#futurerestore-help

not even a sepos environment where all we can use is seputil?

Surely we can do that

The nature of blackbird should allow us to

Even if we cant boot it up

Do I have to compile anything in this case?

Ios 14.4.2 can always be booted up

Can't we manually insert sep

And I can go back to earlier ios 14 versions if needed

You gotta be joking rebel

No

as long as we can get seputil we can run arbitrary sepos

@zinc moon try DFU restore to latest, then jailbreak (prob. w/ checkra1n) use divise to tether downgrade to 14.3, then make a custom profile that allows you to update to 14.4

pretty sure

Blackbird is a thing

And Checkm8

@zealous bridge see we can load SEP, we just can't load any SEP

No ios 14 version works with divise and I’ve done all the above

With iOS 13.7

oh

Or atleast tried to

They downgraded bb before why can't we downgrade sep

If you can locate for me where IPSWs are stored for divise

then I guess we try to somehow replicate Succession downgrades?

I’ll get an iOS 14 one

nah im saying if we can pwn a10 sep with blackbird and get seputil to keep clearing the sepnonce we can eventually get an interface with the arbitrary depos

at least i think thats how it works

This is our first, and most confusing roadblock

tbh

If we can get this working we can try everything else needed

do succession downgrades even work and exist?

@zinc moon well @sacred estuary did it

why dont just wait for futurerestore to update

pwndfu

If we could somehow downgrade sep with blackbird and Checkm8 everything would be solved

Jit tripping

huh

Ok so

what device does sloopie have again

Do I just insert an IPSW

And spoof iOS

Think it was A10 or something

I can check in Sileo server

So iphone 7?

why can't we just use divisé like a normal person lol

Nah iphone 17

We’ll see

Froggy carrying divise just like he carried frgui

It’s 1am and I really want to sleep

But this convo is too interesting

We need some proof with this succession shit

I’m just thinking of how I’d boot the device

True

Or replicate

Is the location for succession IPSWs /media/succession?

Or is that a DMG

ipsw i think

I’ll check with filza

lemme check

Tanbeer is there no way to downgrade sep even with checkm8 and blackbird?

/var/mobile/Media/Succession/ipsw.ipsw @zinc moon

idk, someone needs to test that

I think divise stores it there, in that case

i have a pretty good picture of how it could be done

Divisé is a fork of succession :P

but idk knowing our luck

froggy stop carrying divisé

What does ipwndfu do? Keeps current sep while downgrade?

If we get all this bullshit to work

What would we prove

@low summit you can load arbitrary SEP on A8/A9 w/ blackbird

no it exploits dfu with checkm8 so you have arbitrary code execution

What about a10?

i really wanna load pongoos somehow

and just pwn that way

I found the DMG where divise is stored

But only A10

Fuck gotta go find the message again as I accidentally copy pasted the text of the message and not the message itself

or t8010

It's literally succession just made for downgrading, I will keep carrying it bc it's literally what we should be using lol. It's like using a bucket to water plants when we have a watering can

Froggy loves divise

woah shiver me timbers

He's obsessed

Someone’s passionate

@lilac wren well I mean @zinc moon has issues with Divise

Sometimes a watering can is what you should try in case of a broken bucket

Succession probably is better

At least someone got it to boot

Since I already have the DMG of iOS 13.7 should I try to get it to work with succession

Although the laptop isn’t w me

@stiff hazel also whos making the exploit for A8/A9 cause that shit aint public yet

Only the vuln is

no he has issues with PyBoot because his cable is broken

@zealous bridge isn't blackbird public?

@zinc moon what ur 8 on again?

Divisé does its job perfectly

t8010’s exploit is open source in pongoos

the vuln is

not the exploit afaik

14.4

LOL

Blackbird supports a10 or no?

you can check pongoOS but according to github issues its a10 only

@lilac wren his cable is fine probably

It is

His shit is fine

It's divise problem

fine go ahead

let me just copy this chat link

Lol

Guys you’re making froggy cry ):

Froggy

#554064188243181581 message feel free to scroll 36373822 messages or so I'm not in the mood to go through 2 billion messages

Mb

Lght fine froggy I'll test divise lol

It's a long fucking conversation so like

I wish the laptop is with me

Becuase succession can restore and try it rn

@zinc moon didn't your mother or father destroy it?

Laptop?

Nah

No

oh

That's his ipad

My mom never has her stuff touched

lol

Didn't they also destroy a laptop or were you not the one who sent that image of a broken MBP?

