#futurerestore-help

Can you change nonce generator without jailbreak

@crystal oak only on a11 and lower

it requires an exploit to set nonce

but im on a13

then clearly not without an exploit

I cant change on unc0ver because when I click the settings icon. It will not open

of course it won't open on unsupported versions

setting nonce requires the same exploit as a jailbreak

Can I use pwndfu and use setnonce for it to work without setting the nonce on my iPhone

no

i'm not lying

@upbeat stirrup Yes you are

"i think that windows will not work well with this version" this is the lie

v194 worked because your device doesn't support iOS 15

my phone is iphone 6s

because 6s doesn't have savage

savage is broken in 194

6s works because no savage

I got error : ERROR: Unable to place device in recovery mode

place your device in recovery mode

LEt me try from recovery mode.

what os

place your device in recovery mode and try again

TRying that. Went past the error. Checking hashes ....

Thanks

what does -set nonce in -pwndfu do

Got iBEC error. There is a solution available for windows host. Trying out the solution...

remove apple recovery driver, plug in your device and try again

can someone answer please?

i dont know

have you fixed it yet?

yes. Thanks. Now stuck at : Extracting batterycharging0@3x~iphone.im4p.

I guess I have to be patient.

Yes, going ahead. The progress bar is darkening.

I think it just sets the nonce and stops. Doesn't do anything else.

stops the restore

so yeah this happened

https://cdn.discordapp.com/attachments/688124678707216399/905818007576674364/video0.mov

and now I restored to 15.1

without a jailbreak, I can't go back to 14.5.1 can I?

HOW DID YOU DO IT WITHOUT A JAILBREAK! THAT WHAT I WANTED TO DO!!!!

what

I didn't do anything without a jailbreak

oh sorry

I was on 13.7 (jailbroken) trying to futurerestore to 14.5.1 and it failed

and now I restored using iTunes to 15.1 because iOS was messed up, corrupted

https://youtu.be/o8vNwxVgdps

try it

!t yt

it says checkm8

doesn't support A13

okay

thanks

Rstore successful.. I need to setup the phone now.

congrats

Thanks.

now jailbreak using unc0ver and you can sleep\

I am an ignorent at best and stupid at worst. But I am lucky!

Yes. LEt me see how it goes. Hope I am not stuck at setup screen.

Turn off OTA so it will not auto update to (15.x)

Yes. Would do that. Thanks.

FR-GUI says restore successful and stopped. Now phone says press home to upgrade. What's that?

picture plz

Some kind of OOB experience?

is it a white screen with press home to upgrade on the bottom of the screen

do a clean restore

Yaay. Success.

yeah congrats

Just did that. It worked. Thanks.

that's fine, upgrade doesn't mean it will update iOS

ah you already got past it

Put in recovery mode and it worked. Successfully restored my iPh6SP from iOS 15.0.2 to iOS 14.3. Thank you for the tip. Thanks to @valid adder and the whole team for your incessant efforts. I know you are doing a thankless job. You do it because you like it. I appreciate your community spirit.

You guys @celest basalt , @zealous bridge , CoolFroggy, ( list incomplete) are legends.

Can't thank you enough!

And there are non legends who are willing to help. Thanks to them too.

BTW, where are the FR-GUI logs stored on windows? I copied from the app window. But a file would be nice .

if im updating to 14.5.1 from 14.3 what options do i use

my device is currently in a bootloop

i am on linux using the beta

what device

iphone 7

im the one that bootlooped with taurine

oh

well depends, if your nonce is set then nothing special, just latest SEP/BB

if it isn't then follow pinned guide from downgrading from iOS 15 (also works in your case) to set nonce

i am trying to use checkm8 nonce setter

try just using the set nonce option in futurerestore beta

but it says device not found

oh i will

though you still need to run ipwndfu and remove sigchecks with Fugu first

https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8#a10x

wait i can use futurerestore gui?

yes

but you need terminal for ipwndfu and Fugu first

before using FR / FRGUI

anyone tried restoring from ios 14 to 15.0.2 with futurerestore?

I mean is 15.0.2 SEP compatible with 15.1

obviously it works...

its been done many times

including with a15...

it makes zero sense that you would think it would be incompat already

Hello i'm having trouble at the end of my attempt to use future restore to update my iphone XS Max from 13.5 to 14.5.1 it seemed to work but in the end i had this error :

Checkpoint 1608 complete with code 0
Cleaning up...
[exception]:
what=ERROR: Unable to restore device

code=105840657
line=1615
file=futurerestore.cpp
commit count=262:
commit sha =a9b77f4d92b7f3b6599e090b3d267b81ed288dbe:
Done: restoring failed!
FutureRestore process ended.

Can someone help me please 🙏 ? because i am now stuck in recovery mode and don't know what to do

@blissful mesa full log bozo

@blissful mesa just exit recovery with futurerestore like a normal person would

i can not change nonce generator so can I use ap nonce colision

if I cant change nonce

@crystal oak yes but you will be waiting 300000 centuries

That’s not what collision is for

It won’t collide at all

but it keeps saying the same apnonce

Show me

Because your nonce is frozen

Stop using nonce collision it was patched in iOS 10… also it was only very specific nonces that collided bro not the one you have

how do i restore without change nonce then

You don’t?

