#tvos-jailbreaks

then hold down the options key and click restore

it's on the left side

i dont see it in finder is the problem

not sure why i tried two different cables

hold down menu and play/pause button on siri remote until light rapidly flashes

it rebooted but still nothing

let me try on my windows computer

this macbook is an antic

menu and play/pause button.. hold them both for 7 seconds

let me try that

i wonder if something is wrong with the usb-c port or something

its not finding anything

seems odd

might reset it

mayber it needs to be usb-c to usb-c

I wonder if it’s possible to do the same thing that Serotonin is doing on tvOS. If we just had TrollStore + tweak injection into springboard(?), that’s really all we would need for an Apple TV

Trollstore only would be amazing

except you'd need to do more modifying

seeing as tvOS doesn't have springboard

wait is this the latest apple tv 4k

if you can restore to tvos 13 then that's crazy

no

oh

not gunna happen

rip

i thought apple forgot to unsign ota like they did with 8.4.1

but nvm

Lmao this was just posted to my local marketplace. There goes yet another HomePod :/

the first ramdisk for homepod

which could potentially fix it

Sweet. Is it specific to that one HomePod right now or would it work on any HomePod

ipsw in progress

That’s amazing. I’ve been jailbreaking since the iPhone 3G and I’ve always heard that creating an IPSW from an OTA update is impossible.

I have so many questions but my brain is smoother than a chicken thigh 😞

In theory the right OTA has enough to make a full restore

Not the small ones that are made to go from specific version to specific version

Look at sizes on ipsw me

And if you have keys to load unsigned firmware, boom

Yeah, but if you’re loading unsigned firmware like that, doesn’t that mean even if you restore it, you will have to tether boot it every time it reboots

Maybe, but also maybe if you load a slightly older OS you can properly update it to a signed release

I’m just guessing I don’t really know

That was my original idea was to load an older OS and then do an OTA update to a signed version, but I don’t think that would work.

What's sad is Apple has (or knows who has) the ipsws yet, they won't release them for emergencies.

Because if you think about it, during assembly; they'd have to flash the initial software in order to install anything...

or it'll just be a cool-looking shiny and blinking toy

but the volume buttons issue is coherent to the Apple TV's LED light (seeing as there's only one actual light present on Apple TVs) and with the homepods volume buttons slowly blinking is consistent with Apple TV's LED slowly blinking during bootloops

Has anyone successfully fixed an Apple TV with that problem?

Or are those in the same situation as the HomePods and there’s no fix

AFAIK you can restore an Apple TV via DFU and a Mac, unless there’s some hard brick loop I don’t know about

The HomePod issue is (until soon, maybe) permanent

yes, if they have checkm8 processors (hd and 4k 1st gen)

other ones like 2nd gen and 3rd gen 4k's, once bootlooped - dead forever unless Apple restores it OTA

hd doesn't require checkm8 cause of public ipsws

but 4k does

So the only thing that makes this possible is because of Checkm8. That makes sense then.

but to downgrade to unsigned firmwares like 14.x/15.x/16.x then checkm8 and blobs are required

(for HD)

But what about this? Since the IPSW you are building isn’t signed, it doesn’t boot normally, right?

I'm building 17.2 ipsw (which is the latest and signed)

because granted you fix the homepods on 13/14/15 and end up bootlooping (from updating assumingly), then it's back to square one

makes no sense other than build from the latest and do a full facotry reset

So once 17.2 is no longer signed, you will have to create a new IPSW?

one could use the ramdisk to grab the on-board blobs and re-restore to its current version but it might bootloop again attempting to auto-update

indeed, but they shouldn't be too difficult to make.. that is, if Apple doesn't add more security

That’s where I’m lost. How are you reconstructing a full 17.2 signed IPSW from only a partial OTA file. Are you taking files from older versions?

no, the OTAs have compressed payload files. I'm simply extracting them to find the RestoreOS, patching the files to make it a pwned restore, then signing it with the latest blob. This should allow idevicerestore to unzip the ipsw and upload the ramdisk then send in the filesystem

and with ibec/ibss decrypted with signature checks disabled, this allows checkm8 to pass the restore via pwnDFU

issue I'm seeing is that the ibec/ibss are for tvOS 13.4.6.. so I don't know if this'll actually work to pass over a 17 restore

theoretically; after the pwned restore is complete, the user can then simply reset all content and settings and that'll re-download/reinstall the OTA correctly

thankfully no SSV on the homepod 😛

Damn, that’s cool. I understood… most of it lol. I’ll have to read up on this RestoreOS thing.

I should say RecoveryOS which is like software purgatory

Apple assumed HomePods would be far less easily stolen / lost so they laxed the security lol

Wonder if that’s changed in the 2nd gen

nobody ever steals a large cylinder

I need to get a second 2nd gen and do a Hugh Jeffry’s swap it all

I mean it’s scary how much you can decrypt and see on a HomePod that wasn’t wiped. Mind boggling. Users are totally unaware of it too. And what if it breaks itself and you can’t restore it?? You are hosed unless you physically destroy it

https://blog.elcomsoft.com/2023/03/homepod-forensics-i-pwning-the-homepod/

@ionic copper if you haven’t read that trail of blog posts yet you might find something enlightening idk

He gets user files off and decrypted

the checkm8 exploit, pull and decrypt the keychain and extract the file system image. Did I mention you’ll need a Mac to run it? literall what we did with the keys 😛

Yep! Was hoping maybe we overlooked something

I mean; this is great granted you want to preserve user data, but the user data is corrupt thanks to the file system being half-installed

this does work with said ramdisk... but your mac isn't recognizing it 😛

I am unlucky :( “malfunction magnet”

malfunction magnet on what

unless that's another term for paperweight

what i'd do is boot up high sierra on the intel mac and retry

It’s just a quote from Will Smith in the movie iRobot only like one of the best movies ever

what i could try is...

remaking the ssh ramdisk with an imitation ipsw

so then it compiles and signs properly

Up to you. I’m breaking out the beast now

Hello sexy

Long time no touch

god I was about to question everything I just read until the MacBook photo appeared

2017 model

Ohhhh no no no

This is a 2011

King daddy top of the line beefiest 17 inch you could ever get

Come on baby boot up

gpu failure:

Nah this one is a rare working specimen

you know true apple fans when they talk to their machines like their side chicks

I ONLY turn it on when needed

And have a script disabling the dedi just in case :’)

oh no, it's not your pc, it's the ramdisk

i just tried to boot up an apple tv with 14's ibec/ibss and 15's ramdisk etc and no dice

Rip

I'll have to do 13.4.6

How did you whip out an Apple TV that fast lmao

i have 3 of them

everyone has a convenient Apple TV

actually; 4

2 HD's a 4k 1st gen and a third gen

if you don't have a convenient Apple TV then buy one

oh. I actually have 4 apple TVs. But they are all 4K 3rd gens

They are all on 16.5 and are all currently in the box.

oh!

3rd gen 4K?

I’m afraid to plug them in because they are going to fucking update. I’m waiting for an update blocker or something to be made lol

Ya 4K 3rd gens

@brazen niche i wonder if you have any homepods on 15

nice

could get the keys

you might be able to install the tvOS beta profile

!t blockota

work

GIR

there

try that

I don’t think installing the tvOS beta profile on tvOS would block the updates

won't work

oh

you know what I should've used my brain for a second

a tvOS beta profile.. on a tvOS device..