That old ass Lenovo laptop

It was kinda shared

Yes they destroyed it

#554064188243181581 message

I'm scared of ur dad's destructive powers

after this they bootlooped and used checkra1n cli

Tanbeer still got my rant on Ota not working?

@lilac wren is anything needed to boot up succession

which i didnt know could get you out of a bootloop before so maybe that could work

Go into DFU

And restore

I’ve done it like 10 times with this 7

lol from: phonerebel666 ota is all you need

open the app

Over the past week

go into dfu and use checkra1n cli

I meant like Pyboot or anything

thats what you need to do

idk why i said successioncli

@lilac wren I gotchu with divise lol. I'll test tmr

Don't think they bootlooped, think they successfully did it

anything that bypasses sig checks, checkra1n will jailbreak you but pyboot should just use the exploit to boot

ok

they did

#554064188243181581 message

It’s doing it rn

they got out of the bootloop with checkra1n somehow

WHAT

succession is doing it’s thing and the laptop isn’t even w me

wouldn't it bootloop if it's tethered or shit?

and now using a bulldozer to move a pebble -_-

It should on the first try

But then

You boot it up

you boot it using checkra1n

Checkra1n CLI, ramiel, pyboot

well they used checkra1n and that worked

Didn’t for me

Sigh

well remember you tried divise instead of Succession

nvm it didnt

And Succession is pretty shit

they still bootlooped after the ota

LOL

Restoring succeeded

Rebuilding icon cache

@stiff hazel they didnt even succeed in the end lmao

When I wake up in the morning I’ll restart it

And try check CLI

They just managed to save usable 14.3 OTA blobs

WHAT

Yeah no i can’t find where they were successful and i sifted thru the whole thing

OTA blobs though?

The PoC doesnt even exist

I believe i did say ota blobs

it's signed...

oh I am blind

wdym

They managed to go to ios 14.3?

yeah but they bootlooped after rebooting it onc

@lilac wren yeah i know they just saved the tss response

If they got the OTA blob that’s all that matters

meant to reply to Dabezt's "WHAT"

and added managed and bcert

oh

Signed?

As in, at the time?

If a version is signed you can save blobs for it, not much of a surprise

It’s still signed

Lmao

14.3?

yes

yes lol

Wdym

how do you think people are updating there

It’s signed

OH

I have 14.3 ota blobs too

The OTA thing

what if I succession into iOS 14.3 then

yep I'm legally a dumbass

wait they saved ota blobs

What did you find out now

what did I miss

that sloopie wasnt successful

yeah ota blobs

@zinc moon that the PoC didn't work but they saved blobs

did we find a solution for going to iOS 16

yes

nice

@zealous bridge I’m confused

we hack samsung smart fridge and sniff private key

You saved ios 14.3 is signed but only under the current situation so

said*

You meant systeminfo?

Well it's still a valid OTA blob

what

14.3 is only signed OTA

So we can use OTA blobs on A10- right?

gl using it

What??

Didn't Cryptic just try fixing this

futurerestore pwndfu is so broken right now

try being the key word

@zealous bridge what about eta wen fix

there was one a couple days ago

but fdr has plagued us

and dabezt couldnt even send valid ibss and ibec

nyu managed to go pretty far tho

what about onboard OTA's? Wouldn't work with the theory but it exists

Cryptic got that error too

sure if you’re one the version

!t onboardblobs

isn't that what Sloopie saved

no

@lilac wren sloopie I think saved normal OTA's

oh they just got tss

they saved the tss response

@lilac wren @zealous bridge so basically it kinda works if we can get OTA blobs to fucking work

Maybe

why doesn't it boot untethered after OTA

great question

lol

This right here is a million dollar question

If there’s anyone who got a divise downgrade to work here

@royal flint might have answers

Can they OTA

hi

what is question

@royal flint hi see above

you can't downgrade because SEP too high

We're aware

because while tether downgrading ig it patched a lot of stuff and ota being ota didnt unpatch it and everything just got fucked

sorry link question then

but it's signed now

so why wouldn't it boot

@royal flint

it’s not about whether its signed or not

on device some iboot checks were patched

and ota naturally doesnt touch that

but you're not using the patches anymore if you boot without checkm8?

i have no clue, i have yet to actually do anything with blobs lol

yeah

does OTA not update iBoot?

