#futurerestore-help

yeah but wanted to see if collisions existed in request normal mode ap nonce

hmm, the nvram_entry dimentio prints is not always the same

this happens to me too

I wonder what happens if I killall -9 lockdownd

dimentio now says 0x1111... but ideviceinfo is now giving me the pre-dimentio apnonce

reminds me that someone said to delete lockdownd in r/jailbreak

because their friend was wiping their phone every day

:|

the answer is nothing

same nonce being returned still

but isn't overwritten

what happens if we delete nvram

would it still be cached

guys

dimentio keeps saying it's only 0x1111

but yeah works for me

A12+ moment probably

this was

1. apnonce key
   1a. dimentio plain, showed that it was still set to 0x111
2. dimentio 0x1111
3. apnonce ley

dimentio says it's still 0x111

@lilac wren doesnt this prove

that setting in nvram

is not the same as requesting normal mode apnonce

nah I think they're the same

it's just setting generator either way

how is this explained then

lol dimentio output is still spammy if you have no nonce set

anyway, lockdownd still happily returns the cached apnonce even with no generator set

just with apnonce key it checks if a generator already existed or something so it doesn't overwrite

what nyu said

I don't think the phone was expecting generator to magically disappear before it rebooted lol

and this doesn't work on A12+ because again nvram is still not directly accessed by us

❯ ideviceinfo -k ApNonce | base64 -d | xxd -p -c256
6368d701c4cc189430ea6804ef916293cd8c4186996e3b0eb4477236c743bbb9
❯ ssh iphonex dimentio
nvram_entry: 0xA07
Current nonce is 0x1111111111111111                                              
nonce_d: 27325C8258BE46E69D9EE57FA9A8FBC28B873DF434E5E702A8B27999551138AE
❯ ideviceinfo -k ApNonce | base64 -d | xxd -p -c256
6368d701c4cc189430ea6804ef916293cd8c4186996e3b0eb4477236c743bbb9
❯ ssh iphonex nvram -d com.apple.System.boot-nonce
❯ ssh iphonex dimentio
[...]
You have to set nonce first.
❯ ideviceinfo -k ApNonce | base64 -d | xxd -p -c256             
6368d701c4cc189430ea6804ef916293cd8c4186996e3b0eb4477236c743bbb9

what lol

[...]
You have to set nonce first.
Lol I wanna see all the ... just for dimentio to come to that conclusion

dimentio on cra1n is basically just nvram com.apple.System.boot-nonce=whatever

https://termbin.com/8bc57

when that happens ideviceinfo doesnt give us the correct nonce anymore

wait

so does this mean

if we set it in nvram

then do itunes from normal mode

it won't reset

🤔

Like I said above, I believe that setting generator in normal mode is different from restoring from normal mode

so I don't think this will make a difference

but you can try

alr

I think you have to request apnonce at least once before running dimentio to avoid it resetting to something else

lets try

maybe

I would totally expect iTunes to fail there though

requests an apticket with the wrong nonce and the device is like lolnope

oh yeah true

why am i doing this on A11 smg

did you try DFU nonce btw @lilac wren

no lemme finish my theology final lol

so early

I literally stayed here just to prove you two (@zinc moon) wrong >:(

but hopefully you get how getnonce works now lol

lol idk why you care about the generator so much, my main point was dimentio =! requesting apnonce (A11- at least)

no lol, it doesn’t set anything

:|

well

the python script doesnt

the device does

...

lol

we're all still learning but IM NOT I NEED TO TAKE A TEST

cya

gl

i will test this when my A9 wakes up from slumber

no

just for you to not be a JTV lol

...

always trust the frog

why doesn't apple just make all nonces like bcert

so that they expire

👀

bruh

when you accidentally update to latest (i wish)