💀

I’ve been waiting for like a TrollStore or something so I can disable the updates and actually use these lol

I just might but would take a bit to find

my Apple TV is on the latest developer beta

just because

if you can irecovery any homepods and get at least iboot matching 14 or 15 (anything higher than 13) i could patch the ramdisk

17?

Some dude was selling them for $80 each on Facebook marketplace he had like 30 of them. I told him I’ll take all the ones he has on 16.5 and he had 4. Old tvOS versions are already very difficult to find.

damn

that's kinda crazy

I don’t know why he was selling them so cheap. He claimed some company installed them, hated them, and ripped them all out.

oh!

Or he stole them…

oh.

but tvOS doesn’t have iCloud lock, so 🤷‍♂️

iBoot-6723.43.1, iBoot-6723.80.19~1, iBoot-6723.103.1, iBoot-7429.40.94, iBoot-7459.120.62.0.3, iBoot-8419.3.1 or anything in-between those numbers

Alrighty. I’m probably about out of time for the day so I’ll try to find a few for you and post back

take your time

no rush

at least then, i can re-decrypt the right files

and you can get ssh

@vale yoke if you wanna keep tabs on the keys...

they could be published to theapplewiki

I just so happen to be sitting on like 20 HomePods that have all died within anywhere from the past week to the past two years, so I’m bound to find something that matches.

Most of them no power issues that people mailed in to be fixed

Yeah, that’s a good idea. Honestly once we’re done here, this whole thing should get a wiki article lol.

If you fix this, you know the implications yeah?

This could end up in court with Apple

it honestly doesn't matter what OS they're on, as long as the ramdisk is decrypted by some key (that's preset on any of the devices via gaster) and that should allow you to ssh in

it's only illegal (AFAIK) if one were to redistribute the ipsw

I don’t mean what we’re doing is illegal

It will however expose how fucked Apple handled it

And possibly open them to a class action

We’ll have proof of planned obsolescence

i’m not sure what you are expecting Apple to do. Of course they’re going to tell you to buy another one, they’re not going to rip your HomePod open to restore the firmware lol

I think Apple has that figured out with their "You're not supposed to do that" logic 😛

But the fact they will sell you a replacement claiming it’s a hardware issue when the store could just restore it. Smells odd to say the least

I wouldn’t really call it planned obsolescence… the HomePod is from 2018 and STILL getting firmware updates. I’d say that’s pretty damn good. Most products only get updates for like a year if you’re lucky

the store doesn't restore it, they ship them back to the manufacturer

I’m saying hypothetically

the manufacturer has the base firmware

In reality the manufacturer just recycles them

I went to Chevy asking them about the buggy software on my radio, and they just told me to buy a newer model car lmao

They dont refurbish or repair any first gens. And any refurbished first gen anyone has gotten is from the same original production just reboxed

just like that stupid skateboard.. you unplug the battery and the software bricks

If it doesn’t kill you first!

imagine a skateboard not working without software

kind of like an escalator stopping "oh well, we can't climb it like stairs" 😛

Gifs of escalators abruptly stopping causing mass injuries

See it’s fine! No one died!

https://tenor.com/view/puppy-dog-scared-stairs-gif-3479115

folks be like ^

So this exploit is SoC based correct? No firmware patch that Apple releases can prevent it?

yes

only way to patch such is make a new device or revise the old ones

which apple wouldn't revise anything as old as the HD, but they'll reinvent it

(aka - 4k with 5K video 😛 )

Yeah, this is huge. There are countless units out there being sold/thrown away/scrapped with this issue and Apple hasn’t said a word. If this fix works it’s a pretty seismic shift

figured Id start sharing the iboot versions Im finding on bricked ones until I find one we need

first one up iBoot-5540.80.2

13.3.1 ew

iBoot-10151.60.43

::
:: Supervisor iBootStage2 for b238a, Copyright 2007-2023, Apple Inc.
::
::    Local boot, Board 0x38 (b238aap)/Rev 0xa
::
::    BUILD_TAG: iBoot-10151.60.43
::
::    BUILD_STYLE: RELEASE
::
::    USB_SERIAL_NUMBER: SDOM:01 CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:38 ECID:0012792928EA60A6 IBFL:1D SRNM:[CC4VXRE0J265]
::

someone help make it make sense

I think it's 17

ahhh makes sense, it has a copyright in 2023 too

Which would be great.. But what version of 17

I couldn't tell you :(

I wonder if you booted up windows and used the blue shield app

Here's another one that was marked bricked but is just working fine now. so likely hardware issue not software

Hmm, next one seems to be stuck in DFU mode. not sure it's version

I can do 16.4.1

Ok cool let me get it back

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: ED8EAA4BD9D8DCB1F6B283594AFC03CD, key: CC2382FB803CFD11EF00A238D037B74B7B0E1D26D1DB4FE3D07B1D99D54D71FC

What's that key from?

the 16.4.1 one

I man the kbag

oh that's from what I ran earlier, minus the extra line break that the command would complain about

That won't work, I'll get you another kbag

nw I figured as much :')

That kbag is from 13

ahh I see I am slowly learning

fun fact you can power your homepod on upside down to purposefully give yourself the blinkies (dfu mode)
but dont panic, you can just flip it back up and power cycle it again to go back to normal :)

Misaka update compatible with all tvOS 16 versions maybe coming? 🤔

Hopefully this dynamic patchfinder will make it easier

Maybe.. Issue is most of this software is made for iOS

So "all devices" doesn't usually include tvOS

Why is it every day.. Discord NEEDS an update?

It's Just as bad as Windows

are you kidding me

217A0756D62BBBBA4ABB3767BC99DF726E1CFE3A8EBAEFA930033E15F804BE2F6D261FAFEB22F54C2A83D64ACFAC55C5C7A25A0FFE69E67F9F03D388B776BA494830A6A434AA4949F8FE53AA6271A245369A3A7E5898E45BD898B934876109A6

and

08D2857266E96B98F0EA59577B1DFCD0623AEBB7B106AB03D168C6E42506B70083468E406AA6B8153CDBBB5C725841E576991A0BA7F2AFB30DE38C3C5DE8F929265B538ADCFD007A2BD52D949A3B30A1DA5B3DFC3D660EB01C9ADE8853079584

it didnt like either of those

i'll get better ones, give me like 10 mins

np np

08D2857266E96B98F0EA59577B1DFCD0623AEBB7B106AB03D168C6E42506B70083468E406AA6B8153CDBBB5C725841E576991A0BA7F2AFB30DE38C3C5DE8F929265B538ADCFD007A2BD52D949A3B30A1DA5B3DFC3D660EB01C9ADE8853079584

think its the same but should work

217A0756D62BBBBA4ABB3767BC99DF726E1CFE3A8EBAEFA930033E15F804BE2F6D261FAFEB22F54C2A83D64ACFAC55C5C7A25A0FFE69E67F9F03D388B776BA494830A6A434AA4949F8FE53AA6271A245369A3A7E5898E45BD898B934876109A6

yeaaa it dont like it

is it just making usb timeout?