they’re probably tailored to the version it’s booting

no lol

@royal flint tether downgrading doesn't involve blobs so

iboot isnt in rom

@royal flint what did you say

brug

just dm me it

They said

sure

and then iBoot

holy shit

Lmfao

REI HAHAHAH

LMFAOO

What the fuck

Was that

thats jokesss

anyways iBoot is on ROM I think

it isn’t

bootrom and iboot arent the same thing

guess I'm wrong

bootrom verifies iboot

yes but when downgrading with divise or succession, you're using an unsigned iboot, but you're saying the OTA doesn't update it or sign it like an iTunes / Succession would?

but iboot is just the bootloader

essentially second stage of boot then, I see

i dont think tether downgrading downgrades iboot either

just patches it so it doesnt check the firmware

yea idfk about downgrades lol, my jailbreaking knowledge is pretty limited
i haven't really explored it

and after ota the patches remain

@red sleet can I ask what message sent got filtered from both @zealous bridge and @royal flint as well as why

Tanbeer

Give us a summary

If that’s okay

Basically

We said

ah so in a tethered downgrade iBoot refuses to boot the firmware unless checkm8 patches?

Well dhinak said

And i tried to recreate

“I’m pretty certain iBoot is in ROM”

if you remove the space between sure and iboot a substring matches one of those junk software stuff

this?

yes

HOW

the two letters at the end of sure

and iboot

=

banned

yes

Essentially

wait so you can't say "sure iboot"

yea

Nope

checkm8 temporarily patches iboot though? otherwise it wouldn't boot normally when untethered

wow

Lmfaooo

lmao

what’s this oppression

lmao what

Wait

iboot

ok so that’s not filtered

guys stop with the hate speech >.>

It patches it temporarily yes so you can still load an unpwned kernel

then wdym the "patches remain"

like iBoot is still the patched one?

tethered i’m guessing patches it more permanently

harass GIR I guess

due to the nature of checkm8

i'm checking the filter list

since ota won’t touch iboot while its upgrading iboot will try to verify a genuine os thats installed

but remember thats been patched

probably a piracy tool

i dont think its piracy but just dogshit

Think it's either a piracy tool or a bypass tool

lemme check

probably dogshit

@low summit

woah

lmfao

you can fix it but at what cost?

$9999.99

Shipping and handling not included

@lilac wren
normal iboot:
bootrom > iboot > userland or whatever
patched iboot: bootrom > patched iboot > custom userland
in a patched iboot, it will refuse to verify anything unless it’s exploited with checkm8 in order to prevent bootloops
because ota does not touch iboot, it still refuses to boot even when a genuine os is installed

yeah so why is iboot still patched after ota

because its not being checkm8ted

when you force reboot with checkra1n iboot isn't patched permanently

so why do you think ota has it still patched

tether downgrading and checkra1n is different

because iboot is a step above ota

or whatever ota updates

so you're saying succession places a patched iboot there?

ig it bypasses some sort of sigcheck

nah

or at least when its booted

succession is for just cleaning files, does not touch anything to patch it

remember it's not even meant for downgrades

yeah maybe the os is installed with succession but when it’s booted the patches are applied

since you can’t boot it without checkm8

so if the patches are applied when booted with checkm8 lol how come they don't persist on hard reboot but only on ota update? it doesn't really make sense

because checkra1n is just vanilla checkra1n with a temporary patched iboot (tbh it might not even be patched since checkm8 is a tethered exploit anyway)

When you boot with ipwndfu (which is checkm8 but with added steps) it’ll add more permanent patches to iboot

bypassing sigcheck and whatnot

thats not required for a jailbreak

you do need patched iboot for a jailbreak

it is patched

sorry i meant bypassed firmware sigchecks*

not just userland checks

think about it why would you need to bother bypassing TSS for a normal boot to your current version?

TSS is never contacted on boot

exactly

So you don’t need to bypass it

So since i have 12 Pro Max, (A14) i can't downgrade my phone at all? 14.4.2 wanting to go back to 14.3

you never bypass tss except if you're trying to FutureRestore to an unsigned version

you bypass tss with tethered downgrades too technically

then you're not really bypassing tss just not touching it

Since you’re also loading unsigned firmware

even then that’s technically not a bypass since you still need blobs from the tss server

I mean sure, you're not really bypassing TSS though if you just choose to not sign it

