#futurerestore-help

wait a second

i might be wrong

damn i'm wrong, it is signed @lilac wren

Could we just use a 14.2 or lower version, install the profile, don't track mesu but instead track the http://updates-http.cdn-apple.com/ one, to see where it gets those 14.3 OTA's files ? Then on 14.4 device, we could modify the request to hit this http://updates-http.cdn-apple.com/ URL, and thats it ?

it looks like it's HS256

we already know what the URLs are

mind sharing ?

you can get it from pallas

the problem is there are sigs in the pallas response

Oh rip

so you can't just run your own server and call it a day

and you can't edit the pallas request because that is also signed

why tf is pallas signed

who fucking signs apis

well for exactly this reason ig lmfao

so annoying

Can you share that url ? I wanna try on my own, would probably better understand what you mean

ok

Pog Member+

nice

so say you make your own HTTP server correct

and pretend to be updates-http.apple.com?

now you can serve your own files sure

but the device also has a checksum and/or signature for those files

and it won't match

So just ask Pallas for the response with the extra param for 14.2 added, right? With our nonce as well. Just have to do it fast so it doesn't time out

well gotta change current version too but yea

Why should I make my own HTTP server ? For example, I could just swap any OTA files request from updates-http.apple.com by another one ? Like how I did to get 14.5 beta 7 without the beta profile

You can't edit the URL in the response because the response is signed

I dont edit the response, but the request

@lilac wren thing is though, if you want to dive in that route, you could always just defeat MobileAsset's sig checks with a tweak lol

You got me confused here

request to which server are we talking about

mesu is useless it doesn't have supervised versions

That'd still be progress

tanbeer said you managed to get the pallas request & response on device

how'd you do that?

i've never done tweak dev but i've dabbled slightly in dylib swizzling on macOS

wondering if it's similar

I know that.

For example, on 14.4.2, I got to "check for update" view, it make a request to mesu. I modify this request, and tell device to request on mesu/iOS14Seeds, mesu send back a useless xml, saying theres an update to do. So device proceed to a 2nd request on updates-http.apple.com/iOS14Seed that I could swap with the good updates-http.apple.com/ url with the 14.3 OTA files (Thats the url im looking for). So device will download 14.3 OTA files. Then I install the delay profile, and start the upgrade from settings. It will downlaod the full OTA, verify it with the delay profile, and Apple will allow that in theory

where is pallas in that flow?

the URLs are grabbed from pallas

not mesu

you’re forgetting about tss btw

like completely

well yea we can't check TSS rn lol

tss would be apple side, shouldnt be a problem ?

gotta get device to download 14.2 first

Like you do for 14.2 to 14.3, no tss stuff

doesnt tss get something from pallas too

to verify

So the 14.3 OTA files are not downloaded on a updates-http.apple.com request but pallas one ?

Oh yeah

TSS has to confirm that they were downloaded the url pallas would’ve given

@zealous bridge what updates were signed 2 months ago

so you can’t just “swap it out”

My dad said his old ip8 was used only 2 months ago

uh check ipsw.me

14.4 was def signed

it goes like this
mesu request -> pallas request -> download OTA from URL given in pallas -> blah blah blah -> TSS
(idk what this is used for) (get OTAs)

pallas is gfmd right ?

yes

gdmf

So there are 0 request made to updates-http.apple.com when supervised ?

the URL given in pallas is to some file on updates-http

Is there restrictions for supervision for ios?

wdym

Can ios 10 spoof supervision?

uhhhh

i think it's been a thing since at least ios 9

maybe earlier

Oh OK

however delayed software updates have only been a thing since 11.3

So 11.1 can't use Ota?