I changed the nonce via taurine and it still gave me a apnonce error

even if taurine shows the nonce i put in

just jb and use dimentio

i cant jailbreak on ios 15

bruh then how u using taurine

it has a bullt in nonce changer

doesnt work if u cant jb

can you change nonce on pc

only if u have a checkm8 device

and only on mac

any other way i can change nonce on a13 and without a jailbreak

no

can you use pwndfu and setnonce to use future restore without changing generator

lol no

u cant even use pwndfu without checkm8

is there a jailbreak for ios 15

no

how can you downgrade ios without jailbreak and checkm8

u cant

lol

Traceback (most recent call last):
File "./ipwndfu", line 6, in <module>
import dfu, nor, utilities
ImportError: No module named dfu

tho this was gir

lmao

lmfao

you need to download the whole thing, not just one file

lol

*** checkm8 exploit by axi0mX ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
Traceback (most recent call last):
File "./ipwndfu", line 73, in <module>
checkm8.exploit()
File "/home/marshallpieri/ipwndfu-master/checkm8.py", line 510, in exploit
if 'PWND:[checkm8]' not in device.serial_number:
File "/home/marshallpieri/ipwndfu-master/usb/core.py", line 830, in serial_number
self._serial_number = util.get_string(self, self.iSerialNumber)
File "/home/marshallpieri/ipwndfu-master/usb/util.py", line 314, in get_string
raise ValueError("The device has no langid")
ValueError: The device has no langid

Can I use this to update my iphone 8 from ios 13 to 14?

if u have blobs yea

wait when i run ./ipwndfu -p again it says this

*** checkm8 exploit by axi0mX ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8]
Device is already in pwned DFU Mode. Not executing exploit.

@celest basalt

does that mean im done with this step?

yes

ok

bash: ./Fugu: cannot execute binary file: Exec format error

need macOS

...

fuck

so i cant do on linux?

do i have any other options to do it on linux or do i need a mac

hold on

https://github.com/LinusHenze/ipwndfu_public/tree/master

python2 rmsigchks.py

*** SecureROM Signature check remover by Linus Henze ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8]
ERROR: This is not a compatible device. Exiting.
Right now, only the iPhone 5s is compatible.

oh

what can i do?

could i maybe do this part on a mac vm and boot into linux and do the rest on linux?

You can, i tried it once, i got close

But didn’t succeed cuz of my Pci ports

https://github.com/nyuszika7h/ipwndfu_public/tree/t8010

there I made a copy of cryptic's PR

Hi, I have iPh6SP successfully FRed from 15.0.2 to 14.3 today . I preserved my userland. Aparently this froze my nonce. Hence I could dg to 14.3 without problem. Now I get weired errors while jailbreaking with Taurine and u0 both. I think I should erase while FRing. If I do so, will I lose my nonce?

oh i already have a mac vm setup with working imessage, facetime and wifi

You can try that

im going to try this first

Interesting. Which host and what VM package?

im using vmware

Idk how you pass through USB-s but you will need a KVM

its only catalina but i think i can update it

Because you have pass through the PCI controllers

VMware on linux or windows ?

windows

I am looking for iMessage and FT, but my VM is not icloud compatible.

Great. Where did you get the Mac parameters from?

Did you follow the VMware tutorial to change Mac parameters ?

dm me

i need to get into pwned dfu mode again

when i try this shows

*** checkm8 exploit by axi0mX ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
ERROR: Exploit failed. Device did not enter pwned DFU Mode.

The exploit failed

Keep trying

Re-enter dfu mode and try again

It fails

*** SecureROM Signature check remover by Linus Henze ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8]
Applying patches...
Traceback (most recent call last):
File "rmsigchks.py", line 100, in <module>
main()
File "rmsigchks.py", line 87, in main
pdev.write_memory(k, config.patches[k])
File "/home/marshallpieri/ipwndfu_public-t8010/usbexec.py", line 44, in write_memory
def write_memory(self, address, data): self.command(self.cmd_memcpy(address, self.cmd_data_address(3), len(data)) + data, 0)
File "/home/marshallpieri/ipwndfu_public-t8010/usbexec.py", line 106, in command
response = device.ctrl_transfer(0xA1, 2, 0xFFFF, 0, response_length + 1, CMD_TIMEOUT).tostring()[1:]
File "/home/marshallpieri/ipwndfu_public-t8010/usb/core.py", line 1043, in ctrl_transfer
self.__get_timeout(timeout))
File "/home/marshallpieri/ipwndfu_public-t8010/usb/backend/libusb1.py", line 883, in ctrl_transfer
timeout))
File "/home/marshallpieri/ipwndfu_public-t8010/usb/backend/libusb1.py", line 595, in _check
raise USBError(_strerror(ret), ret, _libusb_errno[ret])
usb.core.USBError: [Errno 5] Input/Output Error

@celest basalt

use ramiel. https://ramiel.app

linux

😩

Kept on rebooting and retrying. Eventually I could jailbreak with Taurine. So, the FR-GUI update was worth taking the risk. A GIGANTIC THANK YOU to our team.

i just want my phone back :(

im about to update to the latest version i think

WAIT...

if i restore with itunes

can i use my 14.3 blobs to downgrade?

I just did that. But mine is iPh6SP. Which is your model?

7

Maybe you can... Not sure. I suggest you put your device in recovery mode and run 'irecovery -q' from Windows ( even Mac VM will do). This will print nonce. If printed nonce is matching with your 14.3 blobs then go ahead.

it doesnt

i saved those blobs on u0

now i use taurine

same with 14.5.1 blobs

As nonces are not matching you will need a nonce setter, I am afraid.

yup

thats the issue right now

wait

i have an idea

does checkra1n support 14.6?