Saying tss server is redundant

tatsu signing server server

Lol

Exactly

Yeah i just meant by definition

nah real people use Apple Internal signing server

you don't bypass TSS for an untethered boot either just for installing it ig

after a restore you don’t need tss

exactly

iboot will act as the verification tool

which is why it needs to be patched

you do technically still need some sort of blob

yeah

which is also why i said if you bypass iboot you’re also bypassing tss technically 😎

but not permanently, only when you want to boot it

iBoot verifies the blob

if it’s the only os installed then yeah every time you boot you have to exploit

You only have to patch the first time

At least I think

i feel like that's not how it works though

because think about dual boots

you can't permanently patch iboot if you want to boot into normal

you can’t even exploit iBoot anymore if you are even thinking about that

lol

wait

you’d need a bootROM exploit

So since i have 12 Pro Max, (A14) i can't downgrade my phone at all? 14.4.2 currently

so say if you dualbooted with divise

no

you can’t

okay cool just wanted to make sure

now i wait

Component -> img4 -> im4m -> component signature -> decrypted -> verifies hash matches

and you boot into the dualbooted os with pyboot or whatever

that is what we're using

can you hard reboot

and go back to the normal one

yes, it will boot up normal signed one

are you sure

yes

it’ll only be tethered in the end

Unless we update to a signed firmware though? That's what we're wondering

@lilac wren it uses different partitions

so it only needs to be patched for the specific partition maybe

if it has some sort of blob that iBoot can verify then it will be untethered

Are you saying there's an iboot in each partition

Unfortunately even though it's present it seems to still bootloop

No i’m just saying iboot being a bootloader can deal with different partitions

If we can remove iboot patches after we upgrade i think we can get it to not bootloop

So if it gets patched permanently for the specific partition, wouldn't it fail the sig check from bootrom after normal reboot?

If it gets patched it’ll only be when booting, so iboot can load up the main os fine

Only when booting through pyboot / Ramiel etc?

yeah

So I'd assume the same for the tethered single

aka only when being ipwndfu’d

oh i see what you’re trying to say

yeah in that case idk why its not like that for tethered downgrades like it is for dualboots

Yes I don't think it would ever be permanently patched

but then again the evidence is against you

True

unless you can think of some other theory

I just feel like it's another issue because this one doesn't make practical sense

but what else do tethered downgrades even touch?

Is there a console for booting lol

we know thats the problem

pongoOS maybe

you’d have to make your own pongoOS module

it’s open source anyway so not that hard

useless ones to us at least

do you have any theories as to why it started bootlooping after you ota’ed @sacred estuary

1st would be untrue since 14.3 is signed

For 1, you updated through ota without bypassing anything which means it had to be signed right

no i’m talking about after the ota

Yeah but we mean after the OTA update from tethered

that shouldve signed just fine

i don’t think it’s 3 since 14.3 sep should work with 14.3

I’m like 90% sure it’s smth to do with iBoot

Well ofc you can’t

succession wouldntve

but pyboot wouldve

or checkra1n (tethered)

Do you think iboot is only good for 14.4.2/the version you were on before the downgrade?

And is iboot touched in succession or ota restores

what are ota restores lmfao

Here are the different ones

So if succession doesn't touch iboot then it won't work from iboot to 14.2 right, then after OTA if that doesn't touch iboot you're still on 14.4.2 iboot trying to load 14.3

spoofing 14.3rc already works anywya

What would that prove

Succession definitely doesn’t touch iBoot

Actually thinking about it

doesn’t OTA have to upgrade iBoot too?

Exactly

there’s so many different ones

but it does touch your mom

oh god not you too

Go away jtv

jtv started this cancer

blame it all on him

yor mom

Oh hold on

Lemme guess

It can’t downgrade SEP

and it can’t downgrade iBoot either

wow

how useless is OTA

probably can’t downgrade baseband either

well, OTA isn't supposed to let you downgrade at all, but I'm pretty sure during a normal upgrade it does update those components

Is there a checkm8 thing to just load custom iboot then?

you were kinda de facto

by patching it it’s not the same anymore

yeah it’s called PongoOS

which is why ota bugs out

I'm still annoyed at myself for ruining my perfect 14.3 but I know eventually it will be irrelevant if one of these happens:

• FR pwndfu restores are fixed
• new exploit is released for 14.4 and Taurine is updated
• checkra1n team manages to get the SEP exploit working on A11 (this is the least likely option)

Then let's just use pongoos to choose 14.2 iboot then ota

Still wouldnt work since you have to patch and ota will try and verify

and fail

Yeah because instead of iBoot iBEC was sent instead

wait that still doesnt make any sense

how did you even get it to verify then

or maybe it doesnt verify but it doesn’t know it can and just bootloops you

verify iboot

Yeah ig

I'll probably always update to the highest jailbreakable version anyway (unless the only JB is checkra1n with no SEP)

How did you even end up restoring anyway? I know you said while trying to test out some theory but never got any exact details

Fair enough, but that begs the question

Why isn’t SEP checked in the update partition?