usb_timeout: 5
usb_abort_timeout_min: 0
ye

i'd keep trying

the exploit isn't 100%

well I think its the kbags cause it consistently gives back when I run the older kbag, and never works with these

ill keep trying

here's a kicker: this ones for 17.2 beta

wow fresh af

well, early fresh.. 17.2 is out of beta 😛

you could also do that one (the 17.2 beta) with 9845291A70924981B3A9EA00D4324360441A6E2BAEEBC06BFD1F5BE789BFEBD4097F73EE3860A252A5756CD2CCD4133BA5376747F36D6D483A4E8FA809BDFA9B1EF86F1A7A9A2275D1B764542896E7C7C2152A236D5D1BE01D2719CFFEAF3A6A

and
355D9F94A3B869C675B40C2F7953E5484D72260D42FC01B5ADFE02E89DA272F2CF49E25C5648E5B61BB6D2AF79809FC7CED30BDD4048B32B88897EDBF0D999945983AC4B2F3938162511273A30CA273E16CCEDC4C5D1B4185D80968B018D13C0

same story with that board. neither of those decrypt but the particular old one does

for what its worth

if I reduce the length of one of those to 96 characters

just trim the extra off

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: F3F5238E3F128C0F7DD3BD35EB3FE716, key: AEF33A5A899A0F4840A83930D14D01C4C708311F397FC4DDF31F007536B03C8F```

that one worked δˇˇTcc���������������������������������������������������������iBootStage2 for b238a, Copyright 2007-2023, Apple Inc.�� ’ ’RELEASE� ’ ’������������������������������������������������iBoot-10151.60.43

yeah

ok and if I plug in the second half of that first kbag

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: 824E9BBFFE7E306E631BFE7F68650787, key: C21B1BD8BA80E85823B804345058AD7F00665F8088C9C16B53183E10B8B345C9```

here's the second kbag split in two

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: AE3FC38099B8AA0C704C6566790ADE9F, key: A71BDBB2CF388132DBA9069C06E3D5051A183CE8062F0E5D310A56F72C3B9032


nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag CED30BDD4048B32B88897EDBF0D999945983AC4B2F3938162511273A30CA273E16CCEDC4C5D1B4185D80968B018D13C0
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: FC57D25F84C51B3436368EDA2532F10E, key: D8A6A3A597FD6C6E8F2BC1D8D82FA29C70A7DEFC06D08CD2D6A36DA2DFBE2F63```

How is randomly cutting it in half working lmao

what's funny is this key IV: AE3FC38099B8AA0C704C6566790ADE9F, key: A71BDBB2CF388132DBA9069C06E3D5051A183CE8062F0E5D310A56F72C3B9032 works for ibss 😛

δˇˇTøY���������������������������������������������������������iBootStage1 for b238a, Copyright 2007-2023, Apple Inc.�� ’ ’RELEASE� ’ ’������������������������������������������������iBoot-10151.60.43��

ok! i'll join!!

fap

fap

😛

wah what are we gonna do on the bed

pomf

you'd think there'd be more users...

they couldnt afford more of them

onlyfans >

idk I guess it can only decrypt 96 characters and it wont do 192

zenseq enlighten us

anywho, got 'em decrypted, i'll see about making a 17.2 beta ramdisk.. would these two last keys be from the 17.2 beta homepod?

yessir all four of those are from the same 17.2 beta pod

okay, then hopefully the ssh portion would work

actually, it's not fully decrypted, just half

hence half the key 😛

unless I'm blind...

could just give it a try anyways

I’m going to have to buy some HomePods after all of this. I had zero interest in them until now lol.

issue is, you'll need the adapter if you plan on getting keys/restoring/ssh-ing

I will sell adapters

I have a 3d printer

I will buy adapters

And people can get them made by our sponsor! Pcbway!

I do not have a 3D printer

Pcbway can print stuff for you too but I intend on selling them anyways

@ionic copper how feasible would it be to automate this process once it’s done? Would I be able to write a script to handle all of this?

You will still need to pry your rubber base off but if you’re not an idiot it’s not a problem and it will just stick right back on when you’re done

And for the love of god stop using tools and heat to pry the bases off

automation to make an ipsw? not easy because apple will have updated

Just stick your hands innit and pull it off

which would require new keys

do you think Apple would change it so this process no longer works if you were to release a guide on how to do it?

What could they change to make this not work anymore?

they get bigger fish to fry these days

Got it, assume we have a version that’s been decrypted, would the flashing of the actual image be able to be automated? I think it’d be great to have a tool that could run this on a HomePod once plugged in and take some guesswork out of it

aside from it being permanently vuln to checkm8 whatever they patch can probably be bypassed

Where can I get the Homepwn logic board made

that is for UART

I have a 3-D printer, but this looks much more professional and has UART lol

you dont need any pcb for usb

just usb-a pinned in

it says it’s for both, no?

you could.. automate a tool where it'll extract the keys and the blob for it's installed firmware, then download as such, patch everything, set nvram based on blob generator value then proceed to use futurerestore

depending on which pin on the pod you supply voltage to it will give you uart or usb. the adapter in that repo is for both but you wont need uart to debrick

i was going to ask, how do you even use uart?

I dont really know lol

😛

We may be jumping the gun here let’s see if the restore even fixes it first lol

i have the breakout board for the 4K with usb and uart but can't understand how to access uart

i think it's somewhere via irecovery

I think you need something to actually make sense / use of uart cause its just serial

uart is great for debugging

it's just direct input/output.. no os

So you know how you can plug in a USB to ethernet adapter to an iPhone and it will work… I wonder if that would work for a HomePod. The main thing that’s been turning me off from getting them is the fact that they are Wi-Fi only.

no drivers

So you know how you can plug in a USB to ethernet adapter to an iPhone
?? huh?

I doubt it

facts tho

i do this to test our work app on corp net

no weefee

like.. ethernet via lightning port?

https://www.apple.com/shop/product/HMJU2ZM/A/belkin-ethernet-power-adapter-with-lightning-connector

Yeah, Apple literally sells one, you can plug in an ethernet cable to your iPhone

It works pretty well

https://www.amazon.com/Lightning-ethernet-Charging-Compatible-Supports/dp/B0CCRZ6KYN?source=ps-sl-shoppingads-lpcontext&ref_=fplfs&psc=1&smid=A18ZXJ90WSPSYQ

ah

i guess that'll work if your broadcom chip breaks

or antenna

tvOS has drivers for ethernet obviously… so I bet you the HomePod would be able to do it lmao. Would be interesting to try.

no-one wants to run a 30-foot cable to their homepod

especially via a janky setup

that's actually a great point and now I must know. I will let you know

I 100% would

I do. My whole house is wired for ethernet. Wi-Fi kind of sucks and especially for a speaker. The quarter second delay on my Bluetooth speaker already pisses me off it makes it impossible to use for FPS games.

