#tvos-jailbreaks

Can I get the app by using that?

yes

Ahh

helping someone pirate..

This?

I’m not gonna pirate🤫

It costs?

it does

developer certificates aren't free

Is it the right site?

imagine owning an iphone 14 and apple tv 4k and yet pirating

Imagine paying

ironically; you already did

how do i update my apple tv 4k to tvos 16.1 not 17.1 (latest) ?

apple tv 3rd gen

recovery loop after blackbox

even after futurerestore --exit-recovery

I'm just gonna itunes restore

anyway I have this apple tv 4k that I got a while ago sealed

what do I have to do to make sure it doesn't update

when I open

didn't work

lol

which 4k is it?

dfu restore

how

lolxd

Spartan development is on hold until OCLP supports macOS 14.2 because of a stupid bug in 14.1b1

1st gen, not the newest one

is OCLP 1.2.0 broken with macOS 14.2?

At least for me yes

It hangs infinitely on a screen complaining about AppleKeyStore things

The font changes too, I think it fails to load WindowServer due to Metal stuff

You can’t get to 16.1

Any way you can sideload wirelessly without Apple configurator?

@keen vessel no afaik, sideloadly makes use of Apple configurator as well

if you are jailbroken, you can copy files over via ssh and install via appinst

Anyway to jailbreak an Apple TV 3rd gen on 7.9 without a mac or is it not possible?

Need mac

Ouch alright. Is it possible to do it via emulator or no? I’d run hackintosh but my pc sadly does not support it

You can try but I doubt it'll work

Alright thanks

No

Ok thanks

took me a million tries to get blackbox to work proeprly i found if you unplug the usb when it tells you its wiating for a reboot it works

Alright

It’s only because setting the Apple TV 2/3 in DFU mode requires a bit of waiting and unplugging at the right time

Howw dfu restore

How can i sideload to my Apple TV without cable or apple configurator? I have a registered UUID

I've written a change to blackb0x to disable the usb port after jailbreak, should avoid that recovery mode issue once I post it

hm, do you recommend updating or not? I’m on 14.7, but apps like disney plus wont work without me updating sadly

If you jailbroke it, you can install my tweak which allows you to use it without updating

It works now?

it always has

Well it doesnt have the first update nag but nothing will play

oh interesting, would i be able to upgrade the app without the firmware version check?

I got another TV HD that I'll be using for tvOS 13 testing

The tvOS 13 app interface is different enough now that I need a device for it

Should get here end of the week

It's now saying next Monday despite being a 3-hour drive from my house? I love the United States Postal Service

it arrived and it's on 14.7

has the tv 4k 13.4.8 ipsw been released?

@jaunty rune i dont know what to tell you... I tested Spartan on my HD on 14.7 and the top bar works just fine...

Some text and images are weirdly small so I'll be if #available some settings

but it works...

Newest rc

Tvos 14.2

Hmm

It works fine on 14.7 i'm not sure what to tell you

I have another idea maybe can try when I get home

No biggie either way. Thanks for trying

can you run macos on Apple TV

The new ones

No, only the TV 1

only the TV 1 is x86

!t whyjbtv

this list is old af but its a start

You know what I have an Apple TV I’m going to have to look into this more. Kinda has me curious now

i'll never understand this type of question, same reason you need jailbreak on an iphone

Well previously I haven’t seen a point to jailbreak it a tv is it already does everything you need it too but I guess these cool tweaks are worth it

I would argue the same about iphones tho

just because you personally don't see a point, others might

I completely agree. And now that I’ve seen this point I’m going to look into jailbreaking my damn Apple TV and fucking around with it

godspeed

Hello! Is there any beta jb compatible with tvOS 17.1 for the ATV HD 4?

I know I could be using tvOS 13.4.8 but I would like to use the newer features on tvos17

no

alright thanks

ahem newer feature being only facetime /s

tvOS 13 does need the older remote that they stopped shipping with newer ATV 4th gens.

yeah i know i have it though

also is there someone who can help me install an ipa on my apple tv? i already jailbroke it but idk how to directly install ipas

and i dont want to use resigning apps i want it to be permanent

What app?

Pop corn time

piracy

well what if it was another app

you should be able to via appinst via CLI

can you explain in more detail please?

you copy the ipa via scp onto the atv, connect via ssh and run appinst to install the ipa

alright thank you!

The 2nd gen (new design with Lightning) requires tvOS 14.5+ and the 3rd gen (new design with USB-C) requires tvOS 15.4+

well I’m trying to add a repo to nitoTV but every time I enter an url the app crashes and the repo isn’t added

the repo is to install the appinst tweak

oh wait nvm it seemed to work now

yea i had the same thing, no idea what fucked that up but you can add repos manually in /etc/apt/sources.list

and then it should work

nitoTV is completely fucked lately

I got it to work deleting all the repos I had and killing nitoTV but your method is better lmao

well I don’t know what I did wrong but the app doesn’t want to open

you do realize that installing and using such will prompt your isp to report a dmca complaint

depends where he lives

not in spain afaik

Is there a way to sideload apps to an Apple TV on the latest version

sideloadly

Applets 4K 2nd gen (14.7) requires a breakout with micro usb to lightning or USB-C ?

no, just the goldeneye cable

it works for 2nd gen 4k as well?

@jaunty rune Figured it out, it's a tvOS bug

apparently tvOS 14.1-14.4(?) has issues with sheets

Ok I fixed it

You have to attach the sheet to whatever button calls it? It also doesn't like @ViewBuilders.

Fun!

It also doesn't seem to like any sheet with an onDismiss section

What

what are you working on

https://github.com/WhitetailAni/Spartan/releases/tag/1.0.0RC6

This will fix some things for tvOS 14.1-14.4(?)

