#futurerestore-help

When will ios 14.4 and newest jailbroken -.-

it already is for A11-

We know

!t noeta4u unless you can use checkra1n

man is asking eta

@zealous bridge how much space does a kvm need

depends which one you use

If you’re going with simplekVm then 40-50?

foxlet's one

https://github.com/foxlet/macOS-Simple-KVM/tree/big-sur

yeah simpleKVM

ah

screw macos

imma chill for a couple years until apple gets amd macbooks

wen eta Windows Subsystem for macOS

why cant there be bootcamp for windows

apple is such a douche bag

Eh

MacOS is meant for Macs

Why would they go out of their way to make people buy MacOS and get it working awfully on a windows computer

hm

apple, pls make ryzen macbook

fuck intel and apple silicon

lol

tbh the only reason i want macos is azule

but theres no linux support

unless u can help me build some ipas 👀

What is azule

allows u to inject tweaks into apps

and sideload them onto jailed devices

Oh ok

How do you pad a print statement

-_-

is that swiftui?

pog

I don't think so

If you're using that terminal binary just include it in your Resources

yeah but are you using libimobile libraries or just the binary

then I'd just include it in Resources and path to it

idk

lib recovery has other dependencies

tf

why cant windows python detect base 16

@valid adder why windows python so shit

ooh nvm i need double quotes instead of single

@valid adder ez

BRUH

doesnt that require jb tho

not if you have your AES key

Which requires jb to get

^

lmao

just a weird gimmick

i mean, u could grab this with dimentio, but its cool nonetheless bc it uses ur AES key

It’s kinda cool tho because it literally takes apart the entire nonce entanglement process

Apple thought they were smort

lol

i mean, u need a jb anyway

to get ur AES key

yeah

My question is how did people reverse engineer this

true

Who knew you had to encrypt some super specific hex with UID to get some aes key to get some entangled generator to get ap nonce

probably cryptic

https://twitter.com/stek29/status/1093252326587072513?s=21

this was the guy who reverse engineered it

i think

Nice

Omg that'd be genius to have nonce using IV of current AP nonce or something

*Apple would be genius

eh with the way ios does aes even if you don’t have an iv it still manages to encrypt

which is why i was so confused about how IV could be NULL and still work properly

Current AP nonce of onboards

they use some kind of deprecated method

or they could just sign the apnonces

lmfao

Think about how smart that would be for Apple lol, you could never set nonce to anything known every restore... You could save blobs on 14.3, FR on 14.3, but then bam all blobs are now invalid

Wdym

i mean you can still replay attack in that case

as long as you save the final apnonce after aes encryption

Yes but only once

i’m pretty sure we could also change what the device percieves as “the current apnonce”

On checkra1n maybe yeah

so we can still manipulate the IV

But not on A12+

nah with any jb with kernel memory r/w really

we can literally manipulate onboards with current jbs

Hm maybe, super risky bc if you reboot you're bootlooped now though

nah not until you restore

and the next apnonce is generated using the manipulated IV

even then the worst that could happen is tss rejecting it

Wouldnt modifying onboards bootloop you on reboot though

they could put apnonces into hardware and attach it to the device’s chain of trust so it has to be signed by Apple for the iBoot to load it

why do you think that

Because it's literally your phone's ap ticket?

what did system info describe it as

“the signature attached to iboot” or something

ah so

Yes exactly

if that signature was modified then iboot wouldnt load

There you go

hm

That's why I said checkra1n only

ok lemme rm -rf /dev/rdisk1 rq

ok but

we could trick the device into looking elsewhere for the onboard couldnt we?

Doubt it

like when it tries to look inside rdisk1 we could redirect it to our own decoy thing that we manipulated

unless apple’s servers save everyone’s onboards i don’t think they can detect smth like that

Why can't we just trick the device into outputting a custom ap nonce lol, generator wouldn't need to exist

yeah apnonce is a really fucking pretentious thing like why can’t we just change you

especially on checkra1n why tf cant we modify apnonces with a frickin bootrom exploit

Ikr

You would think CFW would be able to do this or something

loading an invalid apnonce is one thing yeah (for example an apnonce that cant possibly be generated with any generator) but most of us literally have the apnonce values

it’d be correct if we tried

idk why but iOS-OTA-Downgrader keeps failing at the restore part

@zealous bridge onboards, either ipsw or ota don't work A12+ right, same with ota blobs?