Lol

Why are you still here do your finals

yes

rip i broke my charger

wot

well yes, thanks google

lol is my time wrong

oh wait

I thought 19:00 was 9pm

this is the most satisfying thing ever
http://cubictime.ru

ok ok ok

finally it's not CooCoo lol

i forgot ideviceinfo can read out nvram

can it read com.apple.boot nonce though

yes

hmmmm

let me do some tests

it cannot read boot-nonce from nvram unjailbroken

well what did you expect

actually this could still be useful though

as a way to detect jailbroken devices

yep

only if they set generator

and i assume this doesn't work in ios 14 jbs non checkra1n

yeah, that's the idea

someone confirm if it shows boot-nonce on A12+ iOS 14 or not pls

ill do it

from recovery mode or what

no

normal mode

just query ideviceinfo

ideviceinfo -k NonVolatileRAM

or that

no I have auto boot, backlight, boot args, boot breadcrumbs, com.apple.System.tz0-size, and usbcfwflasherResult

and dimentio shows nonce set?

lemme check

boot-nonce reappeared after rejbing with checkra1n btw

yes

hmm so this is actually useless for getnonce/blobsaver, rip

because A11 and below can just use 0x1111111111111111

how does 3u detect if a device is jailbroken or not?

good question

anyway checking BootNonce first for a known generator still works, but has the potential to fail if it's your first time jailbreaking and haven't rebooted yet after the jailbreak first set nonce

but anyway it will just fall back to getting a random pair then, no big deal

only an issue if you bootloop

we can just do ideviceinfo and then check nvram

we just established it only works with checkra1n

is he referring to frgui or irestore bc both show output

idk

ApNonceRetrieve might solve this problem actually

I just don't want to tell airsquared to change it without testing on multiple devices/SoCs first to see if it really works well

because the BootNonce thing seems more established to work on all devices, even A11- (where it is irrelevant, but good for testing)

oh is this cached on boot or something

yeah BootNonce means the generator that was used when the device booted

ooh ok

does this even do anything or exist lol, I messed with this key and didn't get it to do anything

ApNonceRetrieve on A11- returns nothing (or sometimes returns a totally wrong value), on A12+ it seems to be up to date generator value without rebooting

if I use libimobiledevice directly from C, lockdownd_get_value("ApNonceRetrieve") returns an error saying Get value prohibited on A11

ideviceinfo just outputs nothing, and idevicediagnostics just says success

gonna see if iTunes fails

yeah I get no value from it

ideviceinfo -k ApNonceRetrieve right

yeah

@lilac wren just tried an iTunes restore, irecovery -q still shows the dimentio output

from dfu or what

what device

from Recovery

A12 XR

hmm weird

what if you request ApNonce first and then try again

ok you set generator with dimentio, restored from recovery, and nonce is still set

didnt we know that

I can safely assume this is false

oh is this A12+?

no

then what are you saying

that dimentio =! requesting apnonce in normal mode

You said it’s not different

yeah they both set generator

so what are you saying

well

look at this then

if iTunes used that cached ideviceinfo apnonce, and dimentio got the generator right, wouldn’t you say it’s different

huh

just list your steps

ideviceinfo -k ApNonce, dimentio, ideviceinfo -k ApNonce (same result), dimentio 0x111111…., ideviceinfo -k ApNonce (same result), initiated iTunes restore (which is the first part of getnonce), rebooted me to recovery and now irecovery -q shows dimentio nonce instead of ideviceinfo nonce

ideviceinfo -k ApNonce (same result)
which is a wrong ap nonce right

yes

rebooted me to recovery
:|

it's going to show the correct nonce then lol

the test proves nothing

i was just showing that they’re not the same

other than ideviceinfo spews out junk when generator is already set

they both set generator, and both generators work the same lol

I mean you told me to try

hmm true if iTunes requests the nonce again in recovery it won't fail I guess

I told you to try an itunes restore to see if an ideviceinfo nonce resets where a dimentio one doesnt

what is your point lol, wdym "not the same"

This

so you're saying if we set a nvram nonce in normal mode, do itunes restore from normal mode, nonce won't reset?

i thought you already tried that

well, it's supposed to clear at the end of the restore regardless

i tried it just now lol

supposed to lol

you were saying this whole time that it would reset it

but it didnt

lol

bruh bc that's what you said

you told me that restores from recovery kept nonce, from normal mode didnt

so inconclusive results? which is it

when did i say it would reset

ok so what does this have to do with ideviceinfo nonce and it being different than dimentio

shows that ideviceinfo is shit

Dimentio >>>>

so they're still the same :|

bruh

lol you still don’t get it

We’ll see when an A12+ tester comes along

If they manage to do it with dimentio that means it’s different

Since nyu already proved it doesn’t work with ideviceinfo

here

bruh you still don't have a point

“from recovery mode”