Oh I see what you mean.. There an additonnaly layer of request made when supervised... Bc when not supervised, it only do mesu -> update, no pallas

they can't do deferred yes

no

pallas is always done

Mybloxx is only 11 and 12 minimum I believe

i just do proper supervision so ¯_(ツ)_/¯

lol

What's the issue for A14

And ota

TSS says no

Personalised requests fail

When i was sniffing, it was mesu -> update directly

did you disable cert pinning properly

gdmf is pinned by the kernel

so need to get rid of the pin

the fuck

@lilac wren so i can intercept gdmf on ios 14 but not 12

lmfao

ok then

I'm having trouble using FR with my phone. I'm trying to go from 14.4.2 -> 14.2 with A11. Does that sound good ? I was able to change my nonce gen with checkra1n JB

it said bad nonce and i have to restore in 14.4.2 my phone

trouble is very vague

yeah ^^'

you didnt set generator properly if it says bad nonce

make sure its the right one and make sure you’re not rebooting in between setting nonce and using fr

yeah so it's supposed to be doable

ok

If I use the "no-appnonce" shsh and set my own gen to 0x0000000000000000 it's ok ?

what

no

your generator is in the blob

oh fuck it's 0x1111111111111111

plus I don't see the problem here...

download OTA from URL given in pallas
Once we have that URL, it could be swap from the original one isn't ?

yes

technically yes, but since tss will check the validity of the firmware before signing it won’t install

thanks, looks like I messed up 😆

Y ? The firmware is valid, thats the whole point of the OTA method used with delay profile

but you ignored what pallas responded with

which is what tss will probably check against

changing the url = changing the firmware since the certs arent the same

Hmm so Pallas would send the URL + other stuff that will be checked when validating the upgrade ?

yes that’s what will probably happen

probably share that URL, let me confirm this lol

it’s kinda like nonces but with actually firmware components

yeah someone can confirm this lol

I would love to, but I don't know what URL pallas send back

need to intercept the response with charles

Cant as i cant jailbreak. But the URL should be the same for everyone with the same device as me

how are you going to swap it.

you can't spin up your own server and swap it there because the checksum won't match

you can't edit the pallas request because that is signed too

^ that too

this is even before tss

K thanks

why is this in #futurerestore-help

^

Lol

Pffff got confused sorry @zealous bridge

anyways froggy, i'm writing a fake relay server rn

Ill look when you submit. Weird that its doing that

nah ur good lmao

iOS checks the signature of the response from pallas, if you swap a URL in the response the signature doesn't match anymore

We just talked in another channel and now I use my phone so it got into this channel 😑

Love this channel btw

...thanks?

lmao

:p

Does he just lurk at our conversations or... Lol

i think a lot of people do

What was the key called again?

to specify 14.2

Nah I advice when I can but mostly ask questions

RequestedProductVersion or smth wait

ah RequestedProductVersion yea

the same one

Past that, now we're trying to fake(?) it

it’s the same tss server

bad tweak

request keys

you can save ota blobs

but those are useless for A12+

and you need to wait for futurerestore to be updated

as you need bootrom exploit

and i think ipwndfu might be so buggy that its basicaly broken

not randomly generated

for example

if i wanted to get a delay requested update

in my request i’d put

Like?

delayrequested = true
delayperiod = [delayperiod

Do they have a separate tss server?

when the server looks at that

no

the requests are signed

So how's the infinite profile testing going

but you can kinda request ur own thing from pc

but it’d be useless on device

Yeah I tried editing the request with charles (just the nonce to something else) and iOS rejected Apple's response

yes

apple saw mfs like us coming from a mile away

anyways once tss sees those keys it knows that it’s a special case scenario and will sign them

provided everything else is fine

but ultimately it’s the same server

Wait this concerns me

Because if the device remembers what request it sent out, even though it got a perfectly valid signed response, it didn't accept it

So if we get a perfectly valid signed 14.2 response from gdmf, ios won't accept it maybe?

