont work with fr

If they IPSW upgraded

then they wouldve worked

Oh

hmm how do you get onboards. installed system info but don't see it

Apticket

Swipe on ecid

swipe left on the ecid value

if you dont see anything

get it from the right repo

@low summit apticket is useless

looks like i got it from the wrong repo then

Is that not onboard?

disk1 files are are onboard @royal flint

eg dumping LLB from disk1 we can extract the im4m

its the full blob

img4tool is just buggy

https://apt.arx8x.net

thank

img4tool seems to be broken

I know where it fails

restore behaviour is inherited from the previous restore right

with onboards

wym

restore behaviour of onboards depends if you updated/restored to that version

if you updated the onboards would be update blovs

if you restored it would be restore blobs

I believe blobs are just the hashes of each component encrypted with tatsu private key

the public key decrypts

what encryption algorithm?

its signed

theres is a POC tatsu server

in python

oh

so no encryption method

where is restore behaviour / ecid / board config / build id / apnonce stored then

should be in the blob too

its rsa

oh im dumb

its encrypted with rsa

yeah im dumb how could it not be

the private keys are the holy grail

or a9 sha1 oracle hack

just hack apple servers for key ez

If u could do that then u could just restore to any firmware

yeah haha

today, I wanna sign iOS 10

And break icloud

@valid adder how does the public key decrypt then?

you need private key to decrypt in rsa i swear

its a key pair, thats how cryptography works

only the private key can encrypt, but the public key can decrypt

that only applies to messages encrypted with the private key right?

what if you were to encrypt with the public key, would you have to decrypt with the private?

theres 3 versions, sha1, sha384 3k and sha384 4k

sha1 is a9 and lower, 4k is a10 and later idk when 3k comes into play

yes

A11 is 3k by itself

no

a10 and a11 are the same

oh

I belive a13 is 3k

idk tho

true

4k is definitely a10-a12

the only thing this project needs to work is official tatsu private key

tbh even if we did manage to get the private key and sign every version, wouldnt sep and bb hold us back?

right now if we patch bootrom to use the fake sham public key and sign with the fake sham priv key, we can boot to stage1 without sigpatch @zealous bridge

thats how rmvsigchecks.py works?

no because we made our own blob using the current separt and sepnonce

same with bbnonce

its godmode

with the privkey

surely there must be some incompatibility or smth

rmsigchks has nothing to do with certs

I was giving an example of how to do it by only patching in our own public key

oh

yeah that makes sense

i was wondering how it relates to the tools we have available to us today

doesn't this just make you love how insecure and secure iOS is at the same time

true, it’s like they’ve locked every door down with the hardest lock you can find, but all with the same key

we have poc tatsu available for us today

it has shamkeys

not the real tatsu

but if we insert the real tatsu private key it will be actual tatsu

the thing is there is a different keypair per bootrom

oh so it’s everything that we could copy basically

is that what they post on theiphonewiki

firmware keys

firmwarekeys aren't related to signing at all

apple is slowly moving to an unencrypted firmware model

ohh

different rsa keys

Why unencrypted

idk we should ask them

apple

Ok I'll call tomorrow

same

first with iOS 10 beta the kernel was no longer encrypted

@split torrent oi

then later came rootfs and logos and devicetree etc

Wait can you give me examples for this so I can ask apple

Oh you are rn

bruh

Lol sorru

sepos has to be encrypted tho right

is there an actual question right now all this is theoretical and hypothetical

Jtv lmao

Lol

this is educational

@vivid nova you ask them then, ur the spy

AP Bootrom decrypts all firmware components
SEPROM Bootrom decrypts sepos

huh?

We need the spy

thats why its such a pain, it has its own bootrom

LOL

thats why checkm8 gives us no control over sep

fucking sep

until blackbird came along

I got control when your mom came along

Stupid Extra Processor

The baseband has it’s own processor as well lmaooo

Fucking Device Restore

Oh mine was Future Damn Restore

Imagine locking down a fucking thing that allows you to call people and literally nothing else

we need to figureout how to modify bbnonce

but first is FDR sep panic

^ that please, Apple doesn't like teaching-learning. Can't everything just be open source

i'm going to guess that "unable to personalize boot" is a sep issue too?

There's usually another error? Saying why

@vivid nova I blame user error

not my problem

true

or apple just fucked up

have any other tss questions

Does personalize = sign

no

Oh

what is personalize then

encrypt?

wen eta tss on-device be great again

personalize means convert the component to im4p then add the blob IM4M to it then convert to img4 @lilac wren

Oh ok

So sign + extra conversion steps?

theres nothing to sign

the blob is the sign

So it's signing the component

signature*

the blob is the tss response

the blob is the sign

lol

Yeah

blobs are just tss responses backed up

literally

Oh ok I see what you mean, it's not *being signed* it's just attaching the signature

.shsh2 is no different than .bak

luckily onboard img4 has BNCH(apnonce) and BNCN(generator) so we can reuse the blob

Neat

BNCH is im4m, BNCN is im4r

How does it verify signatures on boot? Using that public key? And is this readonly? So if private key got leaked, Apple couldn't patch?