"from normal mode"

ideviceinfo was from normal mode

if your point is that ideviceinfo spews out garbage

than that was already known

since like 2 weeks ago

when I tested it lol

🤦‍♂️

are you turning on JTV mode again lol

the one before reset my nonce

but it wasnt set in nvram

wut

if there was no nonce set

then there's not going to be one set

•-•

no because ideviceinfo overrode the dimentio one lol

dimentio was from the previous boot

this is from the same boot

oh so there was a generator set

from ideviceinfo

yes it appeared that way

and you're saying it got cleared when you restored from normal mode

the one from the previous boot yes

well i didnt even restore

i just went to recovery

uh

what

But it probably would’ve kept the nonce

wyd lol

you set nonce with dimentio, rebooted, set nonce with ideviceinfo, went to recovery, and it was gone?

i honestly have no clue what you're even saying now

dimentio was the one from the previous boot for the second time

you restored twice?

the one from ideviceinfo was still there

basically

i set with dimentio > rebooted > restored with itunes from normal mode and the nonce was NOT the dimentio one

oh but there was a nonce?

yes

randomized nonce though?

which means that either ideviceinfo failed or dimentio one got cleared from a reboot

but you used ideviceinfo?

what i just did now proves that it wasnt dimentio’s fault

yes

ideviceinfo and then itunes

where does it fit here

before itunes

sorry

ok

so ideviceinfo overwrites dimentio if you didn't set it on the same boot maybe

probably, but why didn’t it do so here

but how does this make ideviceinfo generator any different from dimentios

same boot?

yeah like whatever goes first

let me test something rn

that means itunes restores would just fail

after the reboot

so how does that make sense

itunes restores just read from apnonce in recovery

do they?

they don't read ideviceinfo junk

i thought it was from normal mode

doubt it

what are you gonna test

I can test that actually

If the restore fails that means it read ideviceinfo junk

if it succeeds then it didnt touch normal mode

but nyu said he was sure it would fail

didnt you try it already

nah i just rebooted to recovery

I’m trying it now

im doing a test on overwriting

in recovery i see dimentio nonce

going to jb

Yeah so if I didn’t fuck up next time you do ideviceinfo and then dimentio it should overwrite

yeah I think dimentio will always overwrite

just ideviceinfo that's finnicky

so maybe both have an equal chance

but they still are slightly different

if i wanted to take my chances for my nonce not to change i would still use dimentio instead of ideviceinfo

bruh how

they're both generators

that's all

dimentio will always overwrite thi

ideviceinfo sometimes doesn’t, especially on the same boot

yeah who cares if it overwrites though

it's a generator and it'll stay through a restore bc of apple's bug

people who want to keep the same nonce

^

the way you set it shouldn't matter

you say shouldnt but didnt we prove it just did

no lol

you never set generator with ideviceinfo

it just spewed junk, dimentio was the true generator

and then dimentio's stayed

ideviceinfo failed

Like i said

?

ideviceinfo just did what it was programmed to do

generator was already set on that session so it didn't do anything

ok just jailbroke, generator is still set to 0x1111, dimentio's

by session you mean ‘boot’ right

doing ideviceinfo now

now it's set to 0x5C438FA0F220B2DC

so it overwrote

going into recovery now to see if it's true

iTunes isn’t failing but it definitely isn’t working either

(which it should be if that's what dimentio no args shows)

it shows the wacky nonce

it’s stuck on Preparing iPhone

so ideviceinfo succeeded in overwriting dimentio's

oh it’s going

I got error 2009

now I'm going to set generator with dimentio to 0x1111, then try ideviceinfo

Yep

2009 is invalid response from TSS

imagine it ignored that and carried on restoring

that would be an ultimate bug

the device wouldn't boot it even if it restored though

but yeah would still be cool

to do tethered without succession or divise

we could still mess around with signatures after that

ok jailbreaking again

Ok so theoretically the next iTunes restore should work

If it doesn’t then it don’t read apnonce from recovery

So it does read from normal mode

oh what did you do

got ideviceinfo and dimentio to disagree on nonce

ok

then tried itunes restore to see if it would look at both of them

looks like iTunes did ideviceinfo, got the wrong nonce, rebooted to recovery, got a different nonce than ideviceinfo and just failed