Or maybe it stores the nonce, sends the request, and since the response had a different nonce it rejected it

it stores the nonce yea

and also the sessionid

So it should be as simple as changing the request to add 14.2

or at least we should keep those two the same as they change all the time

• change current build version, and change delayrequested to false, and remove delayperiod

Yeah

Wait I can literally do that rn though

Let me finish lunch and I'll do it

However I'm on 14.3 so I'll do that but with 14.4

mesu request -> pallas request -> download OTA from URL given in pallas -> blah blah blah -> TSS (idk what this is used for) -> get OTAs

Ok so, when not supervised, you can sniff anything right ?
So why not swap the orginal mesu request with the 14.3 mesu -> pallas request would get a valid sign for 14.3 -> swap the URL given by pallas to the 14.3 OTA -> blah blah blah... ?

If I've managed to get 14.5 OTA files by swapping the mesu + url given by pallas without the beta profile, i dont see why this woundnt work

What is "get OTAs", and TSS signs the firmware right before it installs

Whether supervised or not, you can't sniff unless you disable ios ssl pinning so you need the tweak

Because the XML seems to be the same whether supervised/delayed or not, Pallas is the one that chooses the specific version

Whether supervised or not, you can't sniff unless you disable ios ssl pinning so you need the tweak
Do i need to sniff pallas tho ? Like how did it work for 14.5 without the beta profile then ?

@royal flint can you confirm this

ignore the get OTAs part, formatting got messed up

#futurerestore-help message

they were quoting this

yes

exact same to if i opened the URL in my browser rn and downloaded

I'm not really sure, you need to enable ssl proxying on gdmf to even see the mesu requests supposedly. Maybe you can get lucky and iOS will let you sniff, it seems like it happened to me earlier as well

i got my fake server working, neat

time to test with charles

Gl

I didnt sniffed pallas, just swap mesu to iOS14Seed, then pallas got me the right URL from that XML

XML seems to be the same whether supervised/delayed or not, Pallas is the one that chooses the specific version

So Pallas give an URL for OTA files that aren't in the XML since there's no 14.3 one in the regular .XML ?

What are you doing with your fake server, adding the ios 14.2 Param to the request, gdmf'ing it, and returning that to the phone?

hmmm

looks like it errored somewhere

getting up to date

let me try requesting 14.4

still didn't work 🤔

let's check logs

oh i'm dumb

what are you trying rn

I don't think you can be on the same version as you're requestinf

i forgot to restart server lmfao

Oh you're spoofing to be on 14.0?

well spoofing in the request

Oh I see

And you don't think the device will reject the response since it believes it's on a higher version?

it looks like it is, but i wanna make sure its all working first

so changing to not spoof, and changing requested to 14.4

Do a completely normal request first as control

Where it uses your server

But you don't change any keys

yea good idea

^

it works!

14.4.1 (i have a delay period of 30 rn)

Awesome

alright now let's try RequestedProductVersion 14.4

Customizing the pallas request

exception in my code, hmm

Uh

it's making a request with a DelayPeriod

and then another without

weird

to do what exactly

Get versions beyond the 90 day delay

14.4 shows!

yes

oh wow

One of the request's is for documentation probably

because apparently you can get 14.2 using the MDM method

if you guys pull this off lol

That's good

?

according to whom

RequestedProductVersion

Oh

i tried it with my script, with a product and build of 14.0 and a requested version of 14.2

and i get a delta and a full

RequestedProductVersion = 13.5 eta wen

lol

What version are you really on

14.3

Oh ok

Uhh what's a beta that wouldn't have an delta

14.1 beta should work

14.3RC

I’ve tried that myself

Hmm yea it seems to be checking that the OTA is not older than itself

which makes sense

i got 14.4 as well

no server needed

just breakpoint and edit in charles

literally?

bruh

yes I add one line

it's hilarious

RequestedProductVersion

yep

i'm too lazy for this lol

Bro imma try this rn lol

Let's keep this between us until April 26

so that apple doesn't patch beforehand

I mean it useless until we can patch out the check on device or something, but yea

it won't let you download? wdym

Won't let you go to a lower version

for 14.3 when 14.4 deferral is over

Ahhhhh so you mean still jumping from lower -> 14.3

i was thinking about trying 14.3 -> 14.2

@zinc moon @low summit do you have a phone that's actually lower than iOS 14.2

yeah haha

this would be cool if we could get that to work

see we could test on iOS 12 tomorrow because 12.5 expires tomorrow and i have something on <12.5, but intercepting Pallas isn't working