Legendary

Same thing happened to me. When iOS-OTA-Downgrader got stuck, did anything show up on your iPhone?

nope, I used it on my iPad 4 and my 5s, it worked fine on the iPad 4 but it wouldn't work on the 5s

Hm. What did Terminal say when iOS-OTA-Downgrader fails at the restore part?

it had just switched to futurerestore when it failed. it entered pwnDFU fine and it was able to fetch blobs and download the ipsw.

@celest basalt where for you

wot

why would ipsw onboards not work with a12+

what’s brctl

whats up mfs

fell asleep after work lol

@zinc moon only use static linking if its cli, if its an app, just embed the dylib

yes but that has other dependencies

probably just that + page u had earlier

its like frameworks and libraries

and it should say embed or something

yes but good luck, librecovery is hard to use

hence why fr is still broken

the only thing u need in the left bar is librecovery folder which will have libirecovery.h

so it includes properly

like you dont have it yet or where to put it? @zinc moon

build it from source, shouldn't be too hard if you have procursus env setup

create a folder and say yes to physical dir

in left bar

add libirecovery.h to that folder

then in your c file, #include <libirecovery/libirecovery.h>

yes

is the app swift or objc

I have no experience there so ur on your own there but yes theoretically call the c function from your button's action code

yw

yep

if you put include there then you either have to package the source code or compile it manually for them

thats why you use prebuilt with the header already added

it will include if the path is correct

eg u have the libirecovery folder

on left bar

does CommonCrypto even work with Linux/Windows

I kept getting undefined symbol errors

when running the c code for aes

yes you have to put it in the working dir or in /usr/include

why u need commoncrypto lol

nah local is fine

you put #include CommonCrypto/CommonCrypto.h in that file

top one

ah ok

@zinc moon

make sure libirecovery shows up in build phases

add it

then maybe include <libirecovery.h> instead

@valid adder this means that the function doesnt exist right

@zealous bridge CommonCrypto is from apple

ye so it doesnt work on Windows/Linux

i think

well it's opensource

just use python tbh

ye probably

idevicediagnostics, ideviceenterrecovery and irecovery are all libimobiledevice

irecovery isn't

irecovery is libirecovery

https://github.com/libimobiledevice/libirecovery

yeah I mean they made it

but it's a separate lib

oh

can it upload them

like force convert to .icloud

so it doesn't take up space

i'm on 14.4

i don't have a jb lol

I was pretty sure they didn't work, let me check Nyu's chat logs

#jailbreak message

I think I am wrong

yeah as long as it has a valid ApImg4Ticket that matches with the IPSW BM it should be fine

@zealous bridge W.I.P

needs fixing

thats the one thing that is super fucking hard to figure out lmao

thats why we are at a loss right now

use dfu.c as an example from idevicerestore

it uses wait mechanics after dfu send

Remember you can wait through Swift itself, if maybe that's what you need

idevice_event_subscribe exists but apparently buggy and causes hangs on Linux

FUCKING NIKIAS BENSEN

FUCKING NIKIAS BENSEN

jk

hacky way if you're just gonna be calling the binaries you can keep polling for normal mode with idevicediagnostics diagnostics or recovery mode with irecovery -m

if you're gonna be calling the lib, you can either add a fixed sleep or just add a loop with sleep(1) and try to create a new device object until it succeeds I guess... hacky too but would work ig

I used the diagnostics command specifically in my script to make sure it's fully paired and unlocked so every command works

will switch to libimobiledevice Python bindings as soon as I figure out how to make diagnistics relay not crash the script

@zinc moon save my ass in #jailbreak ok thanks also good morning

irecovery -m

better that way

👀

need help fixing

its 4am

lol lemme see

tf did you do

not you

@valid adder you know you don't have to parse the key with python

the one that dimentio outputs is fine

only with openssl you have to reverse the byteswap

no byteswap is needed in all cases

well

?

your old one worked fine

unless you got the key wrong the first time

with the unbyteswapped key

yeah this then

yes

that was string edit

I wanted to do byteswap instead of string byteswap lol

well it gives the wrong nonce with byteswap

why are there 17 zeroes

somethings going wrong with padding lol

k gonna have a shower than try fix this

17

16 zeroes

this makes sure it has 16 and 16

tf

not like this bro.