Ok nice, that's what I thought

i have the public key, i could leak it rn

Lol

lol

it uses the public key to decrypt the blob im4m values, I assume the hash is what's encrypted. if the hashes don't match it fails @lilac wren

ikik

just a joke

Ty

yes game over if private key leaks

exactly

they use different pairs for each bootroms

but the sad thing is there is a difference keypair for every bootrom @sacred estuary

so thats more added frustration

yep

cfw

Not too knowledgeable, what's a key pair and why does that make things worse?

for life

untethered

cfw

we can sign our own fw

public keys is what you give people to encrypt messages, private keys is what decrypts those messages

Oh there's a different public key per chip is that what you mean?

public and private key

I know that but what do you mean different per bootrom

Per unique device?

per each bootrom revision

https://en.wikipedia.org/wiki/RSA_(cryptosystem) time to read @lilac wren

Ty

bootroms arent all the same

Yep, got it now ty

Not hard to find

the bootrom version = the iOS iBoot version of launch iOS

eg: a9 6s bootrom is the same iBoot version as 9.0 iBoot

https://www.google.co.uk/search?q=apple+tss+public+key&ie=UTF-8&oe=UTF-8&hl=en-gb&client=safari

the funny thing is I've been doing this since 2016 but I didn't really learn tatsu/brom until 2019/2020

@zealous bridge bri'ish

tatsu sounds japanese

it does

tss means tatsu signing server

Ik

But it was “designed by apple in california”

FDR means fucking device restore
SEP means Super Extra Pussyshit

lmao

the pub key would be the same

Can confirm

Well they are RSA 256

I believe auth keys are used for baseband and friends

theres no 256, just 384 shortented to 64 chars @zealous bridge

I meant this

It’s RSA-256

I was told that since i have no blobs to go from ios 14.4.2 to ios 14.3, i have to use the no blob method, i just jailbroke with checkra1n, what do i do next?

tatsu doesn't use 256

other stuff may use 256

these auth keys do

you said for baseband

@gilded jolt not possible

you need blobs

How do people even find bootrom exploits

they work backwards?

Isn't there a no blobs method

and i work forwards

you see something weird in the code so u work backwards

then something something hooray

how do they view the code

@gilded jolt that requires 14.2.x or lower

you can't be on 14.3 or later to use noblob @gilded jolt

You can be on 14.3

Tanbeer did 14.3 -> 14.3 editing systemversion.plist I think

^

On his main lmho

That was stupid

It was

idk how i still have a jb

although is there any point in 14.3 -> 14.3

true

literally no point

Tanbeer would do that

Except flexing that your preparing update takes 3 seconds

Ohh ok, there was something else involved with it though, i think someone said mybloxx and tricking the phone into thinking it was on a lower version, ill reply to what they said

that requires 14.2.1 or lower

@gilded jolt that requires 14.2.1 or lower lol

This is what I was told yesterday

although if you have a jailbreak you can edit SystemVersion.plist, you will be on too high of an SEP for the OTA method to work

@gilded jolt that person didn't know your context

or they don't have any idea what they are talking about

Ah ok

Thank you anyways!

Have a great day!

@zealous bridge @lilac wren any other questions

I don't think I have any more!! Thanks for sharing your knowledge ❤️

this man is a literal sql database

lol

#Cryptic best genius

Lol true

imma ping u if i have anymore tho

im still looking into a14

but i think it’s server side

so nothing we can do

14.2 XS

#818879231772983357 message

on a mac... hmmm

No access 4 u

true

!​t noECID4u

Let's go, took 10m but Microsoft finally did it all automatically

I had to just change my name

from froggy to Toad

Lol froggy what now

Did you just call me a to@d

Toad to ur mom @vivid nova

^

Tv's don't have 'rents

A for effort tho

your mum pays me rent

^

Lol

my 'mum' wouldn't be english

i can make her english

your mom would

You can be my mom

Eww

Cute

Lol

how? I'm yo daddy

No

You are now Ms. JTV

Giving birth to a frog

Lol u walk into that one

that'd hurt

Daddy toad jtv

you’d know from experience

frogTV

O_o

the only experience your mum had with me...

better love story than twilight

Wow

JToad

.>

JToadVision

yeah she complains about it everyday

Froggy turned toaddy

well you gotta put batteries in it

batteries in a tv

in the remote dumbass

I'll put batteries into ur mom

JTV is a nice TV, looks good from 8ft away but is awful up close

/s Ily

❤️

Jtv ain't even 4k

You're a delicacy where I'm manufacturered

true

A swamp?

tvOS 15 😉

Matches up

thailand

tail and

what?