It probably wont fix delay

its built in airplay buffer

https://tenor.com/view/tripped-tyler-szalkowski-state-champs-just-sound-song-lost-balance-gif-25469993

you can do it with the Amazon Alexa Show. There’s no documentation anywhere, but apparently you can get a micro USB to ethernet and plug it in and it will work. It says in the settings no network connection but it can still reach the Internet

you just potentially added a whole extra demographic interested in ripping the base off their homepod to dongle it into ethernet lmao

buy my dongle, coming soon

pay for my new car

I would love to use a dual HomePod set up on my computer, but the latency makes it impossible to use for gaming

I want my z back :(

inb4 someone melts plastic and drills in holes

Some will rather and I'll give templates for it

better to reduce risk than try preventing it outright

i can see apple not getting sued for broken homepod devices via software, but not providing the tools/adapters needed to fix such

I still see a class action for everyone that paid for a replacement due to it

half of them will be dead by the time the $5 settlement check comes tho

We should see if we can get a HomePod channel made instead of cluttering up the Apple TV one…

I wish we would enact the right to repair laws like they have in the EU to force everyone, not just Apple, to make this shit easier to repair. But capitalist USA would never do something like that lol

apologies for the delay, seeing if half-made keys work for ssh

😦 is it totally unsalvageable?

is there an off topic channel here?

anyways no it's totaled. I can probably pick a few small things from it

bunch of photos on my twitter if you want to see the poor thing

oh shit I didn't even realize it was you zoo, I'll photo dump in my server

👍 yeah I've been following it since when you first tweeted about the crash, didn't get around to asking more about it until now

can't even patch with half the keys

what other iboots do you have?

mm let me run through more

iBoot-5540.140.12

that ones 13.4.8

another one on 17.1. this one started randomly working

going to find another

hmm not sure on this one its stuck in dfu mode only. moving on to another

iBoot-8419.40.112

16.1

another dfu only

6FEE4F65E8EDD9144AFBC4538021A0379609547C46B518AE3A576F53B5166F6BF786ADEA431C00A66C829C0F87AF68550D643138993139CFCCCEF464EE4339CE4093234D302EE6C7AAB003C30D15D86B6D826481D418E98E5B77C467B24C61F4

for 17.1

FE598FF3AF54AEB1B8A9E022925CE4A36E09D25335BCB6D9D8A37781291B025D3501863CC353C99FC811BE48E8D11E24A5F1446F0BA330826C7BD1244135C9C091B9A6D9F0171B4EDD423D842BE194AD13FBB4121769C3AE701F72579255FA47

0107BD484B50B5115B568B5580D882F4ACC0D621943DCE7B9C902FF57DD18E2B816CE818CC6ECCAA495980D0B9EF9BD8915C61396D5AB33E49F7E428D102244F0833FBE332720C3110BD7D24C389E5F71858CEA70A944F457432BD0963324DCA

for 16.1

D7D0F541C303EE42DF25FAABF9F59B1585126809901AD8368C12C1B2F879B77C24AFF1C787CD12AB605BDE9A6D8D8A4464BE0879E85C8E2CCC903BBAE3E707DF2867DFEB10F3FB791E4405E7F152FC3E228979038DC91CE9BBF7B32B329CE1C7

dfu-only devices should still work granted they're using SoC to get the keys from

with the dfu only Im just not getting anything with irecovery and moving on to another one for now

ok we'll do 16.1

not sure if you still want me trying to run them full 192 characters at once or split it but it wont work without splitting them

alas

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: RESET
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SETUP
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SPRAY
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: PATCH
ret: true
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: E35215193E27928B700189E8B3E6104E, key: 777D09A8F580C66B7A2A37EA0130BA555F3197E5F80431F3FEC4D91116CACB0B
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 915C61396D5AB33E49F7E428D102244F0833FBE332720C3110BD7D24C389E5F71858CEA70A944F457432BD0963324DCA
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: 681B1536016D76E2296594C7AFABC3A1, key: 4D11A94E4FED5191CA603D1E8D69488F6F4FBD2B68966289F6DD669805832732```

second kbag split up for 16.1

usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: 20ECAC501242ED1FFD93EF54B6ED50B1, key: DD08F1C8A99075E163799FD2BED988A94695426E4E9EEAFE5C64F3AA594DFF02
nic@Nics-MacBook-Pro Darwin % ./gaster decrypt_kbag 64BE0879E85C8E2CCC903BBAE3E707DF2867DFEB10F3FB791E4405E7F152FC3E228979038DC91CE9BBF7B32B329CE1C7
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
IV: 5497946548B96792605859B6BCC9CBAD, key: B41A461279243F13549CD4804F6666ACCCDA996E2CB82BC514F86C006438CDFC```

i found an interesting boot argument: nand-enable-reformat=1 -progress

owo

what do I do with this

ah, add it to sshrd boot?

kind of

I'm going to try rebuilding the 13.4.5 ramdisk

i think i did it wrong the first time

there's 2 ramdisks i didn't know about

interesting ok

Im going to try finding that one again I mixed them up

iBoot-8422.100.650
cant find anything on that one

:: Supervisor iBootStage2 for b238a, Copyright 2007-2023, Apple Inc.
::
::    Local boot, Board 0x38 (b238aap)/Rev 0xa
::
::    BUILD_TAG: iBoot-8422.100.650
::
::    BUILD_STYLE: RELEASE
::
::    USB_SERIAL_NUMBER: SDOM:01 CPID:7000 CPRV:11 CPFM:03 SCEP:01 BDID:38 ECID:0001452238EA1326 IBFL:1D SRNM:[CC4W17DRJ265]
::
=======================================```

well, apple made the ramdisk in newer updates to just dmg

but older ones are re-encrypted as .dmg.image

ah im an idiot. found my 13.4 board

Misaka for all tvOS (15 and 16?) indeed coming soon

Now we just need TrollStore.

But this will be great for blocking updates… I think. I’m not sure what I would need to edit to block the updates though.

you don't need trollstore when you have kpf

Oh

Tbh I’m not quite sure what KPF is

But it sounds cool

Kernel patch finder

Upon boot, it disables security to allow custom code signing by patching the kernel

I’m so confused

About what

That sounds like an untethered jailbreak. I thought the path finder was just for finding offsets (for KFD in this case)

No. It's literally what checkra1n does

When you boot, the exploit kicks in, then launches a kernel patch finder to find offsets and patch the kernel automatically

Then the OS loads with the apps present but with the ability to launch an app that has special privileges to install a bootstrap

Oh ok that makes sense

That only works if you can use checkra1n though

No Checkra1n on 3rd gen 4K 😞

So for 1 gen 4k this is available?

Yes

Any tutorials ?

For what?

This

what he’s talking about there is just the checkra1n jailbreak

I think

a kpf is a common component in most jailbreaks

not just checkm8 based ones

In this case, it's primarily checkra1n

@vale yoke did you make note of the keys?

to potentially fix this error:
brew uninstall libusb
brew install libusb
brew link libusb

I was trying to, but then you guys started cutting them in half and I got all confused :/

it seems the half keys don't entirely work

Did Nick get anywhere with the HomePod? Was he able to restore one or are you still working on the RAMdisk

ah ok

it's difficult to decipher this issue when it would either be a software problem or a hardware problem

Would you be able to dump the boot log with the RAM disk and see where it’s failing? Should be able to tell if it’s hardware or software based on what it says

I think

Oh good MisakaTV coming tomorrow with update blocker 😁

Now I can use all these Apple TV without worrying about them updating

@vale yoke
For the 1st gen 4k, can the IPA be installed with Xcode or with special cables only?

I believe you have to do it through Xcode over the network. All I have is a virtual Mac, but that should work according to Sideloadly. I’ve never sideloaded do an Apple TV before, so I have to figure this out too lol.

Both

I'd use the cables more

Ya dont have cables yet. Need to see how this plays out, hoping for Trollstore to get ported over.