this is not how you write code

aww

noooo

use the irecovery tool src as an example for c libirecovery calls

i think i know what you did cryptic

?

you're supposed to substring the aes output before taking a shasum

to 0x10

this is what the encrypted gen should be

the long gen aint even right lmao

on the libirecovery repo theres the library of course

but theres also the tool itself

use that for reference

The bridging header is the one thing allowing you to run c in switft lol

Ok lazy 😆

https://github.com/libimobiledevice/libirecovery/blob/master/tools/irecovery.c

that's part of libimobiledevice

hm

A radar

or a droplet

tree age measurer

onion

hula hoop size picker

low poly sphere

top view of curly spring

oh probably in a hex editor

since it's called go to bytes

dabezt struggling

Swift Sucks™️

ok fine dumb joke

ban

i suck at C

swift is rebranded c

Lol what

python is rebranded assembly

gm

python never used 3-4 byte instructions afaik

gonna sound like a dick but way more peaceful without sanji

-_-

unless you mean compiled ones

I was making an analogy to how you compared Swift to C

froggy is early woah

make it match

I'm EST

not random

same

how does C compare to Swift lol? it's very random

doesnt part of florida have different time zone?

I don't think so

then my parents are bs lol

let me check for you

they said the far east is different or something

your parents are correct

lol what?

far east?

central time is that

the yellow part

oh central

thats dumb

far west Lmho

oh apparently lousiana too

damn dabezt greping

tf is happening

oh alot of states have different timezones

EST best

the middle ones

that and pacific

the others dont matter

lol

pacific is important for apple lol

plebs using random time zones out here and me living twenty minutes away from absolute GMT

gmt is the best lol

is it always sun in gmt?

probably not lmao

the day is like 17 hours long now

Imagine being off topic here

bruh

thats pretty decent

bruh its always off topic

oh we dont have to imagine that

no real fr ppl

Lol

like one in a day

ur lucky if theres 2

lol

rip

my struggle

start with something easy like Python or Java lol

java is easy

can confirm

bro its dumb hard

failed the test

prob gotta wait for 14.4 ota for help at this point

how hard is swift compared to java

but u cant make the code

so

Swift just has a lot more concepts, Xcode is pretty bad tbh, dependencies and external libraries are not managed as easily, but code-wise? it's not really hard

java is probably easier

but java is long

java is easier than C or so i heard

100%

^

def

what abt c++

i mean if i pay attention lol java prob be easy

java is probably the best for a first language

but i dont

so im still stuck on loops

those are the only loops bro

at least in java lol

i dont know about others

fori loops

for while and for while

intellij makes them easy for you

also

is it for while or some thing while

learning swift sucks if u dont have macos

i forgot

is VSC better than XCode?

no lol

Vscode is just a slightly better text editor

isnt xcode the worst

idk ive never used xcode

vsc is pretty nice

it's not the worst it's just not a very good IDE imo... or maybe it's the compiler

do u even have the mac to code dabezt?

phone

who knows ur dumb

bruh

can u even code on phone?

......

i mean its just text

someone just needs to make it possible

im sure the ipad is capable

utm

bro we used to code on 3ds

utm for macos

it is possible

and get xocde

i coded on 3ds

yes

to get homebrew

u know m1 ipad is a thing

thats def capable

apple could but they choose not to yet

who knows in the future

not xcode bro just java

not years

probably 1 year

max

i said code in general

if apple wanted

not xcode

but apple doesnt want

ipads cant run replit?

yo u tryna code for a living too?

nah

im a math person

lol

so what u tryna major in

?

some engineering program

math is fun tf

i love math

its fun to solve problems

it is

i like math when its hard to me

i rather do math

and its satisfying to solve a complex question that u struggle with

no

its a shame i learn the same shit every year

its mad easy lol

true

asians dont cry at math

TRUE

ugh the fuck is my key

u learn math when ur 1 month born lmao

true

we learn to multiply b4 we count lol

nope

true

folklore is literally acing ap calc right now lol

nah

taylor series are so ass

Folky when is your test

bruh u not?