taurine set it to 0x1111, so doing ideviceinfo rn would overwrite it; instead im going to set it to 0x1111 again (even though it's already 0x111)

ok set

so iTunes is as wack as ideviceinfo

smh

i want a more verbose answer

got some garbage ApNonce from ideviceinfo

lemme try idevicerestore

and dimentio shows 0x1111

so it was NOT overwritten because we set nonce on this session

@lilac wren did you at least understand this experiment

mine or yours

mine

ofc

ofc

you would understand your own experiment lol

yeah so from yours it looks like itunes just reads mobilegestalt key which recovery doesn't like

bc it's garbage key

yeah

looks like subsequent iTunes restores dont work either

but what does this add to the "ideviceinfo generator is different" argument

Does it cache the APTicket?

nah bc nonce

but from recovery

Whats the garbage nonce

There’s only 1

garbage nonce is mobilegestalt ApNonce key after nonce was already set this session

because it's not the true nonce

it's just something made up

yes

but from recovery mode

ideviceinfo would give the correct nonce

from recovery should work bc you can't set generator there I think

it doesn’t

Which makes me think iTunes caches something

but this

not much other than dimentio takes priority in the same boot, but we still need an A12+ dimentio tester to settle it

if dimentio works and ideviceinfo doesn’t, do you accept you’re in the wrong

yeah but aside from ideviceinfo wack programming, the generators are not any different

A12+ restore

huh lol, the way I'll accept that I'm wrong is if
a restore with dimentio generator keeps that nonce after restore
a restore with ideviceinfo derived generator (must be true, put aside the wack garbage programming nonce) clears the nonce

the latter has already been proven

just the former

fr? what were the setps, when did it clear, and from what mode \

nyu did it

i just proved iTunes uses ideviceinfo right?

Lol ooc here

Well looks like an iTunes restore to latest doesn’t keep the same generator

on XR

from normal mode yes, because it's lazy

yup

how was generator set

send link

ideviceinfo

dang so A12 might be dead for this

#futurerestore-help message

ideviceinfo = iTunes remember

oh but that's A12

so doesn't actually "prove the latter"

yes

oh

you never specified

-_-

bruh

but

but

I tested on A9 remember

I assume A12 clears dimentio too so we accomplish nothing with that test for our argument

Set dimentio from previous boot, used ideviceinfo on the next, nonce was overwritten, initatied iTunes restore, and when i rebooted into recovery the nonce was cleared

Here's what we need to do:

dimentio forever

1. Get a A11 or lower device
2. Set generator with dimentio
3. idevicerestore to latest
4. See if generator is set

idevicesetnonce

1. Get the same device
2. As soon as it's jailbroken, set generator with ideviceinfo (make sure it actually sets, doesn't spew trash)
3. idevicerestore to latest
4. See if generator is set

if idevicesetnonce is cleared, while dimentio forever is set, then I will admit that yes, the two generators are indeed different

You mean A12 or higher

no a11 lower

We already test dimentio forever on A9 + A11

lol

yeah but not idevicesetnonce

I did a live restore fgs

ok

so the former is good

yes ik

where does A12 and higher come into this

A12 higher, if Nyu was correct that the generator was cleared with idevicesetnonce, then yeah I think dimentio will also be cleared—again my point that the generators are the same

ok but if it isn’t cleared

but we need it to be done on the same device

bc my device does some weird stuff with idevicesetnonce while nyu's won't

and with idevicesetnonce

what the fuck is idevicesetnonce

instead of dimentio generator

random name froggy made up

Lol what we call mobilegestalt ApNonce as soon as it boots

so that it sets true generator not just spews out garbage

but im getting tired of saying spews out garbage

If a random generator is set (a.k.a nonce cleared) does that count

cause technically if dimentio stayed and idevicesetnonce was cleared then they aren’t the same

That should be a separate test, bc if iTunes really does use idevicesetnonce, then with a cleared nvram it might set and keep a nonce after the restore

that wasnt my question tho

lol

would it still count

because dimentio —> stayed and idevicesetnonce —> cleared

which proves that they’re not the same

which is my point

and i have 1%

Just follow the steps I put above

i'll take that as a yes

Otherwise the test is probably not done right, remember

Remember that my ideviceinfo is different from Nyu's

So anything can change

how does that make a difference

Sure so long as you follow those steps

if the nonce is cleared it's cleared

Yeah but the nonce wasn't set with idevicesetnonce beforehand

bruh idevicerestore doesn't even work for normal mode restores

needs an update for entering recovery

Oh fr?