No

ah ok nw

@zinc moon does

I still have something else for you to test though

if you have that device you're ok with erasing, when you have the time

sep?

lol

cant downgrade at all

true

just wondering if i can get it to show on device tho

completely forgot about SEP lmao

14.3 to 14.2 is impossible

Tried it multiple times already

Even 14.0.1 with latest sep can't Ota to 14.3

U just get verified error

ye ye ik

just want to see if it will even show on device for shits and giggles at this point

If it works then it be broken lol

Big Apple L

lol

If somehow we could bypass sep check

Latest sep should work with 14.3

uh

i got a 400 bad request

lmfao

what'd you do

i just added RequestedProductVersion:14.4

do you have delayperiod

no

delayrequested is false?

yes

uhh send request i guess

400

no i mean send your edited request here lol

    "TrainName": "AzulC",
    "SessionId": "6A4E3091-A44D-4523-96CA-653B7F6FB3FD",
    "ProductType": "iPhone12,1",
    "AssetType": "com.apple.MobileAsset.SoftwareUpdate",
    "ProductVersion": "14.3",
    "DeviceClass": 1,
    "DeviceVariant": "B",
    "SigningFuse": "true",
    "ClientData": {
        "AllowXmlFallback": "false",
        "DeviceAccessClient": "softwareupdateservicesd"
    },
    "Nonce": "F59F0109-774D-4BFE-A08E-68B7A9196021",
    "Supervised": "true",
    "ProductName": "iPhone OS",
    "NoFallback": "true",
    "BaseUrl": "https://mesu.apple.com/assets/",
    "AssetAudience": "01c1d682-6e8f-4908-b724-5501fe3f5e5c",
    "BuildVersion": "18C66",
    "ClientVersion": 2,
    "InternalBuild": "false",
  "RequestedProductVersion: 14.4",
    "AllowSameBuildVersion": "false",
    "BuildID": "238D3D4C-3940-11EB-8D33-A61B81E77CB1",
    "IsUIBuild": "true",
    "HWModelStr": "N104AP",
    "DeviceOSData": {
        "SystemImageID": "5AD8BD31-B8BD-4FD6-9C4C-90645CA26AE1",
        "BuildVersion": "18C66",
        "DeviceVariant": "B",
        "ProductType": "iPhone12,1",
        "BuildID": "238D3D4C-3940-11EB-8D33-A61B81E77CB1",
        "HWModelStr": "N104AP",
        "DeviceName": "iPhone",
        "ProductName": "iPhone OS",
        "ProductVersion": "14.3"
    },
    "SystemImageID": "5AD8BD31-B8BD-4FD6-9C4C-90645CA26AE1",
    "DelayRequested": "false",
    "DeviceCheck": "Foreground",
    "CertIssuanceDay": "2020-09-29",
    "DeviceName": "iPhone"
}```

oh shit does it have to align

no

hmm weird

oh waut

fucking quotes

lmfao

200 OK

nothing on device

tf

is 14.4.2>14.2 possible with A11 ?

no updates available?

no it just keeps checking for update

then timeout

oh i have to execute the response too

guys I have this error when trying to downgrade my iPhone8 plus

no

ah

ok now its just saying unable to check for updates

ffs

14.4.2 > 14.3 then ?

yes

@lilac wren how did you do it

i just added that line

executed request + response

that's all you do, add that 1 line to the request

make sure you're supervised too

and it says unable to check for update

i am

if you're having issues you can try my script

you just need python and 2 modules from pip (flask and hammock)

i dont see any requestedproductversion in the response tho

yea its not gonna be in the response

oh wait

does the nonce change

every time

yes

yes

oh fuck

and the sessionid

GUYS

ok no that still doesnt work

I unsupervised

and it shows 14.4

if you change pallas supervised to true

rebooted?