I just OTA updated from 14.3 to 14.4.2 and then tried spoofing systemversion but the 14.3 update failed to verify no matter what

oh wow

that was a stupid idea

especially on your main

true but I mean the onboard blobs should work once FR gets fixed

like we know they're supposed to work now

just pwndfu is broken

@sacred estuary and why didn’t the restore error out in the middle once it failed to verify

pwndfu restore causes SEP panic even with fresh 14.4.2 restore blobs

I’ve established that already, the problem was with albert.apple.com and activation servers

yeah I was on 14.3 (18C66) with 14.3 SEP, and successfully OTA updated to 14.3 twice by spoofing the build to 18C65

I also did the same

Never did anything rash tho like freakin’ update to 14.4.2

true but I don't have a second device to test on >_> I only did it bc I knew I'm supposed to be able to go back with FR or just live with no SEP on 14.4 for a bit if all else fails

at least this isn't A12 like when I kept updating my XR and missed the JB lol

True

it's really weird bc it's the same as the checkra1n SEP panic but according to Siguza it shouldn't affect restores

https://twitter.com/s1guza/status/1308530897843638272?s=21

3rd one sounds a lot like the dfu mitigation in 14

Do you thing it could be a communication error between futurerestore and SEPOS?

Or is SEP just always non-receptive

not sure

I think Cryptic used serial to get SEP logs? I may try that tomorrow

He did and he posted them

FDR was during ramrod_wait_for_sep_load

bruh I think my X's proximity sensor is kinda fucked

it keeps turning off the screen when I'm using it in bed

proximity sensor?

yes

Omg my old iP7’s was like that too

I didnt even know it was the proximity sensor so whenever it turned black i just hard rebooted it

apple designing shit ftw

lol

in a perfect world, this is how it should go:

executing /usr/libexec/seputil --ping. SEP OS is booted```
but for some reason, we get:
```entering ramrod_wait_for_sep_load executing /usr/libexec/seputil --ping 
seputil: ping failed
Warning: Attempt to send message to SEP in non-receptive state executing /usr/libexec/seputil --ping 
seputil: ping failed
Warning: Attempt to send message to SEP in non-receptive state executing /usr/libexec/seputil --ping 
seputil: ping failed
Warning: Attempt to send message to SEP in non-receptive state
ERROR: SEPOS was not booted```

No like you install the 14.2 iboot, unsigned, so you still just tether boot to 14.2. Then if the issue was that the 14.3 ota couldn't downgrade iboot, now it can upgrade it right

joe

Who's Jeff

jeff name

the fact that you have to patch it to boot means it’ll be changed, and verification would prob fail

Then how did sloopie ota update #1, #2 how come you can actually ota update while checkra1n jailbroken if it's "patched"

no idea how they actually managed to do it, possibly verification is in the update ramdisk itself?

When patching iBoot though you're just telling bootrom to load your own iBoot? You're not changing the real iBoot though, so why would it fail verification?

wha?

lol you are changing it

You never actually permanently modify iboot

This is what I was saying

Yeah not permanently

It doesn't make sense to do that

Can you even update while checkra1n jailbroken?

Are you sure of that

So what, you're saying when you're done exploiting it changes it back?

I know it can download update prepare and get a valid blob from tss, even with bcert or whatever

While jben

the nature of the exploit is that it has to be run every time at boot

so whats the point even patching it permanently

except for preparing bootloops

So ^

nah i don’t think it does, rather the way it’s patched it’s just exploitable once then the patches are void

once a reboot occurs

but thats just complete guesswork on my part

but it is something similar

Ok so yeah i was completely wrong

Theres an iBoot in the OTA zip

so it definitely does upgrade it

Ok so that definitely changes things lol

Cryptic pls help us

its a kernel thing

the 14.2 issue is probably caused by new fs shit so same could be for 14.3 OTA prob

@valid adder How is iBoot patched without being changed permanently, are we telling bootrom to load our own iBoot, or are we modifying the current iBoot, or just like "hooking" into iBoot's code and changing/disabling some things it does without changing iBoot itself. And if it's the latter, would the iBoot still be considered untouched and the signatures be valid

restoremode has always been remote boot

What does remote mean in this case

remote boot(restore mode): Bootrom -> (iBSS -> iBEC -> iBoot -> SEP, Kernel) all uploaded and booted externally
local boot(normal boot): Bootrom ->(iBSS -> iBEC(falls back to LLB) -> iBoot -> SEP, Kernel) all loaded and booted from nand

when you load each stage, in the main log it says remote boot vs local boot

https://twitter.com/Cryptiiiic/status/1343308044239659008

oh right

so the iboot loaded during restore isnt the same one as the one currently installed

doesnt it go through personalisation or some shit

you can boot directly to nand bootchain with ipwndfu given the correct calls, a few runtime values need to be changed and functions need to be called to get from pwned bootrom to local boot

How is SEP and Kernel also remotely booted

Shouldn't that always be an on device thing

that explains the bootrom, but what about the next step of chain? what actually happens to iboot when checkm8 is run

Probably from the ipsw

Can we get this log during an OTA update or if it's bootlooping after the update is completed

I thought restore mode was just iboot doing its job to restore, when is SEP or kernel every booted here

just verbose via checkra1n unles a12 a13 rip

Verbose boot before starting an OTA update? Or after when it's bootlooping

every firmware component is loaded during restoremode afaik, it needs to be personalised then sent to the device

How

Some pirated software shit

And with that I shall depart

4am

👋

Gn

bootloop

Ok ty

Sleep well!!

nah, iBSS, iBEC, RestoreLogo, RestoreDeviceTree, RestoreTrustCache, RestoreRamdisk, RestoreSEP, and RestoreKernelCache. There is a "loaded by iBoot" thing as well on the X its "ISP"

@lilac wren /cc

Oh right, SEP and BB are always personalised then sent over USB

Ty

https://github.com/marijuanARM/idevicerestore/blob/master/src/recovery.c#L148-#L263

^

@lilac wren @zealous bridge entering restore mode

Ty ily

the 14.2 fdr sep panic occurs post enter restore

when RestoreSEPImageData is sent to NOR

most likely a change in 14.3

fixable just hard to investigate

Conditions for this to happen? I assume it doesn't happen in any normal restore or update?

a11+ on 14.3+

And it can just happen in a normal restore?

wym normal restore

Like literally restoring your device, A11 14.4.2->14.2

*edited

idk I don't want to leave 14.3

Oh lol

because I need passcode

I thought you don't jailbreak?

I didn't jailbreak because I need to remove my passcode to jailbreak

but with taurine I don't have too

Ah ok

I wasn't gonna use unc0ver and checkra1n needs passcode removed

so thats why I didn't jailbreak for months

Yeah I see

hi could someone to me please?

I'm getting an APNonce doesn't match AP Ticket error