It also adds some nice speed improvements and the bug to which my nick is a reference to

neat

my tv is on tvOS 16 tho

Nice find. Ill give the new rc a go

you can disable the ents script and look at /Developer 👍

@uneven wraith everything works on the top bar, or at least they all do something now!

nice!

i just put sheets on various non-wrapper elements and tested them and they seemed to mostly work

let me know if you find something that doesnt

Found a few things. Just feedback not complaints btw.
Seems info, rename, open in, move/copy to, dont do anything. Move to trash and add to favorites work

Also in the select top bar the copy/paste and zip dont seem to work

In the create file menu, that and create directory arent working. Can create symbolic links though im a bit confused on what to do exactly

Hmmm

I can use fullScreenCovers, but those dont have a background and so it looks really bad

Plus that'd require a lot of if #available everywhere

hate this bug

Would I also need a DCSD cable to enter DFU?

you don't need to.

the second gen 4k cannot use checkra1n

Lol so then why did you mention the goldeneye cable? 14.7 did show up on a compatibility chart so I was confused by the contradictory information.

Because Goldeneye cable can be still used for sideloading but anything above 4K first gen can't be used for checkra1n since the processor is incompatible

Is it currently possible to jailbreak tvOS 17.1

not yet, but it's a work in progress

No

@uneven wraith sorry for the ping but i tried to install the spartan app on my Apple TV running 13.4.8 and it doesn’t open. I installed it downloading the .deb file from the GitHub repository and then installed it with dpkg -i. Is there something i am doing wrong?

There's a bug that causes it to crash on tvOS 13 right now. I don't know what it is as I don't have a TV on 13 :/

I'm trying to find an HD for a decent price so I can put it on 13.4.8

I did buy one for that purpose, but it came on 14.7 and as my TV 4k on 14.3 won't enter DFU (so I can't jailbreak it) I'm using it as my tvOS 14 test device

ohh well don’t worry, thanks for the answer though!

does anyone now how to use appsync unified on an Apple TV?

I believe it's on diatrus' repo

Earlier builds work fine (though they have some bugs), I believe everything pre-1.0RC4? Works fine

I am unsure when the problem started

yep but I don’t know how to use it

Just install apps with sideloadly

they'll work

it patches the codesign requirements

ohh so it’s that simple

thanks

anyone know what this means? ```Error installing '/Users/voids/Downloads/org.xbmc.kodi-tvos_20.2-tvos.ipa', ERROR: Error Domain=com.apple.dt.CoreDeviceError Code=3002 "Failed to install the app on the device." UserInfo={NSURL=file:///Users/voids/Downloads/org.xbmc.kodi-tvos_20.2-tvos.ipa, NSUnderlyingError=0x6000182709c0 {Error Domain=com.apple.dt.CoreDeviceError Code=3000 "The item at org.xbmc.kodi-tvos_20.2-tvos.ipa is not a valid bundle." UserInfo={NSURL=file:///Users/voids/Downloads/org.xbmc.kodi-tvos_20.2-tvos.ipa, NSLocalizedFailureReason=Failed to read the bundle., NSLocalizedDescription=The item at org.xbmc.kodi-tvos_20.2-tvos.ipa is not a valid bundle.}}, NSLocalizedDescription=Failed to install the app on the device.}
Domain: com.apple.dt.DVTCoreDevice
Code: -1
User Info: {
DVTErrorCreationDateKey = "2023-11-30 01:51:22 +0000";

It's not a valid ipa

Then, how should I convert the deb to an ipa?

I'm not sure it works that way

Then how can I install the deb on my Apple TV

Install it via dpkg

Or airdrop

How tho?

dpkg -i debfile

ssh

Is TV OS 17 jailbreakable on an Apple TV with USB C port?

from 2015

No, but downgradable

can i jailbreak it after the downgrade?

I don't get why you're doing it that way when nitoTV has kodi installed

Yes

Requires pc

which is the highest version?

Mac?

13.4.8 both mac or PC

Pc requires live booted Linux

which tool?

Checkn1x

But 13.4.8 is very outdated isn’t it?

It is but it's all you have for now

My Apple TV is running latest os

how do you downgrade it?

What Apple TV is it?

ITunes

Just download the ipsw

ah i see

but is it worth it?

Sure if you're desperate to jailbreak

Don't know what you plan to do

don’t even know whats possible on AppleTV haha

Lots of things are but the majority of folks will pirate by streaming movies and TV shows via kodi

It's unfortunate but true

okay i see

if i have some time, ill try it
thank you :D

Uh it’s a 32 gb one of the newer ones with the new remote

I'm guessing a 4K?

Yes

What’s the latest Apple TV device that can be jailbroken

Has an exploit for 17.1 been found?

for the ATV? probably just checkm8

any apple tv running 13.4.8

yes

What is the latest Apple TV that can run iOS 13

hd and 4k first gen

Ok

Sweet, I blocked updates on my Apple TV 4K 2nd gen

Does tvOS 16 beta profile work to block updates on tvOS 17.1?

I believe they're unsigned

No

It will just give you tvOS 17 beta updates

how can I block ota them

What I did is I booted an ssh ramdisk and told it to search for watchOS updates but can't easily do that on tv 4ks

@uneven wraith on spartan in the “create new symlink” page, whats the correct process?

Name of the symlink = the name of the symlink that will be created
Destination of the symlink = what the symlink will point to

Ah ok yah wording confused me but thats what i figured ok thanks

Yea sorry

Im working on info button stuff next

First im fixing compression

Nice! No rush. Thanks for the hard work as always

@uneven wraith just curious can the sorting of directories be changed? ie date/name? What is it set to btw, cant tell

It's currently alphabetical

Capital letters get priority over lowercase letters because that's how SwiftUI does it

Hmm must be another tvos14 thing

Its totally random

Wtf

I don't think I'm reading file date anywhere but I can add a sort option

I didnt even think about that

Again its no biggie i figured it was something with 14. But yah definitely not alphabetical or anything else seemingly ha

For me it sorts numbers, then punctuation, then capital letters, then lowercase letters

so .data takes precedence over Data

but Data is above data

@uneven wraith

Hmmm

That might be a bug actually

Thanks for letting me know

Yup. And got the symlinks working! Only prob is i cant access the ROMs directory above… which is where id be using the function the most hah

Crashes spartan

Also, Kirbistan?

Hmm... what's inside the folder?