WTF

yes

LOL

LMAOOOOOOO

i mean yea

that would work

apple make it so easy wtf

this is amazing lol, ppl can do this without wiping their device unjailbroken now

wdym

you're supposed to be supervised, otherwise it's not supposed to let you get anything except 14.4.2

to supervise, without jb'ing and spoofing, you need to wipe your phone

now you can be in like any state and get 14.3

no more mybloxx

yea but either way you have to jb

no more supervisedenabler

oh true

true

mitm lol

yeah rip

but no wiping

well you never had to wipe if you were jbed

oh ye

@lilac wren were u spoofing with mybloxx before

no I only used RoCordvise and now SupervisedEnabler

im just permanently on supervision lmao

still spoofing

why doesnt it work ffs

am i being too slow

could be

you sure you don't wanna try my trash code

does this work for on device

yea

how

basically

code runs a server

use charles to redirect request to server

server edits it, send to pallas, and returns what pallas responds with

charles makes it all look like it went to pallas directly

that feels so unnecessary, is there a way to make it more efficient if you don't want to just breakpoint

im getting 400 again?

is map local request a thing maybe

yea but nonce

Turns out my dad updated the 8

So no lol

hey mesu came up again unsupervised

i still havent got mesu

lma

14.4

YESSSS

this is the weirdest thing ever... unsupervised mesu requests every single time

BRO ITS DOWNLOADING IT TOO LMAOO

lol

this is so jank wtf

how low can i go

cant go below curr version

is there anyway for me to downgrade to 14.3 from 14.4 i was on ios 13 but i bricked my phone and had to restore (i have a blob)

systemversion.plist?

i wonder if you can go to curr version

tried

what happens

up to date

did you edit the version in the request too?

yes

fuck

did you reboot to apply changes

or just straight out

^

curr version shows up to date

same for me

and I even switched allowCurrentVersion or something to on

reboot

i just did this lmao

same for me

14.2 shows up to date

fuck

what

wait we can't modify mesu if we don't have a mesu file for 14.3

that's an issue

i rebooted

oh

fuck

I'll try to manually make one

wtf do we need mesu for

how does it know wtf

unjailbroken, no kill switch

it still asks pallas and that fails tho

first thing it does is ask pallas

if that fails no xml will save you

then how did it work for the apple tv + this guy to 14.5 beta

lol

i don't get the 14.5 beta thing

he just swapped the XML file with the 14.5 beta one and it worked

i need more info

map local

with beta xml

didn't touch pallas

and he got 14.5 beta without the config?

I'll do it rn

yes

aight yea see if you can do it

What's their name again

azzou

so we gotta wait til 26th and then test huh?

@radiant mountain could you send the URL for beta xml here again

yes pretty much

(18A8395)

https://mesu.apple.com/assets/iOS14PublicSeed/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml

oh ty

oh yea

you dont need to map local

just map remote and change the path

that works too

but I wanna map local to edit specifically

¯_(ツ)_/¯

omg the XML is 26k lines long

lmao

the normal one is 140k lmfao

wow lol

or we find someone < 14.2?

that would work for seeing if 14.2 is signed

error

i can't map the beta :/

sus

get unable to check for update error

Someone has less than 14.2

@zinc moon

It tried to access another part of mesu as well but got 403

I assume because the profile isn't installed but idk

awesome when they come back we can test

taurine failing exploits

But it's his main and fr

Fr matter or not?

we won't update it

we will just see if 14.2 appears

and maybe try to download it

Oh OK

btw, mesu seems to be hit before gdmf

I think after it decides what version it wants from mesu, it asks gdmf for it?

taurine has failed 6 exploits in a row

tf did i do

LOL

it kps every time it finishes

i edited the systemplist to 14.1

does that affect it

lmao

that happened to me twice yesterday

first time ever

also first time kp on reboot userspace with taurine yesterday as well

so it's not just you

but 6 times in a row

hard reboot phone on airplane mode maybe?