ap? june 9th

Ooh ok

whens urs

yo my cpa is june 8

:tro:

nice

Swift playgrounds exist for iPad just btw

nah bro i have to take the test lol

im not that confident

oh ye ive gotten worse

ive gotten beaten before

asian parents are worse

trust

beaten like more times i could count

true

scream > beaten

trust me

idc tho math is dumb easy

get good

is swift playgrounds good

fr

study hard

trust me the math in china is 10 times harder

TRUE

if u think us is hard ur fked

actually true

give hard question

ap is like middle school math in china lol

lmao true

bruh

imagine thinking us math is hard

so far i dont think ive had a hard math class before

us math is dumb easy lol

ur 13

ap is actually pretty challenging tho

true

so far

yep so far

if u think its not hard lol go to china

yea

yes

nah

thats mohamed

15

if i was 15 i wouldnt constantly complain about not having a job

im gonna work at tim hortons probably

i think they pay better than mcdonalds? idk

14 u could work in canada apparently

16 in the US

no idea yet, still have 6 hours lol

who cares

as long as u get paid

at least eid is in 2-3 days lol

eid gonna be live

yes but good luck having someone hire you

i dont have ramadan

me neither

Where I'm at in the US you can work as young as 14 as long as you have a work permit from your high school, you don't need a permit once you're 16 though

@zinc moon out here using Tiktok

Well it's true

oh nothing

If it's consensual lol

its illegal

What's 4%

I get that lol

At least in like 40 us states

Wow why do some many ppl disagree

i dont have a single attractive cousin

i think

at least to me

stop right now

thats just wrong

a lot of things are wrong about that

guys

we should stop

talking about this

Welp

this is #futurerestore-help

LOL

????

what did i miss

nothing

a really bad convo

tf

why does encrypting it then decrypting it give me different results

Ur cringe

shots fired

Lol

i wouldn't allow that personally

Can you disallow someone from liking chocolate

im sure there is a culture that does that

chocolate is king

You can stop them from eating it

But it won't change their mind

only dark

milk is too sweet

Agree

white is weird and not even chocolate

milk chocolate and white chocolate are good

nah

ewwwwwwwwwww

milk choco and white are so sweet

white chocolate is only shit if you get the weird cheap kind

Gross lol, white chocolate isn't even chocolate

wtf is dark chocolate

disgusting

the good stuff

ew

ew

dark is pog

I love dark

milk is so sweet

how tf do u guys eat it

the kind youve had it probably gross

bro i feel sorry for yall taste buds

but not good kinds

like hersheys cookies and creme

white chocolate and milk chocolate are the only good ones

or any hersheys chocolate bar tbh

also lindtor

white chocolate isnt even chocolate

like fr

dark chocolate in UK at least is so gross

I like I think it was 84%, but 92 was too much and 76 is like perfect

it has like 0 cocoa

white chocolate still nice

This lol

i dont like lindt‘s chocolate ball things but their chocolate bunnies slap

#futurerestore-help apparently became #chocolate-discussion

LMAO

Lol this channel is rarely FutureRestore help anymore

its just the cool kids channel

because nobody needs fr help

no one needed to use fr as of the OTA method

oh yeah by the way 14.4.1 is nuked off of Pallas

ye

we knew that like 2 weeks ago

no but I asked Dhinak to try shit

HELP SIR I CANT INSTALL IOS 13.7 BLOBS IPHONE 11 I INSTALL EVERYTHING RIGHT THEN STUCK APPLE LOGO HELP

thats an L

14.2 iPhone11,6
#818879231772983357 message

https://support.apple.com/en-ca/HT212322

We're aware

I just asked for curiosity sakes if we could somehow pull 14.4.1 in any capacity

and we can't

ye bc apple pulled it out

lmao

why does dhinak have dev role

@lilac wren is jealous now

have you seen his github

Ask @royal flint himself

who

frick imma check rn

lol

man carries the hackintosh community

Dhinak doesn't have dev

on sileo server

oh ok

hi

hello

zoey asked if i wanted dev so i said ok

hello

lol

@green onyx by the way he's a hackintosh subreddit mod in case you weren't aware somehow