I wonder what would be causing a crash

joke of the month

Ah

More directories with game files… including symlinks i made before

Hmm another folder does the same. They are both fairly large. Could that be it?

Possibly? Are you using the latest build?

The latest one has a caching feature for speed improvements but that build has a few issues that could be causing it

Yep latest build. And again no biggie just giving feedback

hello, does anyone know any tip how to fix on appletv 4k 1st generation, when at startup flashes fast diode and the screen does not show anything. Some de-brick device ? thx

you'll need the two cables

would love to know how it got to that

sounds like it's bricked

you can get a replacement unit by apple if you ask nicely even if you are out of warranty

not sure if they still do that though with all those new models in place

see this

goldeneye and dcsd ?

apple tv is out of warranty.

Yes

They don't.

You'll be forking over the first gen for the 3rd at 300 bucks

Magico OEM DCSD Cable or DCSD Alex HWTE Cable . thx

Do you mind dumping the folder into a zip or something so I can try and figure out what's causing it?

How did you end up bricking?

Reason for asking because your device is in a DFU state which could indicate hardware damage

Its 15G

Hmm

Its also closing my ssh connection when it crashes. Is that a thing?

It shouldn't

I was not having that issue

Yup think it pertains to this specific issue? Seems to crash whenever there is a large file present in the directory

Moved a 300mb file to a directory that was opening fine and now it crashes spartan

As well as closing the ssh connection

A crash log would help

@uneven wraith

Large files? I will investigate

I am thinking it's a bug with my caching system

Wait what

EXC_BREAKPOINT?

Did I accidentally enable a breakpoint somewhere

No

Ok, it seems to be crashing while trying to call some process

I'm guessing my root helper

That, or async stuff is breaking

Because the dying thread is thread 5 which is all libdispatch related

ok that should not be it

hmmm m

Does it crash when you click on the directory, or does it crash after it tries to show the directory

It crashes when clicking

It doesn't show the directory and then break?

However i put a large file in /var/ and it takes a second after going to a black screen to crash

So it's an updateFiles() issue

Thank you

But the original directories i tried crash instantly

Yeah, it's not an issue with displaying the loaded files

Something about the files is causing it to break

What are the differences in processors? Also would a goldeneye and DCSD cable combo help to place in DFU for forensic testing purposes?

well, the bootrom exploit in the jailbreaking sense

and sure, but there's no data on the apple tv

Is it a completely different chipset or what causes it not to be checkra1n compatible?

it's completely different in terms of exploitability since it's been patched in the later models

So it’s a hollow shell? Where is local storage then?

Ok hardware patch. Thanks for clarifying that point.

the local storage is on the same PCB, just another chip attached to the nand and the SOC

I’m interested in using device to look into this further. I never updated it not knowing it wasn’t compatible. The second chip should be able to be bypassed in some way.

Soc bypass is manageable

@ionic copper any NPU on that device?

the second gen 4K? bypassed in what sense?

there is

Device dependent but when I get forensic dumps I’ll have better idea how to proceed accordingly

I already got it in this condition from a friend.

I think it's hardware damage

How to jailbreak Apple TV 4K with tvOS 17?

You don't

Hi, is there a way to delayOTA a AppleTV 4k?

I cant find the tvOS jailbreaks

no

what apple tv do you have

A1625?

what tvos are you on?

you can downgrade it to 13.4.8 and jailbreak via checkra1n

Apple TV HD

I never checked but I’m on 17.1

I don’t know how it updated

Or when

you can't do anything on that firmware but luckily you can downgrade

you just need a computer and a usb-c cable

Oh

I can’t do anything on 17.1 but I can downgrade?

yes

Wait, you’re able to downgrade on tvOS?

That’s cool

yes

I hope you could on iPhone lol

iphone is more complex

but apple tv is easy

So which version should I downgrade to?

Yea…

That’s easy wow haha

#tvos-jailbreaks message

Question, everytime i “send it to sleep” I have to jailbreak again?

no

only when you reboot or unplug

sleep is just not active

jailbreak still works

How do you reboot? (To know what not to do)

either unplug or go to "restart" in settings

And there is some “guide” on how to do it or i have to find out how? Haha

Oh okok

Just curious, why 13.4.8 is it still being signed?

An error?

because it's a prerequisite to tvos 10

so if you have an apple tv on tvos 9

then you can get to 10.3.3 since that's still signed too

and from there, to 13.4.8

Oooh

it wouldn't make sense to get an old apple tv with tvos 9 or 12 and not be able to update it to the latest because 13 is unsigned

Of course

granted you could via a computer and the wire but folks don't know how and would rather just simply click "check for update" on the apple tv

Yea

but again, OTA updates would break since the latest wants 13 and you're on anything lower

Do you have any guide on how to do it?

Like the downgrade and jailbreak?

Or source where I can search?

any apps worth installing once JB? ive got nitoTV & kodi

Just use iTunes

Use ipsw.me to download 13.4.8

I’ll figure it out

Spartan

I'm not working on it much rn but it's not super broken afaik

If you build it from the current source it is though

When on 15.4.1?

etas0n

Would there be any reason why DelayOTA wouldn’t work on a ATV4K 1st Gen. I have a Goldeneye cable connecting my ATV4K to my MacBook, with Apple configurator app, I have followed the tutorials to ‘prepare’, and place in supervised mode, then install the delayota 90 day profile for tvOS. On the system settings it says the latest update is 17.0 (as expected - not 17.1!) but it fails every time. It’s currently on tvOS 16.6 but in the hope of trollstore possibly being ported to tvOS 17 I wanted to try and ship one of my 1st gen 4Ks to 17. Any advice I would appreciate!

Updating the 4K in hopes to use trollstore is the dumbest thing..