Then iTunes is fine

Just use iTunes for both

i'll follow the steps but i'm just saying if the nonce post-restore is a single character different than pre-restore i'm counting it as a fail

and why is the discord mention sign bright blue

Nonce or generator

bruh

if one is different ofc the other is going to be different

but nonce

Why nonce

The test was if generator was cleared after restore

Not if nonce changes

if it's different then the generator was cleared

i wont test it from normal mode ofc because that would overwrite

but i'll just reboot

Sure but it's a checkra1n device

to recovery

You could just jailbreak and print nvram

that works as well - but it's literally the same thing

ok im gonna do this

Ok

Are we restoring from normal mode or revovery

Shouldn't make a difference

1. Set generator with dimentio (has the same effect of a dimentio forever post-restore
2. Reboot and use iTunes from normal mode (same effect of ideviceinfo like i just proved)
3. Check if the nonce is cleared

any objections?

Yes

Why reboot after setting generator with dimentio

you don't want me to

?

Just go into revovery

And restore from there

but then how would i use ideviceinfo

that only works from normal mode

Same place you use dimentio

^

Jailbreak, set generator, go to recovery, restore

I think that makes sense

wait i don't understand

Otherwise if what you say is true that iTunes does ideviceinfo as well we might get tss error

"See if generator is set" which generator is this referring to

ideviceinfo?

Any generator

The same one that we set

with ideviceinfo?

brb

Actually lemme rewrite the steps otherwise we'll get tss I think

dimentio forever

1. Get a A11 or lower device
2. Jailbreak
3. Set generator with dimentio
4. Go into revovery
5. idevicerestore to latest
6. See if generator is set

idevicesetnonce

1. Get the same device
2. Jailbreak
3. As soon as it's jailbroken, set generator with ideviceinfo (make sure it actually sets, doesn't spew trash)
4. Enter recovery
5. idevicerestore to latest
6. See if generator is set

That way the 2nd iTunes ideviceinfo doesn't mess up anything

And it should only be our ideviceinfo

If you want you can livestream too

yeah this doesnt make sense because the point of the dimentio test was to make sure the same generator persisted

otherwise it's uselss

Sorry I meant the same

so it should be exactly the same

yeah

By any I meant either dimentio or idevicesetnonce

Like either test

But yeah the same as initial

instead of ideviceinfo tho i'm gonna do iTunes from normal tho, if we get TSS i'll try the original way

once it's in recovery i'll show the nonce

But why lol, that just adds another layer of uncertainty

Wait

We won't even know what the initial generator is if we do that

Lol

ideviceinfo is kinda long

when it reboots to recovery i'll do irecovery -q

before it restores

Hm maybe you can but idk feels uncertain to me

Besides people will set generator with getnonce not with an iTunes restore like this lol

it should be the exact same thing

literally

cool if your test fails i'll do it the original way too

lemme jailbreak and reboot to windows

Ok

rebooting now

@lilac wren join

Okie 1 sec

boutta get serial leaked

i wonder if anyone uses itunes for music

just to prove i'm jailbrojen

cool story bro

i see why though

lol i dont like to waste data on spotify

so i just download locally

LOL

yay party

my phone is on 1%

lol will it even let you restore

otherwise i would be using discord on the phone

sad

aww

froggy ur still here right

yeah

ok time to gooo

is this dimentio

idevicesetnonce

ok but lazy method

random nonce

that same nonce must be retained

no TSS

yeah so itunes is setting generator

yes

ok

ideviceinfo

restore mode entered

nice

lol

wot

no clue

ok well

you could retry

why does sepnonce change so often

so idevicerestore just goes into recovery and does a restore there right

yeah this is basically the original method now

because ideviceinfo, rebooted to recovery, and now we initiate

oh ok

inb4 4K

but we don't know what the generator is do we

we do

well

we know nonce

if the same nonce is there that means same generator

double check that it set

go to recovery get nonce, reboot and do it again

ok

what's news for downgrading from iOS 14.4 to 14.3?