Xcode works best for me. Sideloading kodi gave me a error with sideloady with xcode it just works fine.

Is their any new tweaks now?

-_-

Please someone reply

Oh crap im on ios 14 --

My tvos

in the works 😉

Misaka for Apple TV has been released!

https://twitter.com/straight_tamago/status/1746637890267033646

Currently trying to Sideload this with my Mac VM but its being stubborn lol

Network file browser? Wonder what that means

Lets you view the file system on the Apple TV using your phone...

oOh

I never worked out how to do that

Might ask the dev if I can use that

I did get a web server running on it once but then it broke and I never figured out why

@vale yoke
To block the update nag, we are suppose to drop a file at /var/mobile/Library/Preferences/com.apple.MobileAsset.plist. Question... I wonder if the blocking will persist even after the Misaka IPA expires after 7 days?

It should yeah, as this is a file system change. Looks like it’s just setting “MobileAssetSUAllowOSVersionChange” to false

I just did it, and it seems to work well

i love the irony of how it says "All KFD devices" but Apple TV HD just won't work 😛

Mine crashes and reboots every time with the default exploit. But It works instantly if I switch to Landa. Which is weird because Landa is supposedly the most unreliable lol

mine just stalls.. then the app exits

Does this new release work on 4k gen 1 16.6?

Looks like there is a 3.1 version now

okay im trying on 4k gen 1 but im getting error. guru meditation with a URL ending in trusteddevice

using sideloadly 0.50.1 on macos (m1 air)

do i need to pair atv with macos through xcode first? i'll try to see if that does it
EDIT: nevermind. that seems to be the solution for getting atv to show in sideloadly. i dont have that problem. i will try add the icloud account used in sideloadly to the macos

okay that worked!

Landa worked immediately
EDIT: still trying to get to Misaka toolbox on iphone though...

okay im trying to add the plist file to block updates, but it won't add
EDIT: Found the issue. I was downloading the plist file from discord on my iphone and it added a .txt extension, which shouldn't be added to Preferences folder. It needs to be a .plist extension. I ended up saving the plist file to my PC and uploading it to iCloud on a browser. Then I used Files app on iphone to copy it to my On My iPhone folder. Updates are now blocked on Apple TV 4K Gen 1 tvOS 16.6. plist file and instructions are on the misaka support discord: #1196223809812971720 message

Ya, I had the Sideloadly trusteddevice and the .txt problem as well

Whats the latest tvos update? Tvos 16?

Because im on ios 14 for tvos still

@vale yoke
Did you install on a 1st gen 4k or HD?

Tvos 17

My guess is 4K since HD doesn't work

3rd gen 4K

Is there a way to dump the on board blobs from 16.5 from my Apple TV? Are blobs even useful anymore or should I not even bother to try

I guess kfd would be ideal for the 4K since Apple has locked the third gen down pretty tight

You can't use them on the 4K second or third gen unless checkm8 is updated

yeah that’s what I figured but if we ever get a new bootrom exploit in the future they may be useful. I know even with blobs you can’t really downgrade an iPhone anymore. I don’t know if the same applies to AppleTV.

By the time that happens (if it does) we'd all be old enough to develop Alzheimer's and forget how you even use the thing let alone; downgrade it

Lmao

Fair enough

We'd call apple "but I plugged it in.. Just a blinking light"

Yeah now that we have KFD, it would be possible to install CT signed apps 😁

Not many system apps to inject into though, I guess really only podcasts and fitness to use as like a TrollStore helper lol

Sad part is, apple knows about this and is demanding developers to update, so only a year or so until all the apps need tvOS 18

At that point, nitoTV would be retired

Well hopefully it won’t force an app update

But knowing Apple it probably will

And all we'd have is just some exploits and cool things to install.. Nothing amazing

At least the HD is downgradable for life which checkra1n works with

I can’t really think of much that a full jailbreak would be useful for on an Apple TV anyway. Really all you would need is TrollStore so you can permasign a YouTube ad blocker and MAME.

Was there anything cool you could do on the old ones?

Well, airdrop is nice. You can also produce tweaks. TrollStore is great but root access is where the fun is at

I don’t know, root access just sounds like an easy way to permabrick lol. At least on 2nd and 3rd gen 4K

Issue is, most folks don't care enough to tweak their tv experience much less install any app they want

Kind of like jailbreaking a jukebox over a Tesla

apparently they are even working on Miska for Apple Watch now. There’s never even been any kind of Apple Watch development because everyone is too afraid of bricking it lmao

It's only bad when folks with half an IQ go messing with stuff

I was wondering if kfd worked for that device.. I have an se2 I'd like to fiddle with

True. I used to fuck with random shit all the time back on iOS 5 on my old iPad. I don’t do that anymore, because bootloops are not repairable.

Bootloops are repairable via ramdisk

I used to go in and delete as many launchdemons as I could and I had my iPad on iOS 5 down to 8 running processes lol

But nowadays with SSV, good luck

That’s why I love untethered jailbreaks I wish they would make a come back. Everyone says untethers are dangerous, but to me, it’s the opposite. If SSH runs at boot, even if you are stuck in a boot loop, you have a chance to SSH in and fix it.

I do love how Apple designed a foolproof way to avoid changing the system.. Until you go and update and the OTA fails half way.. Then there goes your device and all your data

Thanks apple

Issue with untethered jailbreaks, they're too valuable to burn

It's like reselling a brand new car you just bought.. Or keeping it for yourself to use

Everyone would keep it

I think the CoreTrust bug could be untethered for iOS 15 and 16 if it wasn’t for SSV. You can just replace a nonessential system daemon with a CoreTrust signed one that does whatever you want and have it run at boot lol

But then you'd have ppl

True, but you could just have that demon kick off the PPL exploit, and do the rest of the jailbreak.

So the jb wont work on tvos 17 right?

Nope

Not yet anyways

Since a jailbreak has released for ios 16, have you guys got tweaks .debs to work and compatible with tvos14?

Or any new tweaks at all?

Tweaks already work with 14

But i have old repos

So nothing downloads

Delete them

You have updated list for tweaks for tvos?

They come included

Wait so is their a whole new app i can get tweaks now?

Don't know what new app you're talking about

Like something like sileo for tvos

No

It's nitoTV

Nitrotv is where i cannot get any tweaks to download. Says url down etc. i need updated repo list to add too nitrotv

Then delete the repos

After deleting my repos i need to add new?

No, they come included

Ohhhh i und

Understand

And did nitro get updated?

Yes

😍😍😍😍😍😍😍😍

Time to fire that dust machine back up

Inb4 new issues arise

😭

The newly updated nitoTV won't let you add new repos

Omg

So you'll need to add them in another way

I can show you once you update it

Okay perfect! Will be this weekend. I gotta find my apple tv. Have you got snowboard working on tvos? 😍

I do

Thats sweet. What else works?

Hard to say when not a lot of optimised for 14

Works on 13 though

Oh okay I understand. Will have to test around

Well, apparently they are making progress with watchOS over on the Misaka Discord lol. They are not sure which watchOS version patched KFD exploit.