I know. I’ve got a fair few first gen’s 4Ks on various tvOS versions. I was just going to play devils advocate and just put one on 17.0 while the 90 day window was still open given some of the tvOS trollstore snippets released on twitter

it appears tvOS is just broken

i tried going from 13.4.8 -> 16.4 on my HD 4th gen, it also failed

i had to manually do some stuff in order to get it to work (not feasible for you, needs a jailbreak + needs special dev stuff)

i wonder if it has ever worked

I also have the DCSD cable and once upon a time had this particular ATV jailbroken. Looking through the failed 17.0 update logs on the ATV there seems to be a lot of flags referring to incorrect partition mounts and authentication errors. Happy to upload them here if they make any sense to anyone. Always happy to contrived. DCSD. Cable and goldeneye plug with 1st gen ATV4K

if you can upload the log it'll be helpful, but if it's the same issue i had there's nothing you can do about it

you don't need special dev stuff to update with blobs, just set the nonce and futurerestore

???

delayota doesn't work for apple tv

it is supposed to

their certificates are different

what?

I’ve got a HD on 17.2, what can I do?

notin

restore to 13.4.8, checkra1n

TrollStore on an Apple TV? Why?

@uneven wraith what tvOS are you on

14.3 (can't jb for some reason), 14.7, and 15.0

and also soon 14.5 maybe

Why

@subtle swan ?

was kinda wondering about tvos trollstore again

oh

but i'm on 16.5

i dont have anything

i don't think smith was in tvOS

so no kfd

smith?

exploit

oh

i just use appsync on my hd on 14.7

and palera1n kpf via pongoterm on my hd on 15.0

combined with WDBThreeAppLimit on 15.0 i get the effects of trollstore without having to go through it to install

understandable

you can install trollstore via sshrd

Giving Away my Car And more i have a lot of stuff IF YOU WANT SOME JUST DM ME

Ya? Even on tvOS? I’ve been trying to find info on if it’s possible but I’ve only ever seen mentions of iOS and iPadOS.

Hi I’m poor anyone got old stuff they don’t need please help

Hello ya’ll I’m new to this group and I’m not that good at jailbreak

What is the latest tvOS that can be jailbroken?

14.7

Dang tvOS jailbreaks really fell off

There’s not much use for one other than permasideloading. I never really saw anything that would tweak the UI, functionality, etc

Which is a mega bummer. I’ve always wished for a way to close all apps from multitasking, even if it’s a jb solution

Didnt look hard enough

That’s dope. I’ve literally never seen anything like that before

I'm so glad apple tv has no battery

what

r

the

effect

of jailbraiking

a apple tv

😭

indeed you can't

please delete

Ooh tvOS jailbreak

huh ?

Hello, does anyone have the firmware to restore appletv 4K A1842 ? Is there any other possibility to use the idevicerestore? Does anyone have any instructions ?

Uploading the firmware is piracy but you do need the cables to restore it or the breakout board installed

Also, why do you want to restore it?

ihave goldeneye and dcsd cable, itunes detect in DFU mode, but when i select ipsw show mwé not compatible for device. My device in fast blinking light

I think your device has hardware damage

Do you have an apple tv remote?

yes

siri remote

Try this, point the remote at the apple tv and hold down menu and tv buttons together until light rapidly flashes

Then release

If the light goes back to rapid flashing, it's hardware damage

ok i try it

remote unresponsive, but idevicerestore recognize. But i don't have restore ipsw. is there any instruction how to edit the ipsw ota ?

Your device has hardware damage

Restoring it via software will not fix

what devices are supported

for what?

tvos jailbreaks 💀

what apple tv/os do you have?

4k first gen and third gen

both tvos 17

no jailbreak

first gen will be jailbreakable soon though

ok

I had to update my ATV4K to use Infuse

Managed to snag a A2843 from FB marketplace on 16.5 😁 (I need 16.5 for the matter thread 1.3 support). Apparently the dude has like 40 more for sale on various versions from 16.0 to 16.5. Might pick up a few more before 16.5 becomes impossible to find and just hold onto them until something becomes available.

I'd hold off on updating. You can't do anything yet in terms of jailbreaking or exploiting but it's nice to have

Ya, the one I have im afraid to leave on because it keeps prompting to update, and I can’t figure out how to block it. I unplug it when I’m not using it because I’m afraid it’s gonna update.

you could install a profile to it, then turn off beta updates

Which profile would I need? I was searching Google for a profile to block tvOS updates but couldn’t find much. All I got was tutorials on how to block iOS updates with the tvOS profile lol.

I don't even think you can block 'em nowadays seeing as they're all mainly expired

best to disconnect entirely from the internet

why Apple isn't sued for enforcing unwanted updates is beyond me

Ah. Yeah, I’ll just keep it unplugged for now I guess when I’m not using it.

?

idkk

PSA

The Apple TV 4K 3rd gen (model number A2843) does *NOT* have a connection in the ethernet port unlike the first and second gen Apple TV 4K devices. Therefore purchasing the Goldeneye cable for this particular device will be useless.

Are any of these firmwares jailbreakable? I have 13.4.8 installed on my Apple TV right now

13.4.8 is jailbreakable

I have no macs but an AppleTV 3. Is there any way to jailbreak?

I've tried https://etasonatv.tihmstar.net/ but it seems it's not working, also relies on services we have no control

whats that

A website for installing fake jailbreaks disguised as an app

No

maybe the EU will hit apple about that too lmao

not only that but a user should be allowed to choose to downgrade, even if you require a secure wipe to enforce security

it's pretty much a case of "give us freedom for something we don't technically fully own" versus "In order to use our services you must abide by our rules and if we say you need to update, so be it"

sure give it out free then

don't sell me something that I can't own

like sony with selling movies then revoking access

imagine owning anything this day and age and having the freedom to repair it without hassle

like my 2000 civic

❤️

i do love the common misconception of buying a movie.. "oh, it's mine" no, you rented it.

you bought the privilege to use it for your personal use

until the disc breaks then "sorry you broke it buy another"

or want to watch it on a different platform/device

"but i just copy them in case.." "Sorry, here's some DRM to prevent you from potentially giving it to other people"

and a law that will destroy your life if you try

can't forget that

nah, half a million fine

they don't lock up anymore

i need your couch coins then cause mine is bare

I'm sure a part time job on minimum wage will pay the fine in 45 years

..after expenses

sure if someone is covering all your expenses

so we're back at life-destroying

i do feel bad for the elderly gent paying nintendo for modifying their console to sell piracy

🙂

with this in mind, totally unjust what he did but what we do is primarily justifiable

paying a big fine isn't really life-destroying, what is; is getting convicted, locked up and wasting time then being released on a tight leash with a criminal record with extremely limited resources

apparently misaka supports apple tv now as well: https://twitter.com/straight_tamago/status/1742449374813388837

Only for first gen 4k on tvOS 16.5

can we pin stuff like this?