it says jailbreak finished sucessfully

GG @zealous bridge

goes to the splash screen

if svplist messed it up you'd be bootlooped i think

Taurine is just buggy lol

then kps

wow

Took like 7 tries

For my xs

the exploit is completing successfully

istg

@void rapids how do we fix taurine

in the middle of the first splash screen it just kps

whats the bundle identifier of Jailbreak Updater btw

Update to 14.4.2

com.julioverne.sslkillswitch2 was killswitch right

probably

need to add it to my script

this is weird, with killswitch I can't see mesu anymore?

k guess imma restore rootfs

Happy birthday.

What's kps

???

@split torrent

kernel panics

lol why happy birthday

Bday to taurine fail

i said it was my birthday to get apple to give me a free apple watch

Lol what

Finally froggy member pro

❤️

lol pay the fee to jtv

Nice nick

THATS WORRYING

TF

what

WHY AM I SEEING PREBOARD WHEN I RESTORED ROOTFS

Jtv steal Joe money and mama

lol this happened to me after getting microsoft mdm

oh im on 14.3

Tanbeer finally fked up with his main lol

nice

ok

@vivid nova where is apple located that you want a $400 shipping fee

time to jb with unc0ver

jk

Lol tf why

Lol

Do it

Who cares

huh

taurine just gave up on me

#futurerestore-help message

for some reason

acc imma use u0 for now

wow ok

cba to go thru that again

Surprised jtv isn't giving out bday atv presents

go ahead and paypal that

@zealous bridge want the watch ^

no

:>(

but it's free

Prob fake ass watch

lol wth is this

surprised your mom is giving out bday presents

k why is u0 failing exploits too

wtf did i do

Stfu @split torrent

No you

oh wait you have to jb twice

oh

makes sense

Lol

imagine @split torrent secretly being saurik

Oh

sus

lol

imagine tim cook is sauriks dad

Or Steve Jobs is

imagine your mom loves TV

she dont

sorry.. your 'mum'

Imagine jtv is sauriks mom

TV is getting outdated

as is your mada

Announcement: The Apple TV device known as "JTV's Mom" is now obsolete

how dis work tho

because mdm sends the version

How many mdm are there

a bunch

i'll get beta profile and sniff

aight

oh yea

did you try the beta xml thing

yes didn't work

i went out for a bit

ah rip

unable to check for update

ah

maybe @radiant mountain can replicate it?

if this works tho
going to 14.3

its gonna be crazy

from which version

<

after 26th

ah ok

the stuff we've been doing

I'd be flattered if you named your device that, unfortunately TVs don't have 'rents

bruh this would be so much easier if i could just mitm ios 12 lmao

You told us that 3 times before we evicted you from your Apple apartment

jtv talking to himself

lol pay rent jtv

it's entertaining ngl

this comment would only make sense if they thought that "'rents" wasn't short for parents

yg don't have device on ios 13 either right @zealous bridge @lilac wren

no

rip

unfortunately

I have one on iOS 12.4.something

but yeah no ios 13

well, maybe you can see if you can mitm gdmf

im tryna get 14.2 to show up

while spoofing 14.1

ios 12 didnt work for me but idk if it's user error

I'm trying to get your mom to show up while spoofing as yo daddy

gl

check console

ig

oh ye

taurine was being an asshole tho

so had to switch

although ac2 seems better than console tho

You can enable smart quotes in Settings > General > Keyboard > Smart Punctuation

successfully spoofed

no

yea after i modded systemversion trying to jb just ended up rebooting for some reason

oh rly

how did you jb then

I can also enable your mom in Settings > General > Siri

wtf

how did i reboot in 4 seconds

no wtf

im jailbroken as well

thats creepy

pcie20 nvme /s

this is how you install tweak via ssh

allow xml fallback is true for non supervised

hmmmmmmmm

any other diffs?