I've set my nonce already with checkm8 nonce setter matching the generator in my blob

Use dimentio

I'm trying to downgrade from 14.4.2 to 14.3 iphone X

do i need to jailbreak to use Dimentio?

Yes

I don't really want to checkra1n as i'll lose faceid?

Ur just jbing to get the nonce set

With dimentio

ok so i can jb using checkra1n set nonce with dimentio then restore rootfs

the downgrade

Yes

then jb with taurine?

is that all correct?

Once ur on 14.3 correct

yup

ok I'll try that

I've been stuck here for 24 hrs

U know how to use dimentio?

U need new term or ssh

I don't but I can google it

I'll jailbreak then install new term

U just need terminal yea

And then sudo dimentio

[[dimentio]]

ok thanks

do you have any idea why checkm8 nonce setter didn't set my nonce?

No idea I have always used dimentio

and after ive jb with checkra1n downgraded then jb with taurine my faceid will work again ?

Yes

ok thanks I'll do all that no

now*

I've opened checkra1n and it says "Sorry, iPhone X (Global) is not supported on iOS 14.4.2 at this point."

any idea what i can do here ?

Options

Enable untested version and skip abr

Make sure ur passcode is off too

yeah I've turned passcode off already

and find my iphone

and signed out of cloud

U found options?

yeah i'll try those options now

will report back

!t passcodestate

done using 12.2 I didn't get that error

installing cydia now

OK nice

do you happen to know what repo new term is on?

I believe default repo

It's new term 2

[[newterm 2]]

ok I've run su

dimentio (my nonce)

it ran some commands and seems to be set

last line says set nonce to my number

am I good to use checkra1n to rootfs ? or is that not needed?

Rootfs yea

ok doing that now

will fr after this

I think its working now I'm extracting filesysten from IPSW now

kept getting that error before this step

if only I had known to set my nonce before hand -_-

I tried updating to 14.3 using the profile but it kicked me into recovery and i couldnt get out unless i updated to 14.4.2

Lol

Yea use dimentio to set nonce

It's better

yeah I'll do that on my other devices too

thanks so much for your help

you're a lifesaver

Np

I think it's almost complete now

Done: restoring succeeded!
FutureRestore process ended.

once again, you're a legend thank you

Nice nice

Np

?????

It’s not harmful iirc but if he was just normally FRing what was the need for him to restore rootfs

It’s broken for whatever reason

Nah if you u

U need restore fs

Bro it doesn't matter

I’ve done the process 14 times now and I’ve never had to restore rootfs

But yea true it doesn’t matter

He already rfs before nonce

So he has no tweaks anyways

Although I was confused as to how nonce stays set

Even if you restore roots

Checkm8 is just broken

U need dimentio

True

It's like Ota. Supervision stays

After rfs

Oh

But hey atleast someone needed help, lol

Honestly he didn't need to rfs but he was already doing it

True it doesn’t harm

I mean he only really needed help with nonce

Other procedures he was pretty savvy

He did it pretty quick too

Think he was on Mac

Doesn’t matter

Except if he used OTAs

Which he clearly didn’t bc he needed to set nonce

He tried Ota from 14.2 to.3

Failed and ended up on 14.4.2

Then he fr back to 14.3

LOL

Wait

If he had blobs

What was the need

Idk Ota easier

For him to OTA

respectfully

kinda agree

No comp too

But

OTA will be slower in fr

In any case

Fr took like 5 min for him

lol

the actual process

On the computer

Takes like 5-7 minute

What takes longer is for the restore on the phone

To actually finish

idk fr took 10 mins iirc

It took 6 minutes for me

One time

Glad it worked for him

Same

Too many people come here with invalid blobs

Or the fact that they can’t even use those blobs bc SEP and BB

Lol he even know what his generator is

bros smart

He knows if it's valid

I’m just wondering

How the fuck

was the checkm8

Nonce generator broken

I mean why not just use dimentio

Feels more secure anyways

True

But the checkm8 nonce setter

Made FRing without a jailbreak possible

You know those old nonce setter apps?

Yea those are complete shit tho

Might as well use u0 at that

Point

LOL

A lot of ppl liked them

I wonder where they went

Dimentio is dumb ez honestly

Fr

It's perfect with tss saver

One stop

True

@low summit I feel like

There are 5x more people who save blobs

Than people who know that they’re for FR

Ppl always told to save blobs but never told why

I mean blobs are a thing before fr

Yea

But

Do they have any other use

Right now?

Blobs was always for downgrading lol

What was used

For them

Back in the day

Like what tool was there to downgrade using them

Redsn0w

ITunes

idevicerestore ?

Oh

There was no sep back then

So it was simple

I think whoever made tiny umbrella then

Made it for blobs

No bb on iPads too lol

Blobs died for awhile

When Limera1n died

Then it came back on checkm8

With cydia server and Limera1n back in the day it was easy to use blobs

Now it's hard af

Mad errors

fr

well

That’s the case only if you’re on A12

Sileo needs a menu to show you your ECID

Pwn dfu wasn't a hassle

It's one click

@lilac wren could I have used this

To boot up the phone

Then u could use stitch blobs

This is an option on fr’s GitHub page

Think froggy sleeping

Oh

It's 2 LMAOOO