It's already pinned #announcements message

Well, that’s oddly specific lmao

because only the 4k has kfd offsets for that version

Ah. So the only thing to support other versions is the offsets?

yes

Dang. I’m too stupid to find those 😞

i'd get them but i'm running into errors with obtiaining offsets

i tried to consult with the devs, but no answers

The Apple TV second and third generation don’t even have OTA updates for download either 😫

could they even be found for those?

they do

Oh. I was just looking on IPSW me

but you can't install them

even if an ipsw was made, no way to install them

Well, I meant to find the offsets. You can use the OTA updates to find the offsets in IDA, right?

Or do you need a whole IPSW

no, you need to run the exploit using a patched version of liboffsetfinder64

Oh ok

I should get a Mac…

from there you run that on the kernel cache

I feel useless I want to contribute

and it'll display the kernel pointers for the exploit

they're very specific and there's over 20 of them

so just guessing will result in failure or kernel panic

Oh so that’s how they are doing it. I remember reading a tweet that all the offsets had to be found manually lol

they do

you manually execute the lib that searches and outputs them

you need to do it for every version for every device

because the exploit isn't universal

universal meaning one or multiple attempts for x version on x device

i meant inside this channel

Do you have to be jailbroken already in order to run the offset finder? Or can it just be sideloaded?

the offsetfinder is run via mac/linux

oh ok I thought it had to be run on the Apple TV lol

This is all very interesting but I feel dumb I want to learn how to do this.

But why. I have 4k gen 1 16.6 😢

Because there’s no kfd offsets for 16.6

So with offsetfinder i can provide them? My appltv is linked in xcode for sideloading.

Not exactly. I believe there’s some patching required

Finding offsets has nothing to do with sideloading

Yeah i know. I just mentioned it to show my device is connected with Xcode

Dang, i thought tvOS jailbreak was dead and never bothered to block updates lol

Trollstore would be nice 🙂 sick of Yt ads

Same. YouTube Adblock and MAME 😁

Xcode Sideloaded apps on appletv have the same 7 day limit ?

yes

unless you have a dev account

No dev account.

then yes 7 days 3 app limit

There was hope for trollstore 1
https://www.reddit.com/r/jailbreak/comments/x7yrd0/news_trollstore_on_tvos/

its still being worked on

You can sideload other YouTube clients for tvOS.

There's one that has no ads

Hi,
I wanted to jailbreak my appletv with EtasonATV. You needed to go to the trailers app, but apple shut it down. Did tihmstar ever share the source code? Only found this: https://github.com/OpenSourceJailbreaks/Etason-jb

What Apple TV is it?

Appletv 3,1

I tried Blackb0x, but it didn't work.

@trim wagon
I have 4 first gen 4k's sitting on 16.5. Nice to hear some developments are in progress. Can we install Trollstore using Misaka as on iOS? Or, is it better to wait for a full jb?

you can install it

etasonatv won't work

blackb0x requires Arduino to pwn for your device

@ionic copper
If I can turn off the darn update nag I'd be on it.

you can

with Misaka? ok, now I'm interested

I have an iPhone 12 on 16.3.1 and I installed the tvOS profile to stop the nags while I wait for the jb to land. Would like to do it on apple tv too

EDIT: According to this report Misaka works only up to 16.1.1 devices for now
https://www.idownloadblog.com/2024/01/03/misaka-apple-tv-support/

works on appletv6,2 16.5

i have no idea my man

does trollstore even work on tvOS?

friendly reminder my 14.5 atv4k1 is jailbroken and I can't do jackshit on it cause half of the packages on it are broken

it does.

what's the error? i can probably help fix

appinst as mentioned previously

you might remember me bringing it up several times here and in nito's channel

you don't need it though

as long as you sideload it and jailbreak, it'll work forever

like i said, either dumping the app doesn't work properly

or the installation

am I supposed to sideload ipas that I dump, why do I have to do that if I'm jailbroken tho

what apps are you talking about?

any

i tried stock youtube for example

@ionic copper
So does this mean that if we get a jb we can permasign the jb IPA as on iOS?

TrollStore does it for you

Great, just hoping they release a tvOS jb tool alongside the iOS one that is coming

Issue with that is, many apps have detection

Best to not have a jailbreak

Ok thanks

@uneven wraith what happens if i replace a daemon on tvos 16 and then boot stock

the file?

no ssv, so the daemon will just crash right

yea

once you rename snapshot it should just crash yea unless you've CT2'd it

i dont have any tvos 16 devices to test so there may be ssv on 16? but it definitely is not on 15

oh, tvos still does snapshot booting? woe

yeah it got snapshot at same time as ios

but you can just rename it

trying to figure out how to get a CTv2 binary to run

tvos 15 doesnt care

4k 2nd gen so no jailbreak

oh

apparently there's no removable system apps on tvos

correct

with mdc i have to overwrite something that hasn't been launched

so i guess podcasts

install the twitter app

it has to be a system app

oh

otherwise <whatever>board will verify it right

idk i dont do much with that

hmpf

i just boot my palera1n kpf, run WDBRemoveThreeAppLimit, and watch installd be unable to complain about the horrible things I do

ok well i guess i am going to have to write an mdc thing

There's no ssv on tvOS

🙄

It's already done in misaka

is tvOS 16.6 on 4k gen 1 a possible candidate for misaka in the future?

I think they said they’re stopping development of misaka unfortunately and moving to something else 😦

yes

is it possible to get kodi with misaka

Yes

cool just checked and my tv is on 16.6 anyway lol

is downgrading still not recommended

what apple tv is it?