it works

just have blobs

entering it manually

oh ok lol

and A11-

but yeah sep and bb is compatible

Sorry from 14.4 to 14.3

14.2

same nonce

I have iOS 14.2 blobs

oh idk if it will ever be fixed

A11

nice

we going

bro

@zealous bridge

you shared a photo of yourself

look

🍓

knew it

:P

lol

lol

i actually dont mind anyone seeing how i look as long as theyre quiet abt it

TANBERRY IS RED AND HAS WHITE SEEDS AND A GREEN TUFT OF HAIR

green

just like

a frog

L

well frogs are cute and green and squishy

14.2 from 14.x doesnt work at all

nice temp

I tried about 70 days ago to downgrade from 14.4 to 14.2 ... I wanted to know if it was fixed

nah

I guess it would be better to wait for the next jailbreak, as it looks like it will be out soon

I hate fdr

fuck fdr

Yeah

@lilac wren inb4 4K error

lets hope not

Greetings from Italy, thanks bro

bruh fix ur cable

bruh

irecovery worked

itunes is ass

i think recovery timeout

idevicerestore then

LOL

your tool is bugging out bc of the cable

one sec

changing ports

ok

is this good?

what is this

so idevicerestore?

2+1u restore

yes

it uses idevicerestore

actually it uses iTunes

this is the most scuffed experiment

let's just do it

lemme try one more time

i think changing ports fixed cable

ok then itunes might work

same

we back to square one

why doesnt itunes use cached dmgs smh

also we can check with /var/MobileSoftwareUpdate/restore.log

or whatver

oh yeah

uses like a tenth of my disk speed

yup

here we go

nice

gonna sleep wake me up when it finishes

nm

The f*cks that supposed to mean..?

Lol

I'm done.

you never are truly 'done'

I honestly can't believe you...

who wants to play pong

——————————
|

oops

hold on

.

Stfu. Leave me alone.

There ok pong is ready
——————————
| |
| |
| > • < |
| |
| |
——————————

me lol

moment of truth froggy

need to wait for the 2nd progress bar

smh

lol

i'm def wearing out the NAND flashes lol

this thing is so slow

what is a nand

ssd chips

like the internal name

oh

phone storage is flash right

like sd cards

NAND = flash

yes

oh ok

they all use the same thing

ok

rebooted

yay

gg

same nonce

gg

now to test A12 in the future

yeah low hopes now

yeah

ig apple literally does not know what nonce means

we can literally just reboot to recovery and used the cached APTicket from iTunes again

Lol wait you're right

Apple is literally creating our infinonce

literally

by setting generator

Lmho

disappointed @split torrent

mt

eta wen BCerts in all requests

like I said just do bcert thing

yeah

i imagine that somewhere in Apple there's a high up dev who's keeping things as easy as he can for us

Maybe

But whoever created nonce entanglement i don’t like you very much

Oh bcerts probably can't be created in dfu or recovery or something

why not

also i had this weird glitch where the low battery sign went on top of the recovery mode sign and created this weird image

Idk dfu doesn't know current time, maybe there need to be files to sign it which exist on the filesystem but don't if you wipe everything, etc

Generating a random number works though

Yoo that's actually pretty cool

I wish we could easily change those images

Ikr

But ofc each and every one of them are separately signed

Oh i forgot about dfu time

lol

Okg

Omg

1PM EDT

Yes

Whens that

2 hrs

Or 1 hr 45 min

18:00

Oof

I have to rush home after school

If i wanna catch that

Why what happened

My school is 6-6

lol

EDT?

Oh no

It’s 7am

lol

Cupertino is PDT

gm

gm

What would normal mode ap nonce collisions even do for us if it worked

Oh it would be possible to set generator unjailbroken

@lilac wren ??

how is nvram unavailable after ideviceinfo

Wdym

We just proved it today remember

ik

but like

That dimentio and idevicesetnonce both don't clear

why

thats stupid

Lol yeah

it's like

Apple pls don't fix

we just locked nvram

lol

Wait

Have you tried dfu?

no...