!t checkra1n

i have 14.6 blobs with matching nonce

i can fr to 14.6

jailbreak with checkra1n

change my nonce to match my 14.5.1 blobs

and downgrade to 14.5.1

would that work?

Yes, that is a possible path.

Try it out.No harm in that. My 'irecovery -q' nonce matched with ios 14.3 blob nonce. I had a successful FR to 14.3 in a single step. For you there are more than 1 steps.

I would suggest FR update option and not erase option.

what device?

7

im on 14.3 right now but i bootlooped with taurine

with 7 you should have no problem with FR, only faceid device have problem with ios 15 sep

so theorically you could do it, but wait for confirm from some genius or ppl who know more about it

Very correct.

what is there to lose?

i dont have any other options

worse thing is id have to go to 15.0.2

you have nothing to lose i think

if something goes wrong i could just go to 15.0.2

and try again

i think so

wait, and try again?

Not even 15.0.2 if you don’t have blobs

i have blobs for every version 14+

checkrain is not working on ios 15 or im wrong?

Yes

i dont follow it

does it have to be for me to downgrade?

Checkra1n isn’t working on iOS 15

you can set nonce with broken checkra<in?

What

i would downgrade to 14.6

that would have matching nonce

i mean how do you set nonce on ios 15?

would i have to?

i dont know?

couldnt i just use my blobs that have the same nonce

as i have right now

hm

when i update will my nonce change?

i dont know how that work tbh

pwndfu + futurerestore if you have a checkm8 compatible device

It has a nonce setter

then you are good

oh so id be good either way

^

yeah imma go to 14.6

wish me luck pls

my phone is already bootlooped not much worse can happen ig

My iPhone 8 was on 14.3 and it suddenly turned off and then on again and stuck on apple logo. then after some time it was off and again on and same thing happening from past 1 hour. I was on taurine and now i tried to watch the futurerestore video but it says i have to be jailbroken to set up the nonce setter.

like, what should i dp

I am not sure why this even happened.

damn

thats 2 people that have bootlooped with taurine after their phone died

my phone was not dead. it was on 10%.

was your battery health okay

nope. It is at 80 around lol.

thats

not a very good battery health

apple recommends you replace your battery at 85

i agrreeee. and my device was at full capacity too. 64gb was filled.

probably shutdown from low power

So what's the solution now? I am restoring to 15.1 i think. i have all the blobs. should i downgrade or continue with checkra1n? and downgrade when fugu14 untethered gets released with checkra1n?

most likely i guess

also replace that battery boye

gonna do that by this week. should i get original battery or just replace by my own?

your call

personally id get an apple battery just because

but its your choice

ok.

iphone could not be restored an unknown error occurred 9

hm

someone smarter than me take over im busy rn

Screenshot please

took from google images. but same message in my macbook air. i am updating now instead of restore. hopefully that will help.

Yah we only know how to use non apple software for help here

Use idevicerestore or futurerestore please

Leave it some time in charge and try again in DFU mode

but the device needs to be in jailbroken right?

Not if you restore to latest

Yah you can’t restore in lowpower precharge state…

ahhh maybe that's why.

ok.

It’s kinda common sense lol

hmm

they recommend to replace it at 79% afaik

at least iOS does

that's when it starts saying "Your battery health is significantly degraded"

Idk I swear I’ve heard like 85% somewhere before

is it still possible to restore to older un signed ios versions?

Yes with blobs

and latest baseband and sep compatible with your device

Let the people who know what they are talking about talk

yeah

So if i upgrade to IOS 15.1, from IOS 13.5, then DOWNGRADE to ios 15.1 beta 3, will my SEP be compatible?

The SEP incompatibility is only versions below iOS 15

You should be fine iirc

ok lol the whole faceID not working scares me lmao

I want go from ios 15.02 to ios 14

I've been on 13.5 for a whileeeeee so its ab time for an upgrade

Not do an upgrade the phone cant jailbreak ios 15

i know im waiting for the 15.0-15.1 beta 3 jailbreak to come out

i know it will be a while but i'm looking forward to using the newest jailbreak at the time

Ios 15 not qorking siri commands as well

Some commands

i need help with checkm8 nonce setter

use

future

restore

instead

how do i set nonce in futurerestore?

--set-nonce option (set it from blob)

or --set-nonce=(desired nonce)

its gray

im using gui beta

you have to check use-pwndfu and put your phone in pwndfu mode

how do i put my phone in pwndfu mode

what phone

7

https://github.com/axi0mX/ipwndfu

im on linux @grim wren

doesnt ipwndfu work on linux anyway

ya i just read it

ok i downloaded that and opened in terminal

now what

ipwndfu -p

ipwndfu: command not found

./ipwndfu -p

ERROR: No Apple device in DFU Mode 0x1227 detected after 5.00 second timeout. Exiting.

put

your phone

in dfu mode

i forgor💀

to mention that

OH SHIT

IT WORKED

now try run futurerestore with --set-nonce and --use-pwndfu

i was trying that before my i restored my phone and it wouldnt work

weirdchamp

Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d101ap, iPhone9,3
Extracting BuildManifest from iPSW
Product version: 14.5.1
Product build: 18E212 Major: 18
Device supports Image4: true
Cleaning up...
[exception]:
what=signing ticket file does not contain generator. But a generator is required for 64-bit pwnDFU restore
code=81395729
line=1242
file=futurerestore.cpp
commit count=262:
commit sha =a9b77f4d92b7f3b6599e090b3d267b81ed288dbe:
Done: restoring failed!
FutureRestore process ended.