4k 1st gen

i did buy the goldeneye cable

i wouldn't downgrade. You'll be stuck on the latest

okay

its sucks they dont share ipsws really dumb

you think that sucks.. the third gen 4k doesn't have goldeneye connector

so buying the cable for that is useless

can apple store not even unbrick those then lol

they can but they do it via OTA

It’s the same situation with the first gen HomePod. Apparently they had a habit of bricking themselves during an OS update, so there’s tons of people out there with HomePods that are unable to be restored, because there is no IPSW anywhere 😐

building an ipsw to restore such is possible

There is a guy out there that runs a HomePod repair business, and he has over 50 logic boards from HomePods that are bricked. He’s been trying for like 2 years to unbrick them and even has a bounty up for anyone who can build a working IPSW to restore them with, even with Checkm8. They don’t have a bootable IPSW. It’s pretty bullshit.

as possible as it was with the apple tv 4k

and since it's the first gen, it has checkm8 so restoring is entirely possible

you'd just need the ota zip (the largest one) and extract the pom files

from there, re-build the kernel cache, trust, ibss, llb, etc

make the buildmanifest, zip it together, then send it in via idevicerestore using patched method

If you do that, do you have to tether boot all the time? Or could you restore that IPSW and then do an OTA update to get the official firmware reinstalled?

tetherbooting won't be required since you're building such firmware for a currently signed OS

you'd just need the blobs

then patch them in

the ipsw would be the latest firmware

Damn, that’s cool

Jonathan Levin built a tool for extracting OTA files

with them extracted, an ipsw can be built

and with checkm8, completely restored back to factory

Wow

you'd just have to modify the ipsw to add filler files

Well, if you’re interested in getting a free HomePod, this guy is offering one to anyone who can build an IPSW lmao

you would need the usb adapter too

which requires some solder

Apparently you can open up the bottom and solder directly onto the logic board. macOS will see it, but cannot restore it, because there is no firmware available

and since homepod takes from tvOS software, I'm very well familiarized by it 😉

indeed, but do they have such adapter included

or do we need to make one?

i could probably make an ipsw.. would be difficult to test if I don't have the unit

https://www.reddit.com/r/HomePod/comments/s3gmkp/i_got_usb_working_on_an_og_homepod_finder_even/

Check this out. He is even offering anyone who thinks they can fix it complete remote access to a PC with a working HomePod and a bricked HomePod connected do it

https://www.reddit.com/r/HomePod/comments/18sxazx/1st_generation_apple_homepod_a_look_back_at_2/

This is his most recent update, and they are still at it Trying to fix the HomePods 😞

How do we know this isn't hardware damage?

They don’t. As far as I can tell, they have no idea what is causing the brick. But pretty much all of them died during a firmware update.

So they think it’s software

There’s gotta be a way to like Console into it or something and get an output of the boot log and see where it is failing

You can via SSH ramdisk

Again, needs an ipsw

What I'd do, is make a ramdisk, install it then just overwrite the files

If the person wants to join discord here.. I can guide them

Since the homepod first gen has the same processor as the apple TV HD, I have about 90% of the software needed to get in to it and view it's filesystem

Hmm let me see if I can get him to join

Honestly, I’m surprised he’s not in here already if he does this kind of stuff lol

Im here

Are you Nic

frankly not 100%, still recovering from getting tboned at 40mph

Oh shit damn

I hope you are ok

walkin and talkin so meh. hope whatever was on her phone at the time was worth it

anyways,

Got this at the moment, not sure exactly how I ssh in to start

Have you ever tried to boot the SSH RAM disk with DFU mode?

no and that sounds pretty foreign to me, but Im willing to try whatever

https://github.com/verygenericname/SSHRD_Script

The SSH RAMdisk script is here, but not sure how you would configure it for a HomePod

But if you can get this to boot, then you should be able to access the file system and get a log of the boot process and where it’s failing

hmm

Zenzeq would know more. I’ve only ever done it on an iPhone.

Yeah, it won't work OOTB without some modification

I have the script etc that should work for that particular device, just need to get some time to decrypt the files etc

take your time, ty

Do you by chance have the ECID for the affected HomePod?

Apple Configurator/Xcode would tell you

Yes but I won’t have a chance to grab it for a while, I’ll @ you when I do in the HomePod channel

I don't think we have a homepod channel

Although technically homepod runs a version of tvOS, so this channel is still appropriate lol

Oh you're right, discord switcher was showing me a homepod channel from a different server

Also forgot I still had the terminal history when I was poking around with irecovery

ECID: 001E5DD900D080A6

@ionic copper

I don't suppose you know what OS the homepod is on?

No :( any way to get it?

Maybe via irecovery?

The iboot/xnu version might give some light to knowing what its on

Maybe even the forbidden blue shield app seeing as you can do DFU. It'll list everything

But that requires windows to run

I can dig windows up if needed nbd. Here's everything I got from irecovery when I connected earlier

::
::    Local boot, Board 0x38 (b238aap)/Rev 0xa
::
::    BUILD_TAG: iBoot-5540.120.17
::
::    BUILD_STYLE: RELEASE
::
::    USB_SERIAL_NUMBER: SDOM:01 CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:38 ECID:001E5DD900D080A6 IBFL:1D SRNM:[CC4VQ```

Looks like 13.4

That knowledge makes it easier

With that being said, we cab grab keys

Seems it's been in a bootloop for over 4 years

I'll give you some commands to type in later on to get the keys.

Meanwhile, you might need to install and download ipwndfu

I think gaster might work too? (Included inside SSHRD) but unsure

This would've been easier had keys been published but I guess no one cared enough to DFU a homepod and decrypt such

Are you saying it’s possible to get keys with different circumstances? Say, a sacrificial working HomePod? One in a particular OS? Just need DFU mode?