Tail and frog legs

tail and head

love autocorrect

love y'all moms too

😉

Only tadpoles have tails, and I don't think that's humane if they're that young...

tf you talkin' about.. they eat frogs there

Tail land

They eat tails

https://tenor.com/view/nope-stupid-slap-in-the-face-phone-gif-15151334

can i remind yall that this is #futurerestore-help

i do that to your mum

can i remind y'all that I'll be calling your mom later on tonight

Oops ur right

We're calling apple tomorrow

Imma spy

Oh no

Only Apple Peach knows

Lol

what are we trying to do now

no idea

whats the tss ssh password @valid adder

asking for a friend

🙂

hey apple

need tatsu ssh keys

reason isn't relevant

@split torrent

need your mom

#jailbreak message

cringe when you gotta relay a message

@zealous bridge if sepnonce, separt, and bbnonce all match the blob we can basically just install that iOS version without latest anything

Eta sep nonce setter

soon

wait i thought the reason sep had to be compatible was hardware-related

that moment when idevicerestore detects DFU but iTunes doesn't...

yes SEPROM controls sepnonce

hardware

@low summit @silent tusk I'm an idiot so sorry, had 50 day delay profile enabled when you guys got the MDM... That's why it always showed 14.4

Lmao but I got 14.3 anyways

Oh yeah lol

Ok good at least

So didn't matter

@valid adder when you say the latest sep is incompatible with say 13.3... do you mean the sepnonce is different

Seems like the firmware push overrode the restriction

nah but

you had it to 50

lol tryna teach me bs about how it has to upgrade to 14.0 then 14.4 then 14.4.2

and i saw 50

but then u changed it to 90 or something

It's always different

Still don't work tho

We can't upgrade or downgrade sep

Rip

because ti changed in the mdm profile

when i was looking earlier

Oh then maybe that's how Microsoft does it idk

yeah maybe

anyway

How did that one guy succeed

I really want to know

I believed it ok

nah but

I think 14.4.2 has a full OTA ipsw

we can, just dunno how

wasnt the proven ?

didnt someone post pic earlier

literally no-one

Ur mom does tho

We can also make your mom fly, just dunno how

thats not how it works

that said like "minimum 14.4.2 partial version: 14.4"

and then full was null

your mom can swallow

so?

your mom.. dunno 'bout that

Ty

incremental means incremental software update

yes but maybe incremental is incremental from latest base 14.x version?

idk

It is

but ig its been a long ass time

since that has been needed

But that doesnt mean you have to upgrade to the base version

Froggy where the link to fr gui

http://FRGUI.cf

Go check out genius bar lol

It's in my name lol

Oh ok

They stuck in recovery

After ota

Azure pushed update erroring out immediately... Is it just me?

As soon as I click download

Reboot

True lol

Won't work bro

Ok rebooted and 14.4.2 works ota

Time to try 14.4 again

Worked!! Tysm tanbeer

np

Ok question, I quit it before it was going to finish downloading, but is there a way to cancel before it updates?

Force reboot when it says verifying update or something?

I think that'll be too late imo

Or maybe I just don't test it rn lol

Don't do it froggy

you dont have to install immediately after download

U can't stop the jb

Restore I mean

Yeah but this is pushed from Azure, not sure if it instantly installs or not

Jamf pro has that option I think but idk if azure does

i think its dependent on whether you have a passcode actually

Instant install imagine

Does anyone have a test device where 14.3 can show up? Don't need you to update, just try something simple

AKA this

lol that's not gonna work

I know I just want to see if it blocks all updates

that is good question

Bc console told me it was a zero day delay

i can try on my 6+

Which isn't supposed to be possible either

Tysm

send prof

Of what

the 200 day delay profile

I just showed it

^

yea i need the profile to be able to see if it works lol

Oh I'll DM you

What ur doing?

A test

Explain lol

!t joe

-_-

How the experiment go

Unsure results

Will work on it tomorrow

i do

Mind if you try tomorrow haha, about to go to bed

sure

im trying to save blobs using the non jailbroken method and shsh host says apnounce invalid format on my iphone 12 pro max

even tss saver conan says its invalid so you can't save blobs on a non jailbroken iPhone 12 Pro Max?

im on 14.4.1 on the pro max

does that change anything?

after trying for a few times i was finally able to save blobs

for some reason ApNounce keeps changing when i restart is this normal?

can't save @marble yacht

i did i was able to save my blobs

although it doesnt update, it DOES show up! send me the profile

I’ll DM you

Hm that may be interesting, are you willing to try spoofing version around in SystemVersion.plist?