his repo with the most stars is 24... lol what

yep ik

he carries hard

i just checked

also hes in the credits of the amd macos vmware guide

and everyone acted like it was prerecorded initially

https://github.com/dortania/OpenCore-Install-Guide

eta wen ryzen macbooks

quite a bunch of my stuff are in orgs

that's not yours though

he contributed

you would've done the same, man was a whitename lol

i think

oh yeah a bit

https://i.dhinakg.tk/msedge_2021-05-10_10-49-41.png

im part of the org lol

damn

@royal flint nice

kinda decieving

look at the + lines of code

oh true it's based on commits

yeah

https://i.dhinakg.tk/msedge_2021-05-10_10-50-53.png

lmao

pog

true

yes chocolate

Milk or dark chocolate

Gross

I love it

LOOK AT THESE NOOBS DABEZT

they said they like dark chocolate

so disgusting

bro i remember puking after having a dark chocolate KitKat

Did blocking you remove the friend lol

lol

yes

O_O

hersheys are so nice

only good american sweet

cookies and cream 😋

the same as everyone else

in the world

true

python really just said print isn't defined

by the way you all know that 14.5.1 changed SEP also (like 14.5 did)

yes but its compat still

compat with FR yes

but remember ota's are a shithole

@valid adder fixed it

this should be unhexlify(nonce)

yes

yes I think

90 days

= 14.4

made some fixes

why tf are you using re to remove 2 characters lmfao

just do new_key[i][2:]

lol ask cryptic

It might be because if the two characters dont exist in the first place then it shouldnt kick them off

But only if it does exist

they'll always exist

also hex returns a string, no need to call str again...

fuck it im improving this

don’t break it it’s sensitive

someone give me a nonce

bruh

just use 1111111111111111

for that key you should get 0337b781d620fb77f55ad47dedff79346c4fca231bc833f61b79beb1dd8b3c1b entangled

if you don’t ya broke something

Entangled Nonce: b'0337b781d620fb77f55ad47dedff79346c4fca231bc833f61b79beb1dd8b3c1b'

good

do a .decode() on the hex string smh

still cleaning it up

so whats new here with ota

from what i understand based on the code

#!/usr/bin/env python3

import sys
from binascii import hexlify, unhexlify
from hashlib import sha384

from Crypto.Cipher import AES

IV_KEY = unhexlify("00000000000000000000000000000000")


def hexswap(input_hex: str):
    # Aka endian swap
    hex_pairs = [input_hex[i : i + 2] for i in range(0, len(input_hex), 2)]
    hex_rev = hex_pairs[::-1]
    hex_str = "".join(["".join(x) for x in hex_rev])
    return hex_str


def parse_nonce(nonce: str):
    # Hexswap then pad with 0s to 32
    return hexswap(nonce[:16]).encode().zfill(32)


def parse_key(key: bytes):
    # Split by 8 (4 bytes) and hexswap each segment, then join back together
    return "".join([hexswap(key[i : i + 8].decode()) for i in range(0, len(key), 8)])


def entangle_nonce(key, nonce):
    AES_CFG = AES.new(unhexlify(key), AES.MODE_CBC, IV_KEY)
    entangled_nonce = AES_CFG.encrypt(unhexlify(nonce))
    print("Encrypted Generator:", hexlify(entangled_nonce).decode())
    return hexlify(sha384(entangled_nonce).digest())[:-32]


if __name__ == "__main__":
    nonce = sys.argv[1]
    key = b"72deca3fb43507da4882a5a46a991c37"
    entangled_nonce = entangle_nonce(parse_key(key), parse_nonce(nonce))
    print("Entangled Nonce:", entangled_nonce.decode())

@zealous bridge test it

works for me but

seems fine

@valid adder there you go

it’s already been tested

it worked but it was still tethered after ota

YP

YO

nice

BETA 3

beta 3

POG

Are we gonna have a beta 69 again

prob

waiting for the day when that will be real

Loll

what r the cmds for setings a generator on checkra1n

oh thats it

oki

thx ^_^

thought there was moe

more*

8.0 lol

wot

uh

Im going back after ofc

checkra1n on 8.0-

lol

5s

you cant

i cant?

lowest you can do is 12.1.4

https://ipsw.me/download/iPhone5,4/12A365

wat is that

of that 5c

oop

It’s an iPSW

...

ur kidding right?

thats the fuckingpoint of futurestore

yeah he is kidding, 8.0 is signed, you can restore to it in iTunes

i’m surprised you know that

and you don’t know about bb/sep incompatibility

ur right

or wrong

or both

👾

5,4

oh lemme check

That’s a 5C not 5S

ohhhhhh

🍩

Im not sure anymore 🤣

is it colourful

no

is blak

helll nahhhh

a1332

idk anymore what kinda phone i have

iphone 4

...