I am well armed

It's possible but to go to that extent is unnecessary

DFU is required but you'll need to be pwned

Which is easy, it's just tedious

@brazen niche I need the keys for the following kbags:

80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA

and

9B00F97F65CC8BEE1A68E813771BA42B17792EEEBAC9E7C7FEFF4448A27E612C3D53AE8FFFA87EDE18484DAC279071D4E5AEFBC8BD5FFA6533A25CC737124F351C3A610D37AB4FB3B8C9B3CA7D2E348793FE8D65ABD0174159388F455F6EFCE2

you can use ipwndfu -p to place the HomePod in pwnedDFU mode

Then, execute: ipwndfu --decrypt-gid=80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA

and

ipwndfu --decrypt-gid=9B00F97F65CC8BEE1A68E813771BA42B17792EEEBAC9E7C7FEFF4448A27E612C3D53AE8FFFA87EDE18484DAC279071D4E5AEFBC8BD5FFA6533A25CC737124F351C3A610D37AB4FB3B8C9B3CA7D2E348793FE8D65ABD0174159388F455F6EFCE2

You'll get some type of code. I need both.

after that, then we're like more than half-way to getting it fixed (hopefully)

@brazen niche I also have the entire filesystem for HomePod 13.4.5 extracted

so any files that were damaged during the update to cause bootloop could be replaced

Piping in to show my ignorance here, but given that 13.4.5 is a very old version at this point, would we be able to revive a HomePod on say, os 17.0 with these files?

possibly

depends what HomePod it is

The infinite bootloop currently affects 1st Gen HomePods, not the minis or the second gens as far as we know

Same ones Nic is working with now

what happened prior to the bootloop?

was it an update?

because there may be a way to revive it..

A bit of an unknown, we hear reports often that it happened during an update, but for other people it seems to be out of the blue. My money is on it being update related whether people realize it or not

Does the boot process write to a log anywhere? I would think you could look at the log file and see exactly what part it’s failing on

probably 17 causing issues

why apple continues to update old devices is beyond me

it does log and there's ways of finding it but where it's failing is probably due to sep

again why the homepod has sep in the first place much like the apple tv is beyond anyone other than thwarting downgrades

but the latest sep is compatible with 13.4

so with this in mind, downgrading a homepod back to 13.4 should be theoretically possible, that is if on-board blobs are obtained

I didn’t know you could just… do this, either

This issue spans all versions of HomePod software, it’s not new to 17

I thought all the files on the file system was signed specifically for your device and using Files from a different device wouldn’t work. Apparently I’ve been really misunderstanding how that works lmao

indeed, the update tends to run initial checks. As it checks it then makes a bill of materials

what I'm saying is; because it updates to the latest (17) then that's what conflics

they're not files from a different device

they're all from the same, just a lower version

because technically, if it's bootlooped during an update, it hasn't installed the files yet

it's just transfered over, so anything that's corrupt can be replaced

(in theory)

what would be wise is to try out an idea I have, but I need the keys from @brazen niche if/when they can get time to obtain them

I see, then yes that might be the culprit. It’s possible that it’s hardware too but there is no known hardware failure for this issue, and it seems an awful lot like software based on experience

it's because there's so much security that if you try to install anything BUT what's signed with apple, then it's a no-go. Something somewhere just didn't agree with the checks and it ended up aborting all together

what Apple should do, is add a recovery mode for their devices

so the device can download the OTA and extract it and proceed with updating if it fails

I'm going to say it was the SEP

I wonder if it’s possible to do a factory reset from the command line, like wipe the user partition like an iCloud erase does and then try to boot

because everytime I do a routine update, it does fail and it's usually because the SEP isn't agreeing without the prerequisites in place

like to get to 17 you need 15

but if you're on 13 you need to get to 15, but 15 isn't signed

so it fails

you can

just need a few things prior

Oh cool

i do know if it's the second gen or third gen homepods, then you're SOL

but first gens have a possibility

Ya cause no bootroom exploit 😞

not even that, no usb

and no software

I don’t think any of the HomePods have USB

you have to solder on the bottom of all of them

that's what i mean

to make a device without such port as a way of an emergeny

terrible engineering

Oh, you mean like you can’t even solder onto the logic board? That’s dumb af

it's like constructing a building without a water line or another exit door

no, i mean a native usb port

no soldering, just plug and play

they don't come on watches or homepods and apple tv's (4K) which is terrible

Eventually, they are going to remove the port from the phone

At that point, I feel like jailbreaking will be no more, as everyone will be too afraid of bootloop

damn Im stupid, what am I doing wrong?

zsh: ./ipwndfu: bad interpreter: /usr/bin/python: no such file or directory

There is a dongle for the HomePod that attaches to the diagnostic pins, but it was never released for consumers. @brazen niche has one

install python

ok figured, any particular version?

any

as long as it's installed

if you have it, you can do which python

it'll tell you where it is

then you can do sudo cp /location/of/python /usr/bin/

there is

https://github.com/el1ng/homepwn

the idea is there to make, all you need are just a set of pins on a 3d-printed board connected to usb cables

fml

I installed python

which python
python not found

Depending on how you installed it it may not show that way, did you use a package manager or native?

I downloaded the pkg installer from their site

Reboot?

gfdi

ok one minute

don't need to reboot

install it via homebrew

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

then brew install python

reboot didnt help anyways
ok time to install homebrew too I guess

homebrew is the best for that

going to have an anurysm

zsh: command not found: brew

easiest method: pip install ipwndfu

pip not found

brew fuckin installed just fine what is the deal

if you don't have pip: curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

python3 get-pip.py

Im going to have to wipe this computer after all this shit

holy shit we're moving forward

Homebrew is nice and contained usually, you can always uninstall just that

you didn't read

they should color that better, I'll accept 50% fault

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.12/bin/ipwndfu", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/ipwndfu/main.py", line 117, in main
    pwn(device, match_device=args.match_device)
  File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/ipwndfu/main.py", line 179, in pwn
    device = dfu.acquire_device(match=match_device)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/ipwndfu/dfu.py", line 40, in acquire_device
    for device in usb.core.find(
                  ^^^^^^^^^^^^^^
  File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages/usb/core.py", line 1309, in find
    raise NoBackendError('No backend available')
usb.core.NoBackendError: No backend available```

go in sshrd and look for gaster

Im sorry for my ineptness but...huh?