Imagine Trollstore on watchOS lmao

@vale yoke i wish this device

With modern storage swap

I'd take it.. It sucks you need to buy the app for it to even install on watchOS

Would be the best music player

It's great for porn whist on the toilet

All I want is an app for the Apple Watch that’s like the Carbridge Portal and can you mirror your phone screen to the watch

I would pay… like $30… for that lol

That would be so cool

Like inspectors gadget

theoretically, this could just be done with TrollStore permasigning and entitlements. You wouldn’t even need a jailbreak. The phone would probably have to be jailbroken though.

If trollstore existed for watchOS, all the pirates would demand their cracked spotify apps to work coherently with their watches

Cracked Spotify? I thought Spotify was free lol

What I'd love though, is legizmo for trollstore on 14

It is free, with ads

Oh. I just use a systemwide ad blocker it fixes that problem lol

I haven’t had ads in any streaming services in years

No, it's spotifys server

You know how to program this?

Bloatware

Wtf is that lol

Every adblock app is trash

I just use AdGuard. But will switch to the hostfile blocking once the jailbreak releases.

Ad block apps drain battery too

Ohh

Ya cause of the constant VPN

I’m hoping there will be a better solution once Dopamine comes

Watchos jailbreak

Amazing!

I was recently thinking of getting a watchos because of how cheap they are now

GOD why is the voice to text so bad in iOS 16. It worked perfectly on my XS on iOS 14 but on my 14 it just butchers absolutely everything and I end up rewriting half the sentence anyway

stop putting random commas in the middle of my sentences!

Is your phone microphone dirty? Maybe that can mess it up

like it was great how the fuck do you regress this badly

Lol maybe its the new ai thing

Maybe you're drunk

@vale yoke
YouTube ad blocker on ATV would be my near my top demand. I have an adblock for iOS and my Mac. Forget that there are ads being blocked until I use ATV and it kills the experience. I know there are were some other YouTube app clones for ATV without ads but the UI was inferior imo.

it already exists

@ionic copper
As long as I had Nito on 14 I never saw one. There were custom YouTube apps without ads but I didn't like the UI. What exists now? btw I am no longer on 14. I upgraded all my 4k's to 16.5

Question to those with misaka installed for TVOS, does this allow for installing troll store? I currently have a 4k 1st gen and an HD on 14.5, but I have the opportunity to buy a 2nd or 3rd gen on 16.5 or 16.6. I could live without a jailbreak if I could permasign some side loaded apps. Thanks!

you upgraded all your 4K's.. lame

yes.

don't buy the 3rd gen

Why not? Is it just the lack of hidden connector in the Ethernet port?

well, yes. Primarily. It sucks enough to have only wifi.. but if that goes wrong.. then how does one sideload?

That's a fair point, I was going to get the wifi+ethernet as they are about the same price as the gen 2.

I'd be keeping my older models so I could always fall back on those.

Follow up question, I'm torn on delayOTA either of my current models to 17.0. I figured maybe I'd do the HD as it can always be restored to 13 worst case. any recommendations there?

it's sad enough that apple doesn't include a port.. with that being said, only a matter of time until ipads go portless, then iphones

soon, every apple product will just be a wireless metal box with a screen and buttons

It's super frustrating, the breakout board has been great, big props to lilsteve for figuring that out.

macs will go portless

it'll be just wireless usb connectivity

then mac minis

then in the year 2030 we'll have just the whole apple experience as humans in a plastic bubble with just one cable for power and you have 3D surround sound and virtual reality

Even a lot of PC's have been dropping a lot of their ports. USB C has been good since it is so versatile, but as someone who regularly needs a microSD and ethernet slot it was infuriating trying to buy my last work laptop. Ended up getting a stupid dongle to carry around to add that functionality back.

haha easy tim apple

I am quite curious as to how apple installs the baseline firmware on the 3rd gens without such port

when do us humans go portless? I'm tired of loosing all this time to the bathrom

I do wonder if they have a secret port somewhere, after all the ethernet port was hiding in plain sight for years before discovery

where's ifixit to teardown the device and show us the logic board?

right? I didnt even notice that they dont have one for the current gen

I pay for a sports subscription and min is 14. Jb not worth it to me if i cant use apps

you pay for sports? lame 😛

Alternative is piracy and kodi streams buffer too often. To ea his own

was going to say playing > watching

man, tough crowd!

hey, i noticed that misaka mentions pairing it with the iOS version, is that necessary? i dont have an iOS device on any compatible version.

it would be to install packages

My 4k's were on 13. Good while it lasted but functionality req'd me to upgrade. I'll wait on 16.5 for now

damn thats a bummer

why?

oh wait, so could I install troll store with it, and then just use trollstore on the device?

so far, you can but afaik, the functionality isn't there yet

takes time to develop

I'm confused, by that last comment. so is it possible to install trollstore and then say install and permasign retroarch without needing an iOS device running misaka? or are you saying it isn't currently but should be later?

which is?

yattee

that's literally the app that @storm ridge mentions which has a horrendous UI

i mean sure the ui sucks but I'd live with a bad ui and no ads than a great ui with all this stuff to block ads with

works on webOS :/

at least the project is open source.. anyone can make the ui better

I'm confused, by that last comment. so is it possible to install trollstore and then say install and permasign retroarch without needing an iOS device running misaka? or are you saying it isn't currently but should be later?

you can permasign without needing misaka

misaka just makes it easier

gotcha, but you do need misaka to install trollstore?

no

it's just 10x more difficult

is that the ramdisk method?

that's one method

Depends on each person's use case. I use my ATV primarily for watching live sports and very little YouTube. Besides I do have 2 HD's on 14.7 but have not been using them. If I was a heavy YouTube user I might have reconsidered

oh, right that would only work for the 4k 1st gen anyways since it needs to be checkm8 compatible. didnt know there were other options on TVOS.

hey, thanks for your help thus far. I remembered that my old iPad Air 2 is maxed out on 15.8, so i was able to get misaka on that. Where do i find the appletv connect function? online it says "ToolBox > AppleTV Connect", but i don't see this toolbox... am i just blind? or does it not exist on the iPad?

Nic, the dude with the HomePods, actually did a teardown of the 3rd gen 4K and shows off the logic board under a magnifying glass lol

https://m.youtube.com/watch?v=bqqbUXe3pDA

My Apple TV has crabs 😫

better the tv than the spouse

Hey, I need an update to the Apple TV “jailbreak” and tweaking scene. Currently have an Apple TV 4 (not 4k) jailbroken with checkrain on 14.6. Can I update to the latest and jb with checkrain? If not, what’s the alternatives for tweaking the Apple TV on newer iOS?

I need to update the TVOS if possible but keep sideloading with possible permasigning

if not, then I'd get on saving blobs so you can get back to 14.6 because once you update, you cannot go back without such

no. there's no jailbreak for the latest

there is no alternatives

all you can do is sideload

what exactly needs to be updated?

Disney+ and some other stuff.

for disney, there is a tweak.. don't know if it works though

I’ve got KODI on there, but it glitches out and has a weird buffer thing that sometimes crashes it.