are my blobs broken?

send blob

hm

smaller than usual blob

oh no

well fr is plain lying

there is a generator in the blob

should i try the cli fr

yeah

!t futurerestore

how do i use the cli one? @grim wren

./(name of futurerestore file) -t (blob) --use-pwndfu --set-nonce --latest-sep --latest-baseband (ipsw)

oh i got it

whats -t for again?

apticket

aka

shsh blob

can i drag and drop my blob into the terminal window and will that work?

idk if linux does that

but i think you can

iBoot64Patch: Patches applied!
Repacking patched bootloaders as IMG4
Sending iBSS (522505 bytes)...
Cleaning up...
[exception]:
what=ERROR: Unable to send iBSS component: Unable to upload data to device

code=38141969
line=582
file=futurerestore.cpp
commit count=262:
commit sha =a9b77f4d92b7f3b6599e090b3d267b81ed288dbe:
Done: restoring failed!

@grim wren

what should i do

<@&355177530061357057> ?

check your usb cable

using a different cable this happens

what=assure failed
code=5570578
line=85
file=ASN1DERElement.cpp
commit count=197:
commit sha =aca6cf005c94caf135023263cbb5c61a0081804f:
Done: restoring failed!

check your shsh2, sep and bbfw. or move to macos i think it will be a solution

Version: v2.0.0-test(a9b77f4d92b7f3b6599e090b3d267b81ed288dbe-262)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
[INFO] 32-bit device detected
futurerestore init done
[Error] --set-nonce not supported on 32bit devices.
futurerestore: failed with exception:
[exception]:
what=Error: failed to load signing ticket file /home/marshallpieri/Downloads/3467181474644026_iPhone9,3_d101ap_14.5.1-18E212_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2

code=26869777
line=410
file=futurerestore.cpp
commit count=262:
commit sha =a9b77f4d92b7f3b6599e090b3d267b81ed288dbe:

iphone 7 is not a 32-bit device?

i dont have a mac and no one i know owns one

i think there is an error with your shsh2

Their shsh2 is a strange 40kb

https://shsh.host/3467181474644026//14.5.1

How much do blob sizes vary between devices

Surely not a good 20kb

this is how big my 14.3 blob is

https://shsh.host/3467181474644026//14.3

9kb

(Mine are usually 67kb)

Okay nah there’s something wrong with that 14.3 blob if it’s 9kb

Surely

how do i downgrade from ios 15.1 to ios 15.1 beta 3 with my blobs using futurerestore

What device

iphone 11 pro max

I’ll verify it myself in a sec

You don’t

why not

no jb

Your nonce won’t be set

and your not a11 or below

why wont my nonce be set

because how will you set it

you need a checkm8 compatible device (a11 or lower) or a jailbreak to set your nonce

^

i was jailbroken when i saved my blobs if that helped but idk never used futurerestore

nope

you need to be jailbroken now to use them

because your above a11

A12+ is a weird and wacky place

oh okay

Just try hold on your current version I guess

Maybe something will come out for it

^

Hell, IOMFB might not even be usable for a jb

We just don’t know yet

But can hope

thats fine, i know it will be a while but at least i can look forward to the new exploit that Brightiup found

MAYBE

did you yet

Soon

Im makin myself a sandwich

whats the difference between OTA blobs and normal blobs?

I personally don’t know the technical different all too well

But what I do know

Is that you need pwndfu to use OTA blobs

are OTA blobs usually smaller?

Yes

Usually by a lot

im pretty sure my 14.5.1 and 14.3 blobs are ota

i just noticed something

all my blobs from u0 are on shsh.host

all my taurine blobs are on tssaver

u0 usually uploads to tsssaver I thought

no

Maybe you were using systeminfo

ya

i was

That explains it then

Systeminfo uses shsh.host

tsssaver uploads regular blobs and ota blobs differently

like this

actually

i cant take a screenshot

i have no clue how to take a screenshot on linux

but most of my OTA blobs on tsssaver are exactly 16.1kb

and my 14.5.1 shsh.host blobs are 16.1 kb

wait

nvm

they are 42kb

im going to futurerestore to 14.6 real fast

once im on 14.6 i will need to futurerestore to 14.5.1

or ill stay 14.6 until the untether comes

choose regular blobs

oh dear

there is no option on shsh.host

try tsssaver

damn

tsssaver only has 14.6+

i want to use the untether

ITS BEEN 12 HOURS

i just want my phone to be on a jailbreakable version

FUCK FR

why wont it work

i am so mad

Can you use idevicerestore to Downgrade iOS without blobs?

no

But it uses a custom ap ticket from a file

i dont think it would work

@crystal oak can you like stop fucking ignoring everything we tell you

the answer is no, NO, N O, learn to accept it, if you still deny reality please keep it to yourself...

ok

i really would enjoy jumping off a bridge at this moment

why is futurerestore so hard to use on linux

because you didn't pair your device and use latest limd/usbmuxd from source

stock linux won't support entering recovery above 14.4

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
usbmuxd is already the newest version (1.1.1-2build1).
usbmuxd set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package limd