Bro

Whats the charging port

my bad

It looks like an iPad

Is it lightning or thicc boi

thicc

like ones for ipd

nvm

how could that possibly be a 5...

Imma just keep this device in my closet

lol

and leave it there till it worth like a billion $$

Uh

How tf are you gonna get on iOS 8

the highest is 7.1.2

Also

idk man

Im fucked up rn

What kinda checkra1n were you using

That works on iP4

a huffed some cheetoh dust

checkr4in

checkr-4n

u included the i

...

idk either

lul

prolly cause i didnt sleep last night

redsn0w

doesnt that sh!t not work?

or stopped workn

?

it doesnt work for 7.1.2

but you can use Pangu

isnt pangu for 9.3-4

?

thats the chineese apple right?

Pangu9 is for those versions

https://www.web.archive.org

Lol

https://shitc0ver.dev

real website

no

still 2 hrs

wat time is for yall?

oh dang

is like 1:30 here

p

m

sadly

no sex

yo damn some guy is using fr?

tf

i just realized the snapper 2 dev made 9k

Good tweak

too broke rn

Isnt that more like 10.5k

yep but i just looked at the 3k downloads

and did 3x3

decent approximation

Lol

Ig 1k is nothing to you

🤑 boi

hm true

Why is this real

That's awful

tuairne users in Sileo server made it

You can see who made it

Of course they did

Literal 10 year Olds

I never using a no computer req jb again lul

after i install checkra1n

Lol wasn't that far off was I

Lol the Contact Us is a rickroll

Lol

Wonder what kind of programer he is

Lol would make at least a little more sense if they were a programmer of an actual jailbreak, before the poop on someone else's

*programer get it right

Uh

Someone check please

@zealous bridge

ok

Systeminfo says unsigned

@solid basin

unsigned

Rip

I literally made this bot less than 10 minutes ago

Thought it bugged out lol

lol is it public

Nah it's on my raspberry pi + ifttt webhooks you need to sign in. If you find a better webhook with notifications then I'll open it

I could use Discord webhooks maybe

true

lol frgui log server

How often does it check

Lol frgui is on azure

And uses a real discord bot

Every 5 seconds

you finna get 403d by TSS in a bit lmfao

Oops

Lol

5 seconds

mine checks every 5 minutes

how rest0r 14 5 no boob ⁉️

okkkk

certified banger

@zinc moon literally read my status

i've had that as my status for a while too

just like your soul

Still waiting :(

@vivid nova accept it stupid

->

plz kill me

@vivid nova how about me

let's flood JTV with friend requests

yes

brb.. gunna unplug myself

gonna unplug your mom

already plugged yours

pls accept friend request

im pretty friendly right?

I should get demoted for not calling your mom back

wen eta

already ported

No, it's not released. It doesn't work with typing

so SSH > *

because of many factors

one which of course is the bluetooth integration issues with the keyboard

probably an easy fix.. but never-the-less still makes it unusable

and I don't suppose anyone would go buying a BT keyboard or fishing one from their PCs just to link up to their TV when they can ssh in and use whatever screen

Lots of people do

but to do so in order to run commands is futile

there is safari on TV

as broken as it may seem, you can browse the web and type

dales dead bug

so is safari

it still works with 10 tho

thankfully apples still signing it

it's not perfect, but the tweak works

If he finds out that his remote is different and the apps aren't the same.. maybe

however you can just pair his old one with yours

tbh, I don't think he cares unless he gets what he wants to watch

imagine signing on to google via apple tv

gotta go through captchas

prove you're human

I unfortunately, cannot.