guys I got it

If you block gdmf while unsupervised (well rn I'm doing beta profiles but should work for regular) it only uses mesu

gdmf was blocked and it still shows 14.5b7

that makes sense now

Oh shit

so pallas is skipped or something? mesu xml is the one that matters

Oh shit

which makes this so much more interesting

We can block gdmf

oh wow

Mod xml

oh wow

if we could create an xml for 14.3

Bro

i never thought of that

Just when I was about to eat

pallas isnt required is it

Lol

surely

its required at some point

just when I was about to get bored and do HW

nah but surely

maybe only for MDM/supervised

pallas plays a part somewhere

wow

doubt it

seeing as apple tv worked

I mean allow xml fallback means just that

Fallback

apple bro you make this so easy

well

lol

wait

the request wouldnt be sent to pallas anyway

so

going to try and construct a 14.3 xml now

how much would this help us tho

how does that work

because we still need to be jbed and shit

this is all done without the kill switch tweak

unsupervised as well

so this could be fully unjben

wait no pinning for mesu?

how are you gonna make it work unsupervised, TSS will reject non-managed requests

^^

mesu lets me see if without kill switch, gdmf is the one I need it for

oh

we havent even thought about tss

tss is gonna check pallas i think

since we blocked it its gonna get a firmware mismatch

I mean let's just try it

true

we've come this far

I was thinking of replaying the successful TSS response I had before on 14.3->14.3 but it would probably fail due to SepNonce mismatch

damn I gotta wipe to unsupervise

eh

i got nothing on it anyway

uh

why

i didn't spoof

i had disable auto updates off

why is it still saying

it glitches out like that for me sometimes

restart

ok

it shows up on charles tho

thats what i was saying

What shows up

gdmf

pallas

ah

but on device

no dice

same thing

tf unc0ver

ota enabler time ig

Using the tweak "Perseus"? Apple has implemented this in a much smoother, more native way. Check out iOS 14.5 beta today.

whats the device identiier

pls someone

for what

i am not waiting for cydia

what device

otaenabler

idk why i said device identifer

bundle id

whateve

net.cadoth.otaenabler

CFNetwork SSLHandshake failed (-9807)

oh it might be the proxy

oh i need the charles root certifcate

I'm getting error checking for update mapping XML to a smaller version with only 14.4.2 for my device :/

let me try mapping local to the same file

no error mapping local to the original xml

going to remove one asset and see

oh 172 not 127

removed one random asset for apple tv and it doesn't work

does it check the hash of the xml or something?

hm

you are blocking gdmf right

and xml fallback is true

xml nonce

no nonce

where is xml fallback sent to?

not blocking gdmf actually

let me do that

same issue

I can't tell because I disabled SSL Kill, but it's default yes I think

ok so apparently ssl kill switch doesnt work on u0

fml

oof

rip

why you on u0?

idk

uh

bc taurine is being dog shit for some reason

keeps kernel panicking after exploit successful

so device reboots and jailbreak is lost

did you mod sysver.plist

also the charles proxy didnt work

yes

yea thats why

but it works fine on u0?

idk why but it happened to me too

idk

what did you end up doing then

finished everything before it panik and taurine died

hm

i did ldrestart after editing plist

not sure if that actually works tho

prob doesnt

cause kernel_task is not killed

i mean settings did say 14.1

ah

rip

well

ik the fix for this

but

i cant get charles proxy to work on device

I really should do HW but if Azzou comes back try to get him to recreate the beta thing

yea go do it

it says this

but the proxy dont work

wow leaking ip

jk it's internal IP

ye

that's a weird ip range to use

¯_(ツ)_/¯

lol was gonna say

can someone try this on their device

I love 10.0.0

and see if works

sure what do you want me to do

just need to change the proxy

i have charles working so I can do what you want

set proxy to 172.29.192.1:8888

on device

and try load a website

mine is my computer IP though

^

make sure the ip it shows is right

just change it for now

?