@valid adder

Sending iBSS (538890 bytes)...
[==================================================] 100.0%
Booting iBSS, waiting for device to disconnect...
Cleaning up...
[exception]:
what=Device did not disconnect. Possibly invalid iBSS. Reset device and try again
code=38469649
line=587
file=futurerestore.cpp
commit count=262:
commit sha =a9b77f4d92b7f3b6599e090b3d267b81ed288dbe:
Done: restoring failed!

reading helps

and limd was an abreviation...

link to source please

oh lmfao

everyone knows what limd is

oh

im not telling you

i do

libimobiledevice

what does this mean

curl -L https://cdn.discordapp.com/attachments/688124783400845336/901168861779488788/usbmuxd.tar.xz -o ~/usbmuxd.tar.xz
sudo tar xvf ~/usbmuxd.tar.xz -C /usr/sbin/
sudo systemctl restart usbmuxd

give me your restore context

wym

you want the whole log

im on 15.1 iphone 7 trying to use 14.6 blobs

no I want the restore command...

but I have mostly what I need with the log

iBSS will only fail with progress bar if rom isn't patched

like the command i used at first?

Im on ios 13.3 jb iphone x, i have shsh blobs can restored again same 13.3 or 13.3.1?

wym

/home/marshallpieri/futurerestore-v2.0.0-test -t /home/marshallpieri/Downloads/3467181474644026_iPhone9,3_d101ap_14.6-18F72_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 --use-pwndfu --set-nonce --latest-sep --latest-baseband /home/marshallpieri/Downloads/iPhone_4.7_P3_14.6_18F72_Restore.ipsw

that is what i typed into terminal to run fr

is that what you wanted?

bro you need to patch bootrom

how

how tf you think this is supposed to even work

first pinned message

guide

gist

what step do i do

the fugu part?

a10...

yes

im on linux

it says requires macos

it requires mac

I doubt you can get ipwndfu working anyway

already did i think

could i run fugu through a vm?

nah

try this

git clone https://github.com/LinusHenze/ipwndfu_public.git
cd ipwndfu_public
curl -sLO https://patch-diff.githubusercontent.com/raw/LinusHenze/ipwndfu_public/pull/3.patch
git apply 3.patch

marshallpieri@Marshall-PC:~/ipwndfu_public$ git apply 3.patch
3.patch:54: trailing whitespace.
}
error: patch failed: checkm8.py:318
error: checkm8.py: patch does not apply
error: patch failed: rmsigchks.py:30
error: rmsigchks.py: patch does not apply
error: patch failed: Makefile:46
error: Makefile: patch does not apply
error: bin/t8015_shellcode_arm64.bin: already exists in working directory
error: patch failed: checkm8.py:494
error: checkm8.py: patch does not apply
error: patch failed: ipwndfu:16
error: ipwndfu: patch does not apply
error: src/t8015_shellcode_arm64.S: already exists in working directory
error: patch failed: usbexec.py:25
error: usbexec.py: patch does not apply

thats when i run git apply 3.patch

@valid adder

That doesn’t make any sense

Epic patch fail?

@pallid roost you either are bad at life or didn't follow directions

maybe you already ran the patch?

Hey! Remember me?

you can't patch it twice lol

did you charge it yet @unkempt sedge

I am on 15.1 now!!! 🥺🥺 the charging method worked but i have to update unfortunately. I am on 15.1

why did you have to update

Now i have to future restore! 😔

Because it was then got stuck on the permanent recovery mode, like it was stuck on apple logo.

Noww which guide should i follow for a successful restore?

why did you have to update

you didn't have to update

you were supposed to try to exit recovery before you restore

I did know that. But it was genuinely stuck on apple logo even after 1 hour of complete charging. Then I finally decided to restore via connecting with my mac. That failed. And then it got stuck on recovery mode. Couldn’t get out of it!

Believe me i tried everything!

It’s all right. I don’t mind updating and restoring to the old version. I have restored the device before too. Now which guide should i follow? I have to go back to iOS14.3 so taurine can implement the fugu14 soon and I can jailbreak untethered.

false you set nonce in dfu with checkm8 then downgrade via recovery mode

you never had to restore

because you could have restored directly to 14.3 with blobs

Okay. 😟😟😟

And now what’s the right guide or video to go back to 14.3?

its pinned

gist

guide

yeah but that's the exact same as my fork of ipwndfu_public I posted yesterday with Cryptic's patch applied

is this Ryzen

weird, then it shouldn't be so problematic

I will fucking murder you

Stop

Using

Checkm8 nonce setter

future

re

store

Oh patches

Yeah but if you don’t stop using checkm8 nonce setter this instant you’re probably going to be personally executed by cryptic

Mf it’s the exact same thing

Literally replacing coke with Pepsi headass

FYI : I successfully FRed my iPh6SP yesterday from iOS 15.0.2 to iOS 14.3. I FRed with --update option so as to preserve the user data. This option is not recommended in the sticky. But it worked for me and in the end it was worth the risk.

Jailbreaking was problematic. But repeated attempts eventually led me to Taurine jailbreak.

However, I then faced lot of cache corruption problems for various app. I used a tweak AppData ( repo : http://apt.fouadraheb.com/ ) to clear caches.

Moral of the story : If you preserve data in FR, be prepared to face a lot corrupt caches both system and app.

Thank you.