And I want to keep Kodi

Ok… wtf is the point of the karaoke mode on Apple Music on Apple TV… I thought it would use the microphone on the Siri Remote and let me sing into it 😒

I know what tweak I’m writing… if I ever learn how to make tweaks

but then bluetooth microphone making brands would be out

has anyone bought an apple tv 4k gen 3 recently? wondering what tvos version it might be on

on 16 but chances of doing anything other than KFD are extremely slim to none

@bitter gull
If you know the serial # printed on the back of the box, then you can use this site (free but with limited checks) to get the week of manufacture. This will then narrow down the likely OS that it shipped with.

http://www.chipmunk.nl/klantenservice/applemodel.html

I didn’t think that worked anymore don’t they randomize the serial numbers

Apples stocks be rising since kfd jailbreaks released

It has?

Wtf is this then lol

I’m losing money 😫

💀

how

Wtf lol

no wonder they're charging rent x2 for a computer

Thanks. I heard the same that @vale yoke mentioned. It's now randomized. Have you been successful with using this site specifically for Apple TVs?

It doesn't work, I havent found any that are able to decode the serials after apple randomized them around april of 2021

Which is a bummer because some of those gen 3's out on the shelf are 17.0. Would be great to have a way to tell before opening hte box

You bought a gen 3 recently and confirmed it was 17.0?

Yes at best buy

Gonna try again at target, I figure they probably dont move as quickly there

also searching facebook marketplace but thats such a hellscape of people posting saying they have modern 4k's when it is a gen 1, or they have no idea what version it is.

I know a guy on FB marketplace that still has like 20 4K 3rd gens left on various versions between 16.0 and 16.6

Except 16.5… because I bought them all lol

haha fair enough, that was the hot model before the most recent development

hey stupid question, have you paired an apple tv using misaka with the ios version?

Ya

I'm trying to figure out if I'm gonna be able to make all this work, and the only non TVOS device on the right versions I have is an ipad on 15.8. I've put misaka on it but I don't see anything marked toolbox or apple tv connect. Wondering if you could snap a screenshot of where that is. I'm thinking maybe it isnt in the iPad version, only the iOS version of misaka.

that or I'm just blind

Yeah, I couldn’t find it at first either

After you KOPEN on the Apple TV, go to the packages tab at the bottom and press the box in the bottom left

Should have an Apple TV connect button in there

oh does it only show up after it's on the ATV?

It’s not very intuitive

Possibly. I think it only appears after it detects the Apple TV on the network

It’s here

ahhhh! there it is

thank you!

ya that is... super not intuitive

The Connection is very slow. anytime you hit a button it can take five or so seconds to respond so just give it time

and the instructions the misaka website are not at all helpful. if it said "Packages > Toolbox > Apple TV Connect" I feel like i'd have had a decent shot at finding it

I didn’t know wtf “Toolbox” meant lol

good to know, that said not a problem, happy someone is making strides for the often forgotten ATV!

I dont think I could go back to not having retroarch and kodi on there. I do enjoy some of the other stuff that having NitoTV for all these years has enabled, but not having the other two would be a substantially different experience for me.

It was a few years ago when I used it to buy my 4k's and yes it was reliable. Can't confirm how it is today. Worst case you return it if it isnt

Ya I've used it in the past, and it was super helpful! but apple changed all of their serial numbers starting with devices produced after about April 2021. If it isn't random as far as I know no one has managed to decode it yet.

Why tf are we investing in devices with no USB ports?!

please report what you get at target if you do it. i think i'll try target too if there's some success reported

it is random

I wonder what happened to Nic. I was looking forward to seeing if the HomePods could be fixed 😞

Did you get kodi to work with builds?

Couldnt never get it to work

can only imagine how unpopular apple tv would be without kodi

@ionic copper
For anyone that wants just Kodi I know a few friends who just install it through the Play Store on their Android OS tv's, no additional hardware required. I don't like Android but for many it's an easier option than jailbreaking and jumping through hoops on an ATV.

yeah.. and you can never update android

@ionic copper
I know someone who has a 6 year old Sony and running the latest Kodi 20.3. I don't know what his Android version is but if he's able to install the latest Kodi after that many years it's almost on par with an ATV OS cycle (except for the HD which is on it's 9th OS).

Yes, I updated to matrix back before it was available on NitoTV, but it did work, admittedly that was a while ago so my memory of the process inst great.

Target ones near me were 17.0 as well, bummer

Fair point, I just much prefer the interface with the appletv, and my wife is annoyed having to juggle two remotes.

I'm sure a lot of wives juggle 2 remotes 😉 /s

Likely dealing with other things atm

Ya I figured. I hope he's doing ok after that bad accident 😢

I haven't even had this Apple TV out of the box for 5 minutes and the power cord has already dissapeared...

me every time I move a cable

Pretty much all my shit doesn't have the original cords because the originals all fucking dissapear -_-

I swear my fat ass cat horks them down when im not looking

💀

I think he also ate the dongle for my fucking mouse cant find that either

interesting

Imma take his ass to get an xray one day

there's gonna be a mac pro in there

inb4 stomach full of copper and plastic

trash can mac unboxing

I FINALLY got these damn thread lightbulbs to connect with the Apple TV as a home hub after like 3 days. I was just getting nothing but "unknown error occurred" and "Accessory could not be paired". Apple neglected to say anywhere that the Apple TV has to be on a 2.4 GHz network for it to work...

My 2.4 and 5 GHz networks are seperated and the Apple TV was on the 5GHz only. But then I found a post about it and moved my phone and tv to the 2.4 network and it all worked instantly

🤦‍♂️

Why are we still forcing 2.4GHz in 2023??

I'm pretty sure it is??

Snazzy probably being semantic but yes it’s totally removable. I do it to all of the repairs

Not something super easy / obvious but it’s definitely tough enough to withstand thousands of cycles at least

🤔

Misaka developer trying to load Trollstore on Apple TV

And wtf is this

https://x.com/trollstoretv?

TrollStore for Apple TV

Apparently this guy has tweak injection working up to tvOS 17.0 with TS

hi guys i have ATV 4K 1st Gen which TVOS is the latest JB avalible ?

14.7

@trim wagon Ty

Incorrect

They're trying to load an ipa with no executable inside trollstore, but it's denied

Oh

Damn, what is up with half of the apps on the App Store requiring tvOS 17 already 😫

They are really trying to kill off 16 quick aren’t they

it's not apple tho, it's up to the devs

It's nicer to develop for newer tvOS

i really wish I could make Spartan 15+, it would make many things much easier

All these cool networking tools are 17 only 😞

@uneven wraith https://github.com/WhitetailAni/Spartan
any plans on TS support?

Early betas have tipas (no clue if they work)

I took it out as xcode was giving me me build problems and there was no trollstoreTV

Might add it back after I fix my broken af compression idk, i'm currently working on other things

Oh so THATS what this guy is using. I was wondering wtf is Spartan

https://x.com/trollstoretv/status/1750046040701731222?

Looks like he has it working on tvOS 17 with TrollTV to block updates

I really need to fix it but fixing requires learning libarchive and i don't feel like it right now

looks like 17.4 might enable sideloading

it doesn’t

unless something is different for tvos, direct ipa sideloading isn’t supported

looks like alternative app stores need to be approved by apple

maybe there's a way around that, let's see

unlikely given you need an entitlement to get an alternative working

ahhh fook me. I'm on 17.1

Trollstore for tvOS released!

my Apple TV enrolled in the beta program:

yeah :/

Will see if keeping my 4k's on 16.5 was worth it or not

WOO

is there a way to block OTAs on tvOS 16.1?