That would be cool if it persisted

You should try

sure

Yay

what are the steps again

Also yeah dfu nonce was not affected by generator

Is it entangled as well?

got a better cable too

Set generator with dimentio, go to dfu and restore

ok

Reading package lists... Done
Building dependency tree... Done
Package org.coolstar.libkernrw is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'org.coolstar.libkernrw' has no installation candidate```

Apt update maybe

lol i tried that ofc

[[libkernrw]]

what repo

not in procursus

oh in odyssey repo

https://repo.theodyssey.dev/

N: Updating from such a repository can't be done securely, and is therefore disabled by default.```

rip

allow unauthenticated time

Can you not just open Sileo lol

too long

do you know how slow a 6s is

I had a 6 until iOS 13 and a XR is so speedy

Actually ios 12

6 doesnt even support 13

after setting nonce to 0x111111 with nvram

tanbeer@ZenBook-UX434DA-UM433DA:~/Desktop$ ./irecovery -q
CPID: 0x8000
CPRV: 0x20
BDID: 0x04
ECID: 0x00000[REDACTED]
CPFM: 0x03
SCEP: 0x01
IBFL: 0x1c
SRTG: iBoot-2234.0.0.3.3
SRNM: N/A
IMEI: N/A
NONC: 9be0c3610976ea89dbb5618255e95dd0f392fd72
SNON: 7ab127b57ea6018b611632eb38b1259cab8f45be
MODE: DFU```

yeah no that is not the right nonce

lets see tho

nah

so long as you use the right generator

which generated that apnonce

instead of 0x11111….

If you tell me you forgot

I will personally come to Jordan

and smack you

lol

quick before 14.5.1 is yeeted

i said like 3 times in my getnonce guide to remember the generator lmfao

yes break SHA-384 for me and get your AES key

i love how you tell everyone that they're stupid and save blobs wrong and then karma hits you like that

lol

@lilac wren what happens if i force reboot after the first progress bar and don't wait for the second

I think it would just start the second again

maybe

I mean maybe it would bootloop

what if i do it in the middle of it

If I had to guess I'd think it'd just restart

lemme test-

Ehh same

yes

Yeah lol why I corrected to 12, also because chimera first A12 jb

CPID: 0x8000
CPRV: 0x20
BDID: 0x04
ECID: 0x00000[REDACTED]
CPFM: 0x03
SCEP: 0x01
IBFL: 0x1d
SRTG: N/A
SRNM: [REDACTED]
IMEI: N/A
NONC: 3a88b7c3802f2f0510abc432104a15ebd8bd7154
SNON: 77b305e1087566d88dd216ed586ffbd0ddaa2d5b
MODE: Recovery```

Ugh that kinda stinks, with phone security becoming greater it's harder for people to get started in jb dev scene

i feel like maiming and hugging someone at Apple HQ at the same time

Is the nonce the same

3a88b7c3802f2f0510abc432104a15ebd8bd7154```

Nice

Now we gotta hope this happens on A12+

Otherwise no point

correct

Ooh nice

makes my life a bit easier

also correct

Wow I am smort

i would agree if you were literally any animal other than a frog

ugh you cant even skip setup anymore on 14+

so even from DFU iBEC still can't access the nvram

that makes no sense but whatever

yes just inshallah this one

i think i finally got it

pwndfu only works when the CPU is cool

otherwise shit's claimed

:smort:

lol cant think of any other reason

apparently all the way up to the progress bar is known as "recovery mode"

even when the connect to iTunes logo isn't shown

@lilac wren what if the ideviceinfo part was the nonce reset

lol

thats flawed asf tho

cause recovery mode

but imagine that's apples game plan

well, it depends... the generator is just a comment, so as long as you KNOW what the real generator was... they would be valid

but I bet you didn't write it down anywhere, it's a random string with getnonce, no way to guess it

bruh

even normal itunes restores dont clear it

from normal mode

lol i think once you set it ios can never get access to the nvram again without nvram -c

i wonder what would happen if we do that junk ideviceinfo thing with OTA

WebKit

two webkit vulns yeah

"An error occurred while downloading iOS 14.6"