Or you mean 14.4.2 sep because of FutureRestore?

Yes to which lol

Ah ok

Once I see the results of dabezt I'll lyk

@low summit hey man you online?

Doesn’t seem like it

gm folks

whats new

What's up

Still testing the 200 day profile

ah

yea i think my device may have been broken

even with a SystemVersion edit i still get 12.5.1

200 days goes to what firmware?

Oh lol weird

13?

That's what we wanna test with you one sec I'll make a gc

gm

Gm!!

WHAT

200 DAYS?

oh

Lol

Testing in progress rn lol

Lyk results later

alright!

When fix this fdr error a11 device from 14.2 to down @valid adder

u cant

just stop

1. dont beg for fixes, only report issues

2. it will never be fixed, i told u yesterday

Back from testing

pog

what happened

Some profile to stop updates lol

ye ik

@lilac wren did anything new happen?

other than update blocking

From what I gather u could change the delay to anytime lol

U could probably get any firmware

hm

im mainly waiting on ipwndfu

but this is also exciting

Same

Ipwndfu uses what files?

Cat?

uh, it can downgrade to any firmware if u have to blobs for it

i have 13.7 blobs ready to be used

Any blobs?

Including onboard and other stuff?

well, onboards kinda broken

This is wrong lol

I'll lyk in a bit about to get vaccine

What happens when it's 200 days

It does 0 day

YO POGGERS

this is pog

my parents still have yet to get theirs

I want mine

About to work soon

Yep I'm so excited lol

Hope it doesn't hurt

U might get fked up lol

The second one

Yeah I'm about to do first rn

Is the second a lot worse lol

Like a day it hurts or something

Might get a bit sick

oh

wtf

that probably sucks

but its worth it

That's what prof said lol

Don't take it during finals LMAOOO

LOL

Lol

JAMF keeps tryna call me LMAOOO

Lmfao

Apparently Jamf Now is free

Should i pick up and say i’m switching to Intune

does not look as featured as meraki tho

Lmao

nah

jamf now is free

yea

did u sleep @royal flint

ye

i don't feel like shit anymore

amazing

oh nice

thats always good

ye

Did you sleep @zealous bridge

nah i just started doing my history essay at like 7

so i can get it out of the way

Damn school and testing?

yeah im on break rn anyway

my school starts on Monday

fkin hate it man have to be at school for 12 hours a day

imma be fasting as well cause its Ramadan

12 hrs a day tf?

yeah my skl is from 6am to 6pm

Uk sucks then

Its private school

I love Ramadan

Normal schools are like 7 hrs

Oh

Tanbeer did coocoo tell you

Private school sucks then

Abt the new OTA block

Ye i just tested it

He made

It works?

it works

Doesn't work without supervision tho

but you have to have a jb to install it

That's kinda pointless

or wipe device

@zealous bridge let’s test it on like 2 or more people

I already tested it

Works

But so far it looks like it works

Doesn't Ota disabler do the same thing lol

and a lot better

Without supervision

yeah

wait what

jamf is free?

what

LMAO

jamf now is

jamf pro isnt

Jamf now doesn't let you choose version

ah

Already tried it

rip

Before intune

What's jamf

mdm

mdm

lol

Btw just got vaccine first dose

I don't like shots

poggers

Waiting period now

ur immune

Lol

well semi-immune

Not yet

U need 2nd

ah

damn it why is storage always full on this thing

6+?

16gb?

Se

ah

yup

oof

my 6+ was 16gb

nearly impossible to use

16 fb was ass lol

Can't remove it if you forgot to get rid of it after updating

i literally ran icleaner every hour

I had 32 since 4s i think

this, and it also screws ppl over if they did

i literally had to play app shuffle
uninstall one app to install another

ota disabler doesnt even enable ota if u restore root fs, u have to manually delete the tweak with apt

But u need supervision for his profile lol

yes but u dont need supervision to remove it?

And if u update without removing that then ur stuck to

but it doesnt work without supervision

Supervision stays with updates

Lol

yes but the profile doesnt work if u unsupervise

It will continues to work when you update

Remove supervision right after getting the profile

Still works

Since supervision doesn't go away

So u need to have a function to spoof supervision in ur tweak

Get rid of supervision then

It does

wait it does

At least I think so, it worked for 90 day

what if u reboot

Good question

I'll try rn

Lol

it should work

as long as the profile is installed

but reliability in the long term hasnt rly been tested

like what if it randomly unblocks it

does audioos or tvos beta profiles work?

https://betaprofiles.com/ios13/iOS_iPadOS_13_Beta_Profile.mobileconfig）#tvos14