#1196223809812971720 message

/var/mobile/Library/Preferences/com.apple.MobileAsset.plist

After pairing with the iOS version of misaka, place this file in this path from the file manager

Then restart the appletv

blocked

And just in case, don't forget to turn off automatic renewals as well.

There is a plist file in the original link that needs to be dropped in the location specified

oh its in the misaka server

okay thank you

Yes

what versions does misaka support? the question mark in the tweet is kinda confusing me

Misaka works up to tvOS 16.6. Trollstore should work up to tvOS 17.0 as well, but KFD was fixed, so there is no installation method for 4K 2nd and 3rd gen.

Success!

how were you able to install? i have no idea what to do after sideloading misakatv and pairing with my phone

Can someone point me in the right direction to install on atv HD 4th gen on TVOS 16.2?

i have HD 4th gen, assuming that still has KFD?

You don’t need to pair it with your phone. Sideload MikasaATV version 5 from here

https://github.com/straight-tamago/misaka/releases

Yes, KFD is based on the OS version not the hardware version. As long as you have 16.6 or lower

i downloaded and sideloaded this one

Yes

kfd only kopen'd once for me so i switched to mdc but theres no install trollstore option here

After you kopen, there will be a button that says install TrollStore.

okay ill try kopen again

I don’t know about MDC I would think it would work, but that don’t work on my version.

right yeah

oh shit kopen worked

OH YA you need to have either the “Developer” or “TestFlight” app installed from the tvOS App Store

OHH

I would recommend developer

thats why those buttons were grayed out

got it thanks

Just search developer in the App Store and download it, it uses that for the persistence helper, like tips on iOS

makes sense

Apple Developer right

Yeah, this one

👍

thank you so much the app was very unclear

i thought the "developer" and "testflight" buttons were like credits buttons 😭

im getting no code siganture found...

Yeah… stright_tamagos first language isn’t English so some of it’s a little confusing lol

ah

After you install the persistence helper, you need to reboot the Apple TV, and then reboot it again after you install TrollStore.

or at least I had to. Installing the persistence helper with misaka will just cause developer to crash until you reboot.

im getting an error

Once you’re done there, I recommend the Spartan file browser. I just installed the latest version with .tipa and it seems to work well. It’s a little glitchy, but it’s still in development lol

https://github.com/WhitetailAni/Spartan/releases/tag/1.0.0.RC1

Just don’t go editing random files willy-nilly, because if you brick your Apple TV… RIP money lol

I’m not sure on that one I didn’t get that error

it says the identity uised to sign the executable is no longer valid

I just loaded it using Sideloadly with a Mac VM and it worked fine 🤷‍♂️

might have to try the mac..

Yeah, I can ONLY sideload to mine with a Mac… and I don’t own a Mac 😫

kopen is so unreliable 🥲

nver setup a vm for ahile

Spent like two days getting this damn VM to work. It’s laggy as hell but works well enough to side load, which is all I need lol

gotcha

i think ill use this to block OTAs after i get trollstore working

because the misaka file browser is kinda glitchy with kfd and mdc

Make sure you are set to Landa. Landa has worked every time for me. At least on 16.5

ye im on landa

it worked the first time i ever used it but i didnt have developer/testflight installed

now its just not working

either crashes the app or reboots the tv

Any good ipa’s ?

That’s just weird. KFD works perfectly fine on my phone and my TV 🤷‍♂️

16.6 landa works fine

im on 16.1 maybe its unreliable on that

Ah. Try MDC then that should be more reliable. I would think.

ya it should i think, but both develoepr/testflight buttons are grayed out

i have both installed

Managed to snag two more Apple TV 4K 3rd gens on 16.4.1. Will probably hold onto them for like two or three months and then sell them on jailbreak swap lmao.

nice lol

reboot fixed this 👍

omgg the persistence helper

I’m currently looking for the file that stores the name of the thread network for HomeKit. I want to rename this shit lol. I’m hoping it’s just a plist somwhere.

But I should also take my own advice

ive got misaka on the atv but it says cannot install when i open it..

uhh this might be a dumb question but how do i get ipa/tipa files onto the tv 😅

do you have to install via url?

There’s a button at the top right in TrollStore you hit that and then you have to type in the URL of the tipa

ah okay

It’s a lot easier to just copy and paste it with your phone using the TV remote

oo alright

Open the TV remote from the control center on your iPhone and you will get a keyboard and then you can just paste it in there

i didnt think of that

anyone know anything interesting that can be done by just editing plist files? Like maybe some hidden menus or something

finally got misaka opening

thanks all

Nice

Any modded Youtube tipa’s

what settings do i need in misaka to install trollstore

I don’t think so yet :/ but now that we have TrollStore, we should be able to get the decryptor running and start decrypting apps and injecting tweaks

None. You should just have to kopen and then install TrollStore

taking ages

It should be almost instant. What is it saying

failed to grab free pages goal

rebooting and trying again

using landa right?

Getting this

That error means that KFD exploit doesn't work on that version then

weird

hmm im on 16.2

May have to keep trying smith

ok

just get a green screen and reboot on smith

ya it does that... a lot

what does it say if you use MDC

MDC the developer or test flight is greyed out

You have Developer installed right?

Hmm how do I do that

Download it from the app store

Yep

and its still grey?

Yer

Oh wait. MDC was patched in tvOS 16.2 thats why lol

I’ll try TestFlight

super wierd

How is stright_tamago recording the screen of his Apple TV

i tried reinstalling misaka again

no dice

since its an HD, at this point I'd just checkm8 boot that bitch and install the helper manually 🤷‍♂️

yer ill try that just didnt wanna use the mac

ok so you can use Filza's built in WebDAV server to get your own IPAs into the tvOS Trollstore

This one I was trying to load was a damn ZIP file and TrollTV couldn't open it. Download the IPA with Filza, start the WebDAV server, and then install it like this

http://[YOUR PHONE IP]:11111/var/mobile/Downloads/[IPA NAME]?mode=download

Phone ip? Or appletv ip

Your phones IP since the web server is on your phone

And if the IPA name has spaces you need to either rename it and take them out, or replace the spaces in the URL with %20

Sounds logic. Thanx

Is 16.6 supported?

Yes

I’m getting the same failed to grab free pages goal as ralfmalph. Reboot and try again?

maybe? I'm not sure it worked the first time for me lol

what Apple TV?

Same as him as well. 5,3

I'm thinking there's something wrong with KFD or Misaka on Apple TV HD then. Your probably gonna have to boot it with the SSH RAMDISK and install it manually.

Trying that now.

Hmm. Seems that tool doesn’t support Apple TV

I just get “An error occurred”

I’ll keep trying

Yeah, you can’t use the iPhone one. But I don’t know where to get the SSH RAMdisk for Apple TV. ZenZeq would know

Stright_Tamago just posted TrollDecrypt for tvOS

https://twitter.com/straight_tamago/status/1750711831667392727

probably QuickTime Player

I think it has the ability to see the screen of tvOS devices

ok well... it appears to be working but I can't actually get the file off of the tv lmao. It airdrops it and then doesn't go anywhere :/

sshrd_script can make them

it does

Smh too bad I updated my HD to tvOS 17

Got it. The TrollDecrypt airdrop function doesn't work for some reason, but if you install Misaka with TrollTV so it can run unsandboxed you can export it with Misaka's file server