the sshrd folder you downloaded yesterday

Really my brain got rocked it's hard to think clearly. Thank you

Ok do I just ./sshrd.sh

no

find gaster in Darwin/

gaster -pwn

usb_timeout: 5
usb_abort_timeout_min: 0
Usage: env ./gaster options
env:
USB_TIMEOUT - USB timeout in ms
USB_ABORT_TIMEOUT_MIN - USB abort timeout minimum in ms
options:
reset - Reset DFU state
pwn - Put the device in pwned DFU mode
decrypt src dst - Decrypt file using GID0 AES key
decrypt_kbag kbag - Decrypt KBAG using GID0 AES key

Oh I see

is goin

whoops, no -

just gaster pwn

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227

homepod should be in dfu mode

ok sick so now I

if not, could be a usb issue

so then if you get you can run untrusted images

if done correctly

should it still be waiting at that by now?

if gaster is saying "REBOOT" "RESET"

then try rebooting homepod, reset in dfu mode

might need to power cycle the unit

why dont I just boot the thing upside down for dfu?

you could do that

🙃

hopefully gaster sees it and pwns it

oh shit gaster is gasterin

good

Found the USB handle.
Now you can boot untrusted images.

good

Yessurr

ok decrypt now?

gaster decrypt_kbag 80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA

hmm

usb_timeout: 5
usb_abort_timeout_min: 0```

yeah

power cycle, place back in dfu

then just type it as is

at least gaster works though

i think the way it works is it pwns and decrypts instead of pwn first, then decrypt

Sorry Im not clear what exactly I do next
boot it in dfu mode again
then just run the decrypt_kbag command?

yes

Im getting the same results as the last quote

try again

usb_timeout: 5
usb_abort_timeout_min: 0
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA
usb_timeout: 5
usb_abort_timeout_min: 0
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA
usb_timeout: 5
usb_abort_timeout_min: 0
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA
usb_timeout: 5
usb_abort_timeout_min: 0
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA
usb_timeout: 5
usb_abort_timeout_min: 0
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 80844783D569382B3EAC225C16480E1B15519C867EEE2B68E21D405F7AF3A934C1FE3469D36D8020D867E6C261823CE39B20F37DEB92D818474E868B5E0611DDC050D75BB43A72E9D9656DEA7F6A230D41B3B6A40A337C54EBDDA63FB5AA5ADA
usb_timeout: 5
usb_abort_timeout_min: 0
nic@Nics-MacBook-Pro Darwin % 

unplug usb, replug

hmm same so far

could be homepod in odd-ball state too

if still nothing, try

gaster decrypt_kbag 23134BBAA48F8EEC20565F31B87A8109440E624189591D32603C718BB27483CFD936857B9FBFF936D6E9EF2907C95FC6 843B854E32E249E22CF33ED3029D003DCCA70590F14066B3F5220D4DBA5F9A5DBF2B8210FBBBB60F0A041B77124649EC

or

gaster decrypt_kbag A6B04CA5452BDD31F3E6CF7114179AC53D0B65543B7E55D795B7A6F8BD3B158819845C285D3175C0D1246AFAB508D269 DFC385AAEEF2008EB469A23068DFC5C6C1B9B6DC6209D6E7E54CBFADE20687D0DDD21802014A26CDD123AC8592B41463

Ok got something new on this attempt

843B854E32E249E22CF33ED3029D003DCCA70590F14066B3F5220D4DBA5F9A5DBF2B8210FBBBB60F0A041B77124649EC
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: ED8EAA4BD9D8DCB1F6B283594AFC03CD, key: CC2382FB803CFD11EF00A238D037B74B7B0E1D26D1DB4FE3D07B1D99D54D71FC
zsh: command not found: 843B854E32E249E22CF33ED3029D003DCCA70590F14066B3F5220D4DBA5F9A5DBF2B8210FBBBB60F0A041B77124649EC```

BOOM!

Woo

so it's on 13.4.6

this command should also be it too #tvos-jailbreaks message

Im betting a lot of the bricked ones will be somehwere stuck between 13 and 14 since that's when most of the reports started

at least there's a way of knowing

DFC385AAEEF2008EB469A23068DFC5C6C1B9B6DC6209D6E7E54CBFADE20687D0DDD21802014A26CDD123AC8592B41463
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: DDE91F4891D8E670CCB0676D2153199B, key: 423464E66D5D664C012E3BF9554129E60A83CB700C9A08F71374B9FECEECAADB
zsh: command not found: DFC385AAEEF2008EB469A23068DFC5C6C1B9B6DC6209D6E7E54CBFADE20687D0DDD21802014A26CDD123AC8592B41463

cool, give me a sec

first decrypted homepod dfu file

oohhhhh buddy

for point of reference, this is what the encrypted version looks like

So that key allows you to decrypt the firmware OTA file? Cool

no

the key allows you to decrypt a file passed via dfu in order to upload as an unsigned image

this then allows you to get around signature checks

aka = install custom firmware

Ohhhh. Why doesn’t SSHRD have to do that for iPhones then? When I used it on my 6 I didn’t have to do any of this

Oh wait I get it now

https://theapplewiki.com/wiki/Firmware_Keys/13.x

People have already done it for the iPhone

apologies.. gotta try these keys

i got ibss, but not ibec

so it's ./gaster decrypt_kbag 23134BBAA48F8EEC20565F31B87A8109440E624189591D32603C718BB27483CFD936857B9FBFF936D6E9EF2907C95FC6843B854E32E249E22CF33ED3029D003DCCA70590F14066B3F5220D4DBA5F9A5DBF2B8210FBBBB60F0A041B77124649EC

and

./gaster decrypt_kbag A6B04CA5452BDD31F3E6CF7114179AC53D0B65543B7E55D795B7A6F8BD3B158819845C285D3175C0D1246AFAB508D269DFC385AAEEF2008EB469A23068DFC5C6C1B9B6DC6209D6E7E54CBFADE20687D0DDD21802014A26CDD123AC8592B41463

just want to make sure, i downloaded too many otas and got 'em mixed up

neither of those worked

oh sorry

first one