hold on

Checkm8

Works on ALL iOS devices for all pre A12

Right?

Yes

So does checkm8 nonce setter

Have a min ios

I think the min os for Checkra1n

Which is 11?

That’s different

Checkra1n’s is 12

OK 12

Anyone fr from 11 to 14 before?

A lot

If you’re updating SEP and BB don’t need to match

OH

So when checkm8 nonce setter

Gets fixed

Downgrade and upgrade

This post is missing shit

It can be used on every single Checkra1n

able

device

Remember when ppl just used u0

To set

It was so garbage that pwn made an app

To set noncd

Separately

Odyssey didn't work with dimentio too

That was a pain

Or was it tss saver?

??

Wdym

It crashed

When u hit save blobs

Until taurine came out

Didn’t know that

Lght time to sleep bye

@zealous bridge other than checkm8 nonce setter there were was to set nonce without a jb right?

Goodbye

yeah I tried to do OTA because it didn’t require computer.

I was on 13.5 so the steps I was going to take was to install reprovision reborn then sign Odyssey and Unc0ver (can’t sign Taurine on 13.5)

Rootfs with Odyssey

Do an OTA to 14.3

Jailbreak with unc0ver (that’s why I signed this earlier)

Install Reprovision Reborn again and sign Taurine, Rootfs and jailbreak

all done with no computer

I’ve done this on my iPad.

but for some reason on the iPhone X it put me into recovery trying to update OTA

luckily I had blobs saved. But even when I got access to a MacBook I ran into a lot of issues

I already rootfs and tried to OTA before I knew about the nonce. I thought it was only A12 and up devices that needed to set nonce

Which were?

Well, first I tried to backup my iPhone and at the end of it I got an error saying it couldn’t be backed up. Kept trying after that with the same error but now it was at the start of the process.

Figured out the laptop didn’t have enough storage. So had to get permission to remove things so I could get enough.

Once I had enough I was still getting an error. Restating both iPhone and Mac fixed this problem

then I tried to download and run FutureRestore GUI. (Btw I’ve never used a Mac so had no idea what I’m doing)

It wouldn’t run. Was stuck at starting process.

downloaded IPSW and blobs plenty of times

in the end I found out I needed MacOS to be at least 10.13 and this Mac was 10.10

there was an application saying I could update to Mojave. I clicked on that and it was giving me an error saying it couldn’t update.

I saw another application saying I could update to Sierra 10.12 so I clicked that and did that update

after that update process completed I tried to Mojave one again and it threw up the same error

in the end I deleted that and just downloaded a fresh one which worked

What mode

I’d the laptop

It’s a MacBook Air I think about 7 years old ?

I was also getting some error trying to run FR about some file not being there lib or something

So I installed Homebrew and was about to follow steps to install all the dependencies for FR

It doesn’t support Big Sur?

I think it does. But it’s not my MacBook and the owner doesn’t want Big Sur

don’t ask me why LOL

I have no idea

Strange

Big Sur is literally 20x better than 10

I’m not sure but it’s not my Mac so could only update to what they allowed

after all that. That was when I was running into issues with the nonce

it looked like checkm8 worked so I thought I set the nonce properly and couldn’t figure out what I was doing wrong

after three attempts with 14.3 and 14.3RC that’s when I came here to ask for some advice

Lmao

futurerestore is statically compiled, you don’t really need the dependencies except maybe libusbmuxd

libusbmuxd def needs to be manually installed

yeah I didn’t know any of this as I’ve never used FR before

I don’t know why it doesn’t come packaged

alright

in a situation like this it’s best to just start from the top again

so you can figure out where you’re going wrong

@zealous bridge wanna see something cool

sure

Look at that burger bro

I just saw that lol

Lol

LOOK AT THE FRIES

Tbh i just woke up i’m not even hungry

I’ve been eating rice for the past week of Ramadan

I had subway yesterday

And I want something good

Lucky

the library does, but the usbmuxd daemon can't really be packaged together with futurerestore

O

it's in basically all package managers anyway so

dead chat

@zinc moon

Yessir

video uploading one sec

What I mainly wanna do rn is like

Make it submit

To shsh host

I can make it install dimentio first

Legit tripping BRO

Make it do that

Tanbeer you’re smart asf

ok done

@zealous bridge

Am I doing anything wrong here

Show

Updating sources takes forever dont think i can put it in a screen recording lmfao

@zinc moon

Cute

Ok nvm bro went heli

@zinc moon

How are you THIS smart

Actually how about we tell beginners to use this

When they want to set nonce

Lol maybe

Need to perfect it first

I know but i’m used to the control centre way

Old habits die hard

Makes a ota delay profile where you can input the delay period

It’s @lilac wren ‘s

Ok

https://www.icloud.com/shortcuts/0bc2a73599ed4e2d86011731c2326db0

@zinc moon this is a literal super shortcut now icl

show LOL

one sec

upload speeds ass

@zinc moon and if they didnt have 1conan repo i got them too

WOW

Ngl

This is amazing

Meanwhile all I’m making is a can I jailbreak

How about we actually use that shortcut for whenever a beginner comes