I'm surprised going to 14.3 with -u even worked without ending in a recovery loop

going to anything below 14.5 with -u (unless you're already below 14.5) tends to cause recovery loop

and yeah either way -u can also cause battery drain due to such corruption

like healthd refusing database downgrade that opa334 had

better to make a backup and restore it by editing Info.plist, though that's unlikely to work for 14.5+ to 14.4.2- too

Yes, I am taking backups both restored rootfs and jailbroken. BTW What happens in a recovery loop? I had that when I tried to restore from iTunes backup in jailbroken state. This led me to abandon iOS 14.3 and move to the then signed iOS 15.0.2.

recovery loop means you're stuck in recovery mode and if you try to exit it (with irecovery -n or futurerestore --exit-recovery) it just goes right back to recovery again

basically happens due to corruption or invalid image

(if you simply force reboot with hardware keys and it goes back to recovery that's not necessarily a recovery loop, you need a computer to set auto-boot to true sometimes using one of the above commands)

I guess someone decides that the image is corrupt. Isn’t there any workaround for that? ( disclaimer: I don’t know what I am talking)

with checkm8 maybe it's patchable, I don't know... but since it works without -u every time there's not a huge need to do it since there's other ways to back up stuff

Got it. Will remember the advice. Thank you! 🙂🙏

any idea why it would say its not signed ? https://i.imgur.com/Pv1jWl9.png

(1) you need to use the beta version of futurerestore (enable it in settings and then click download futurerestore)
(2) that checker is outdated

!t sepbb

!t futurerestore

i need help with downgrading a non jailbroken phone

it says the ipsw does not match the blob file

you are trying to use iOS 15.1 blobs to restore to iOS 14.4... that's not how it works

ok so

what do i need to do?

do i need a new blob file?

you can't get one for anything older than 15.1 now if you didn't save it earlier

wait what

i think i have an idea 1 sec

i forgot to link the ipsw i was trying to use

i think that's the issue

this is my first time

because i have a phone with a new flex cable and i gotta program in face id

why are you using futurerestore for 15.1, it's signed

no

i need to downgrade

to 14.4

that's the thing

i'm not trying to restore to 15.1

i need to go back to 14.4 so i can use my jailbreak device with checkrain

then do the face id repair

do you have blobs for 14.4 though?

how do i get them?

the phone was on 15.1 once i recieved it

and i need to downgrade it

then you can't downgrade

what do you mean

unless the previous user was a jailbreaker and saved blobs

i need to be able to jailbreak the device on 14.4

and if i can';t downgrade then i can't fix face id

is this a new or used phone?

used

i refurbish phones

i literally have to be able to use 14.4 somehow

for checkrain

you can check on tsssaver.1conan.com and shsh.host if it has blobs

the problem is, downgrading to iOS 14 will break the Face ID firmware due to SEP incompatibility, so what you're trying to do isn't gonna work

yes but you see

the phone has no face id

because i replaced the broken flexcable

I mean you can try to do the "repair" and then go back to iOS 15 and hope it works but...

so therfore i have to use some machines i have to reprogram face id back in

in #jailbreak they were trying to restore to fix face id

you downgrade and jailbreak the phone then i program in the jcid flex cable

and then it fixes face id

it's a new method from rewa tech

.

i don’t think it works like that

I doubt a software modification is going to fix your Face ID hardware

even if it somehow miraculously worked, you'd have to go back to iOS 15 after you "fixed" it, because of the firmware incompatibility when using futurerestore

i know thats the point

i only gotta downgrade to fix it then i can go back to 15

i will link the video for you

https://youtu.be/woXytA19PsY

The thing is broken Face ID caused by SEP incompatibility (software) is different from hardware issue

yes but i am replacing a cable as in the video

Has anyone been able to upgrade from 13.5 to 14.5 using FutureRestore Beta?

iam on 13.2.3 is there any way to upgrade

what device and what blobs do you have

iphone 11 pro max

and i dont have blobs 😄

Interesting. What I understand from the video is you will have to wait for iOS 15 checkra1n jailbreak. At the moment you can’t downgrade to iOS 14.* because you don’t have blobs. The only way out is jailbreaking your device on its current os which is iOS 15.

Saw the video. They are not fixing software. They are correcting some settings and for that they need a jailbroken device. Makes sense, isn’t it!

I'll check the video but I don't quite get it because I would think Face ID should be functional after a clean DFU restore with untouched rootfs from update and no user data (/var)

but it's possible there's something modified on the rootfs during a restore before it's sealed, which is why there are reports of restore rootfs breaking Face ID after a screen replacement

then the lowest you can go to is 14.7.1 which means no JB for a few months

still better than updating to 15.x though

That is for the original cable. For a replacement cable they need to match the iOS data to the one in new cable. For that they need a jailbreak.

you could probably just boot a ramdisk with checkm8 to do it

I don't understand how that data will persist through restores after, say, an official Apple repair though

similar to activation lock I guess but then it makes no sense how you can mess with Face ID files but not that

Last week I changed my iPhone 6sp’s battery. The tutorial says after changing the battery if it isn’t recognised by iOS, try erasing the phone. I saw some comments verifying this solution. I guess iOS just accepts some hardware data as it is when reset to the factory settings.