i think it's because i'm jb

yes

get the phone off her

lol wot

wheres my delta gone

have to wait one hour for the whole thing ugh

rip

lemme chec

yes

TSS saver is usually always valid so long as you press the save blobs button

You know what I think I'll write a post on nonces

non-jb

Oh yeah

Rookie mistake

You basically pulled a blobsaver 2.x

LOL

ur right

it's not really much worse because like I said the generator is just a comment

so it's equivalent to not having a generator in the blob

ik but a wrong generator is worse than no generator

because you think you're safe until it's time to use it

true

wut

that's a subreddit

how are there 4 online

with 2 members

oh the join button

i forgot you can subscribe to a sub

that doesn't make sense though

bc this is private

its reddit being late

probably

do "/usr/local/bin/tsschecker" -d iPhone10,3 -i 14.5.1 | grep -q 'IS being signed!'
if [ $? == 0 ]; then
   echo "signed"
else
  echo "unsigned"
fi
done```

i cant believe i have come to this level

bruh

what's my script lemme see

idk i just looked up some basic syntax online and put it together

#!/bin/bash

# Needed for linux for some reason? TSSChecker doesn't work without
LD_LIBRARY_PATH=/usr/local/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/libfragmentzip.so.0
export LD_LIBRARY_PATH

version=14.5.1

while tsschecker -d iPhone11,8 -i $version | grep 'IS being signed' > /dev/null; do
    echo $version' is being signed'
    sleep 60
done
echo $version' is not being signed'
curl -X POST -H "Content-Type: application/json" -d '{ "value1" : "'$version'" }' https://maker.ifttt.com/trigger/tss_change/with/key/[key]

.....

oh

its IFTTT

you could use this

ifttt is for phone notification

ty

np

just change $version whenever new iOS is out

or make tss live

and then never do it

lol

and leave it unfinished

O_O

naughty

what do i choose in ifttt

webhook

interesting, it gets all the way to verifying update and reboot but just reboots back to normal mode

LOL what

doesnt inititate

might sniff the tss request

oh restore mode must reject it then

prob

like it gets tss for the garbage nonce

then restore mode is like "wth is this shsh, it's for the wrong nonce. nope"

and kicks you back

yeah probably will sniff in a bit

why does pwndfu need generator again

to set generator in pwnrecovery

yeah but why can't you set it normally

idk it just does it because it can

oh bc dfu nonce is different or something

dfu nonce has nothing to do with it

ok

you restore from pwnrecovery

@celest basalt do you know why pwndfu needs generator

it needs that to set nonce

because you can't just set nonce the normal way for pwndfu

oh why not

because DFU has a different nonce I guess, although it goes to iBEC/iBSS but it still stays in pwnrecovery rather than normal afaik

pwnrecovery can't just read the set generator and do its stuff?

the restore takes place from recovery not dfu right

it can

it's just irecovery -c "setenv com.apple.System.boot-nonce=$generator"

nice key

lol

pls no spam

technically a restore ramdisk is loaded from both recovery and DFU so I guess at that point it's kinda the same, except for the way the nonce is set initially for the image to be accepted

like i said, it probably could ignore this step if it's already set in nvram

but it just does it anyway

doesn't hurt

no the freshnonce patch checks if it's already set or not

oh lol

bruh bad practice, it should do that in regular FR then as well

couldnt fr detect a bad apnonce/generator match before the device goes into recovery

only if it

it's jailbroken

like take the generator from the blob then hash it and compare it with an asn1parse

nah not really

it only needs the blob

just decode the apimg4ticket part and check if the hashes match

no i mean how will FR get ap nonce from non recovery mode

it doesnt need to, it already has the apnonce in the blob

14.5.1 unsigned

r u sure

i didnt get a notif

nvm

why did it trigger

bruh

bro

why did mine trigger

blame froggy's script

bruh

did you do something wrong where's the value1

it was working perfectly lol

then after 8 tries it failed

I will fire this webhook until you see the message >:(

bruh it keepds doing it

where's value1 >:(

its there

did you hardcode that

in ifttt

are you sure in ifttt it's taking value1

isnt it default

when you made the webhook

bro i thought fr

lol

wtf

oh

I was like why is my script being slow

i think it was because the request got timed out

i should do a check that searches for “IS NOT being signed!”

Yeah I just changed it to that

how do you send a notification over ssh

you could change it to that instead of IFTTT

activator

it's running on a remote server

Oh