I'm not worth proving

14.5 dead already tf?

bruh

ye

apple is so random lol

14.4.2 took forever

14.5 lasted like 2 weeks

lol

no they're not random

it's always unsigned 1 week after a new version is released now

not surprised when 5.1 is out and 6 is in the works

the only exception was like iOS 14.2 which was signed for longer because of the holidays

christmas/new years/covid

and 14.3 RC lol

yeah RC was an accident, but beta signing doesn't follow normal rules anyway

well, usually they're unsigned along with the stable versions, but 13.5.5b1 got unsigned when 13.6 was still in beta because of the u0 update

they didn't wait a week there

was unsigned like a day after the u0 update

all this time thinking that the signing window was an automation per 2 weeks, but Apple shuts it early on some firmwares

they can literally just tell the server to stop giving out signatures for a version

probably a .plist ngl

oh iOS-ota-downgrader finally decided to work

lol imagine if TSS ran on a .plist

how would i know

i don’t work at apple

yet

the newer futurerestore isn't compatible with it ig

ah that's what I did, I set the generator (even though it says you don't have to)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>UniqueBuildID</key>
    <data>dvn1iusZnR0Himzg5wsBNQgaqhY=</data>
    <key>ApSecurityDomain</key>
    <string>0x01</string>
    <key>ApProductionMode</key>
    <true/>
    <key>ApNonce</key>
    <data></data>
    <key>ApECID</key>
    <integer>0</integer>
    <key>ApChipID</key>
    <integer>32800</integer>
    <key>ApBoardID</key>
    <integer>12</integer>
</dict>
</plist>

This is giving me Status 98 in TSS, did I do something obviously wrong

STATUS=98&MESSAGE=An internal error occurred.
The XML/PList identification tag is missing or the start of the tag is malformed.

just start with <plist version

i tried that

same error

empty apnonce

also tried an ap nonce

does it have to be valid?

it has to be base64

ok ill try

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>UniqueBuildID</key>
    <data>dvn1iusZnR0Himzg5wsBNQgaqhY=</data>
    <key>ApSecurityDomain</key>
    <string>0x01</string>
    <key>ApProductionMode</key>
    <true/>
    <key>ApNonce</key>
    <data>Ys623odQJEdSdPEByKS/vrbATtKVA2IlTqQX98edN2E=</data>
    <key>ApECID</key>
    <integer>0</integer>
    <key>ApChipID</key>
    <integer>32800</integer>
    <key>ApBoardID</key>
    <integer>12</integer>
</dict>
</plist>

Same error

Is UniqueBuildID supposed to have a value?

yes

why is ECID 0

does that have to be valid too?

probably

just look at how tsschecker does it

tsschecker -d iPhone10,6 -i 14.5.1 --print-tss-request

same error

oh ok

is ECID in b64 too?

no it's in integer

hold on what the fuck lol

trying to minimize my TSS request, and if I remove a commented out section it errors

Lol what

psychic paper on TSS eta son

minimal required values (don't worry, this is a randomly generated ECID):

<?xml version="1.0"?>
<plist>
<dict>
    <key>ApECID</key>    <integer>9650076590773980</integer>
    <key>ApChipID</key>
    <integer>32789</integer>
    <key>ApBoardID</key>
    <integer>14</integer>
    <key>ApSecurityDomain</key>
    <integer>1</integer>
    <key>ApNonce</key>
    <data>
    OzEhFUfVz5pBvWAJx5yyT7yUGyd/oe3XOyBngfo6oDU=
    </data>
    <key>BbChipID</key>
    <integer>101</integer>
    <key>BbGoldCertId</key>
    <integer>524245983</integer>
    <key>BbSNUM</key>
    <data>
    544p7XEvjKMPtIUI
    </data>
    <key>BasebandFirmware</key>
    <dict>
        <key>RestorePSI-PartialDigest</key>
        <data>
        hAAAAIBmAgAbF9h8WhyEUyybeDI/ZArwoaLWDbjIAEO1bQ7qNJ0S7A==
        </data>
    </dict>
</dict>
</plist>

this doesn't even return an APTicket

but it doesn't error out lol

I mean you didn’t include the ApImg4Ticket value?

So i dont think it should

I know

didn't say it should

oh

why is baseband required, without it I get STATUS=460&MESSAGE=Empty ticket response.

where do you get BbGoldCertId as well

¯_(ツ)_/¯

if I do an iPad I assume it's not required right

probably

a wifi ipad

this is interesting

Strange, still 460

you can do --no-baseband even with an iPhone

but if baseband info is missing, then SepNonce is required

is this what idevicerestore does when you tell it to skip baseband update

not sure how that works / if it even does on iPhones