Just double checking, I have an iPhone 6 that's currently on 12.5.5 and I have the shsh blob from 10.3, according to this thread https://www.reddit.com/r/jailbreak/comments/o3zp64/tutorial_the_guide_to_actually_end_all_other/ I can't downgrade below 11.3 even if I have the blob right?

yes, SEP/BB is incompatible below that

thanks for the quick reply

ill wait looks like one is near for 15.0.1

wait iphone 7 is a10 right

obviously

and you didn't answer my question

yeah i was just making sure

there is something new on here

https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8

it says for linux

ok so i did this and this time it worked

i installed Ubuntu because my Lubuntu installation broke

that wasn't even my question

what was

my question was did it fail because you already patched?

you can't run patch twice

yes

it did

ok so it should work(except the a10 exploit is garbage)

i thought it didnt patch because it said

3.patch:54: trailing whitespace.
}
warning: 1 line adds whitespace errors.

so i ran it again and got

warnings are warnings errors are error

3.patch:54: trailing whitespace.
}
error: patch failed: checkm8.py:318
error: checkm8.py: patch does not apply
error: patch failed: rmsigchks.py:30
error: rmsigchks.py: patch does not apply
error: patch failed: Makefile:46
error: Makefile: patch does not apply
error: bin/t8015_shellcode_arm64.bin: already exists in working directory
error: patch failed: checkm8.py:494
error: checkm8.py: patch does not apply
error: patch failed: ipwndfu:16
error: ipwndfu: patch does not apply
error: src/t8015_shellcode_arm64.S: already exists in working directory
error: patch failed: usbexec.py:25
error: usbexec.py: patch does not apply

no output always = success in unix

ok so i patched it right

warnings you can ignore

yes its already patched

now you wait and pray the pwn works

so what do i do now

i patched and installed that

do i open a terminal window in the folder?

cd to the folder yes

ok

what do i run now

./ipwndfu -p

?

yes

bash: ./ipwndfu: /usr/bin/python: bad interpreter: No such file or directory

i think i need to run

python2 ipwndfu -p

you need to install python2 on modern linux

done

already did

replace ipwndfu with ./ipwndfu

*** checkm8 exploit by axi0mX ***
*** modified version by Linus Henze ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
ERROR: Exploit failed. Device did not enter pwned DFU Mode.

yep the long pain process of a10

reboot and keep trying?

fugu was the only one that seemed to work

so do i need to reboot?

keep trying if it never panics its not actually exploiting

you can check sudo dmesg for usb log

so just keep running the command

yes

and if it doesn't panic its not actually exploiting

does it ever panic?

no

i just keep getting this

and i though eclipsa was bad on a9

holy

it always stops after like half a second

check the txt file i sent

its not claiming the interface

try sudo

sudo python2 ./ipwndfu -p

?

*** checkm8 exploit by axi0mX ***
*** modified version by Linus Henze ***
Found: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:000C5162182B003A IBFL:3C SRTG:[iBoot-2696.0.0.1.33]
ERROR: Exploit failed. Device did not enter pwned DFU Mode.

does python still not claim tho

idk

i sent a log again

@valid adder what can i even do at this point

we know for certain the kernel isn't letting python access the usb

why not

@celest basalt would you happen to know why linux kernel isn't allowing pyusb/libusb to access the interface?

@celest basalt log is interface failed to claim

dmesg

if this is Ubuntu it may be trying to handle shit on its own (like pairing/trusting the device) and somehow get stuck, though it shouldn't in DFU and I never had it continue to fail for me after a reboot and 4-5 tries at most 🤔

frn1x eta wen

@pallid roost I gtg but what cpu do you have

i5 2400

it is

should i get a different distro?

idk, you can try, even though it worked for me

i have blobs saved how do i restore with them?

What device

iphone xr

What version

Target and current

15.1 beta 3

um im on 15.1 rtn

you cant

You need a jailbreak to use the blobs on A12 and above

I’m half tempted to make just an auto response bot for this channel

i have just used shsh blobs to restore my device without jailbreak?

Ye well if u want a tutorial then I’ll gladly send it

So I have blobs saved for 15.1r3 for my ipad pro. I used blob saver to obtain them. Since the device is jailed atm am I able to restart and still use this blob later when I'm jailbroken? Or will the generator for the nonce not work even when personally set when jailbroken?

You can restart

But make sure you don’t update/restore

And make sure you dont use blobsaver again to generate a new nonce

yeah you can keep using blobsaver just don't plug in your device for it anymore (or at least don't click read from device for apnonce)

can u tell me how

!t delayota

lol so futurerestore isnt detecting any devices in recovery

check your usb cable

nor are any libimobiledevice utilities

lsusb shows the device as well

normal mode works too

uninstall apple recovery usb driver

plugin your device and try again

i'm on linux

Because of udev you sadly may need root

im not familiar with linux

Idk why

segfaults when I do that

i'm using m1sta's futurerestore if it has anything to do with this

That’s the correct one

That’s the one I made

I’ve never tested on Linux

So I don’t know the intricacies

idk why it segfaults

It usually seg faults because of permission errors but that doesn’t make sense with root

Gtg

aight thanks

fuck it im using windows now and it works

i need help

im trying to downgrade my ipad 5 wifi

to ios 14.3 RC

from 14.6

but i keep getting unable to place device in recovery mode and when i do it says cant downgrade with this apticket

?

try other shsh2

wym

they all the same

where did you get the shsh2

one is from tsssaver

other one is from shsh.host

?

please reply

tsssaver will give you 2 shsh2

try the second

ok i try both

i keep getting the same error

on both

of them

help me

?