it won't work for yours lol

^

is it supposed to be different

unless I fly to your house

my internal ip is 192.168.1.165

run ipconfig and send a ss

not that

lmaoi

ik what my internal ip is

mine is just my computer IP that I see in settings and can ssh to

i thought that was charles's ip

and how is your phone getting internet

charles should be the same tbh

it isnt

charles stop proxying my mac

hold on

maybe if i change

wdym, you have to be connected to wifi or something

settings icon, proxy settings, http proxy mac > off

how to make it default

yeah but the proxy isnt working

you have to do it every restart

bruh moment]

so network traffic isnt coming

pls lol

go to wifi settings on your iphone

what ip does it show

oh wow

oh wow

it was showing the wrong ip

fucking charles man

lol

lmfao

OH

MY HYPER V ETHERNET ADAPTOR

LMAOOO

it detected that

oh wow

rofl

and was telling me to try connect to that

its probably attached to all interfaces anyway yea

ye the right one is the middle one

hmm so we're testing screwing with xml right

yes

welp

time to wipe

i can also do this

but no wiping

¯_(ツ)_/¯

more the better

are we still gonna find someone on <14.2 to test

or are we just gonna wait til 26

Ur back jb @zealous bridge?

this shit still doesnt work

why is u0 so ass man

restoring rootfs now

Back to taurine

Lol

gonna try again with red bull

Red bull?

Sleepy?

second ingredient

Lght back to red bull bois

why is my os corrupted

rootfs restored

wipe time

bruh im hallucinating every time i look at my phone i see recovery mode screen

when its just apple logo

o

Succession time?

Lol

Do you even have access to cydia or sileo?

i jailbroke with u0

worked fine

but i couldnt do what i needed to do

Which is what?

Spoof?

sniff

k no kp

y'know we should all thank t-mobile for this actually, without t-mobile i wouldn't have a SE to find this on /s

U need sleep lol. Hallucinations

Tell tmobile I said thx

lol

Been waiting like half a year for 14.3

Ey

Im back

alright

What did i miss ?

so we could not reproduce your beta thing

was hoping you could retry

What did you try ?

use beta xml

without beta profile

My beta thing was just to install 14.5beta7 without the profile

Yeah

I could try again in 1 hour, ive to prepare dinner rn

aight

cya

bruh taurine kp'ed again

oof

@royal flint how did you ssh

to do what

you said that it happened to you

kp

oh yea

just restore rootfs

how do u ssh after restoring rootfs

lol

once you restore rootfs it should stop kp

oh

wonder if debug=0x100 works on iphones

anyways, unsupervised, what did i want to do again

right xml time

i have one level left

need 10,000XP

For what?

Edition?

mem edition

damn i cant use my proxy profile

rip

Just ask for dev lol

Cause ur a dev

tf did i develop

Ota

that was

@royal flint

@royal flint for dev

Lol

true

i just switched from taurine to unc0ver to taurine to unc0ver

@lilac wren proxy > proxy settings

u0 6.1.2?

ye

Yes that's what I said

But you wanted it default

yea that's default off

Oh I see what you mean

Ty!

Make a new jb call red bull

why is proxy not working

oh

cant proxy over usb without supervise

oof

imagine red bull actually giving you wings

yea i cant get xml fallback working

hey guys, my restore seems frozen with that in the cmd prompt : unknown data request 'personalized data' received

oh i cannot read

what version of futurerestore

I just got the mac version on github, I think it's 180

ugh I literally cannot find a 14.3 mesu backup anywhere on the internet

well thats very old

oh

what do you see on your device

y tho

the white apple and a progress bar at 50%

oh rip

you're in a bootloop rn

mesu info is almost identical to gdmf

you have to restore to latest

ok np

if you're not on A11 and lower you can't fr again

i forgot which keys were missing

find a full 14.3 XML one on the internet lol, I literally cannot find one

I see iOS 6 and 13.4.5