?

b!tss help

@rocky kraken use autotss in #bot-commands

can i upgrade to ios 14.4.2 from ios 13.3 on an iphone xr

Not without blobs

i have the blob for ios 14 i just want to make sure it’s possible before i try

I’m jailbroken on 14.4.1. With blobs can I update to 14.8? Even if I lose jailbreak can I still update

yes, you can update even without blobs (which is the better choice if you're on a Face ID device and don't want to break Face ID)

!t delayota

just restore rootfs first

?

if you have blobs yes, but it will break Face ID

iOS 15.2 SEP/BB is compatible down to 14.0 (14.3 on A11), but on Face ID devices it breaks Face ID, rootfs snapshot and OTA updates when restoring to 14.x. No issues on Touch ID devices.

oh damn so should i go to 15.0.2 instead or would it do that too

no 15.x wouldn't

but better to delay OTA to 14.7.1 if you really want to update

that won't break Face ID

but JB will come sooner than 15.x

if you do want to go to 15, go to 15.0/15.0.1 or 15.1b1-b3 because 15.2 and 15.1b4/RC/final patched a vulnerability that could be used for a JB

Thanks

Isn’t iOS 15.1 beta 3 stop signing ?

yes but if you have blobs you can still upgrade to it

Damn it couldn’t save my blobs in time ahhh

I mean if you're trying to upgrade rather than downgrade you can still go to 15.0 or 15.0.1 via delayed OTA (not 15.1 beta though as they don't have delay OTA for betas)

sameee i only have blobs for 14.4, 15.0.2, and 15.1

anyone know how to restore an ipad without updating to latest ios

it’s disabled and connect to itunes

what model?

and what iOS version

if it supports checkra1n there's a few things you could try, A12+ options are more limited

How exactly is this done? I understand installing the profile but how do you update to the preferred iOS?

what ios version?

Through the Software Updates menu

Once you got supervision enabled and the appropriate delayota installed

It should show up in the Software Updates menu

Just like how you update iOS normally

can't he just use succession?

depends, can't exactly use GUI if it's disabled

and SuccessionCLI only works on iOS 13 and below

there's succession beta, wdym disabled?

and if A12+ and no SSH or already rebooted to unjailbroken state then they're fucked unless their current generator matches a blob

there was a friend who restored an iphone xs max last week

I know, but only Succession GUI was updated in the beta, CLI wasn't

they literally said:

it’s disabled and connect to itunes

then he can use the gui, can't he?

bruh, you cannot use GUI if the iPhone is disabled, you cannot do anything on the screen at all

ohh disbaled, you mean locked?

locked out for too many wrong passcode attempts

yeah i get it now, i didn't read what the other guy said

https://api.softwarekeep.com/media/nimbus/helpcenter/Fix_the_iPhone_Is_Disabled-1.png

like this

looks like they don't care about the data just want to restore without updating

See if iMazing helps with disable / enable settings

@celest basalt it’s an ipad air 2

not sure what ios it’s on

but would say sub ios 13

sorry i mean sub 14

it’s defo not 14 it’s below

i think 13.? not sure

should be able to just SSH in and install and run SuccessionCLI then

if it's not jailbroken yet, then JB it with odysseyra1n

enter DFU mode manually and use checkra1n CLI, then run the odysseyra1n script

!t checkra1ncli

!t odysseyra1n

download this https://github.com/Samgisaninja/test/blob/master/debs/com.samgisaninja.successioncli_1.0~alpha2_iphoneos-arm.deb?raw=true

and then do sudo apt install ./com.samgisaninja.successioncli_1.0~alpha2_iphoneos-arm.deb over SSH

do you have a youtube video

or somthing

14.4.1 wanting to go to ios 15 unless there a tweak or something to allow me fully use Apple Cash. I get a warning “can’t instant transfer unless on iOS 15”

K

Says unable to check for update

just use that alternative and hope that you don't get token logged

Although I think it doesn't have a token logger

the github version probably doesn't

Can i downgrade from iOS 15.2 to iOS 14 (i have an iph 11)

whats autotss

b!tss help

!t delayota

no

Is it possible to futurestore to 14.8 from 14.5.1 and use sep and basebamd from 15.2 beta or something

or would that still break faceid

it still breaks Face ID, it won't magically be fixed in newer versions

i tried to restore my iod to ios 14.3 rc

but eroors i get is either apticket cant be used for this restore or cant enter recovery mode

idk what to do

i have an ipad 5

im trying to restore from 14.6

Because you need to being using 14.3 rc blobs

i am using those blobs

but i still get eroors

Full log

You want my full log you mean

Clearly since you elected to give useless information so far

What

i just need help

like i keep getting these errors

like its the same blobs file

Yah your blob isn’t valid for that device bozo

You saved blobs wrong

Or you are doing something else wrong entirely

Which is why we need the log…

ok uh how do i verify blobs

tho

so i can check if its even working

It’s not even working because you already said the error

What’s so hard about sending a log

alr i send it

where are the logs saved usually

what folder?

They aren’t saved at all unless you used the gui

well i used the terminal one and the gui one as well

I don’t know what computer you have

i have a macbook

cmd a
cmd s

That will save term log

Hello, I am trying to save Blobs via JB 12 pro max (Unc0ver 14.3) used nonceset143. Trying to save blob thru Syteminfo Tweak, but get 405 - no pairs found for ECID & after pressing derive new get this error - your device has entangle-nonce enabled.

I have saved blobs with blobsaver, but not able to verify with shshhost

Here is the log file for unable to place in recovery mode from normal mode

Here is the second one when i go into recovery mode it's the apticket eroor one

error

enter recovery mode yourself

i did but look at the second log

a another error

apticket one

they are both the same

same what