#tvos-jailbreaks

Let me just break out my 100k collection of vintage arcade machines in my basement and dump them all to use for myself in MAME lol

If kodi disabled outside sources, it wouldn't.

With that logic, is why everyone downloads

Owning legal copies is no problem for me 🙂

Wtf

I wish I had room for all that 😫

And money

Not all of it. Demopods/arcades are on the other side

Can only imagine the pain and frustration of moving..

Ya know.. You'd make a fortune on eBay..

Lol thankfully i own my place

Why use emulators if you have the originals in the first place tho. It’s always more fun playing the real thing.

People want the ease of accessibility

Nobody in 2024 is going to whip out the n64, plug in the cables, blow on the cartridge when you can just point and click

Sometimes i play original HW. But its a different room for my games. Sometimes i just want to chill in my main living room and game

But that’s half the fun 😫 although it does make hacking and screwing around a lot easier lol

People wanna cheat

Unless you have a gameshark

Like my ex 😐

but anyway

I'm sorry, she was lonely /j

Ah the perks of being single and having a decent paying job lol

Lol nope

Married

Teacher

also, emulators with upscaled textures (or the opposite, crt shaders) make playing them on modern displays a lot better

🙂

Power bill would be screaming

But in the eu teaching is kinda a good paying job

Until you're caught doing OF

Haha lol

I work in IT and make 50k a year, I’m barely affording a 1 bedroom apartment to rent rn 😞

Don’t think that would be very successful

Ruff

How do you only make 50? The geek squad does like 70 and they suck

Bought my first house when i was 22

I’m a network admin and server admin and a bunch of other roles at once

For about 800 people

🤷‍♂️

Usa?

ya

In Eu you would be considered high level payment. With what somebody in your position is payed in eu

Probably make more money buying a list of numbers and calling them for tech support /s

I’ve been considering modifying an AI image generator to generate pics of feet and sell them on OF

But it gets the toes wrong 😫

Nah, ai images are easy to tell fake

Tell that to all my family and most of my friends…

most of them can’t tell the difference 🤦‍♂️

Chatgpt making on par with Google ngl

Kids buying a bot to answer dumb qs

I don't have cables so for the 4k is Xcode the only way to install Misaka?

Sideloady

Kind of need xcode to get sideloady to work

😉

@stone crescent
4k doesn't have USB

Yeah i know

You could use apple Configurator

I just used sideloady on mac

Issue with that idea, you need to pair it first

But my appltv was connected with xcode before

@ionic copper
I'm still on Mojave will Apple Configuator 2.7.1 work?

That'll work

Any Apple Configurator will work

@ionic copper
Tutorial somewhere I can follow?

I'm still using the original on high Sierra

Step 1. Open the app

Step 2. Click pair

You do have to go to settings, remotes and devices and stay on that screen on tvOS

To initiate the 4K to be discoverable

damn i just got notified by someone that trollstore working on tvos

It's all over the internet

They would be correct

should i just follow this?: https://github.com/straight-tamago/TrollStore-tvOS

Apple stocks going up for apple tv now

Yes

What tvOS are you even on?

i already have misaka on tvos 16.6. just blocking updates. 4k gen 1

@ionic copper
I'm already paired to my MacBook, what next?

If you're paired, you can use sideloady

Just install the newest Misaka 5.1 it now has a Install Trollstore button

You need it install “Apple Developer” from the App Store first though to use as the helper

where is 5.1? I dont see the release here: https://github.com/straight-tamago/misaka/releases

I'm going to put in a PR to use another app instead of just developer

Oh weird it’s called 5.0b2. It says 5.1 in the app lol

Install that ipa under assets

What other app? Developer seems fine it’s useless anyway like tips lol

Sure, but you don't need that specific app. Misaka should be able to let you pick and choose any sideloaded/appstore app

Well it has to be an app developed by Apple right because those run with higher privileges? Or does tvOS work differently then iOS?

It doesn't. Just needs to be an app that's sandboxed

Oh. Interesting.

The developer app doesn't have higher privileges

We tried to edit the system apps, but because of the new security mitigations, it reverts the snapshot on reboot

Only way it would work is with code injection

Couldn’t you just make the Trollstore helper it’s own app then and then sideload it? Why overwrite another app

TrollStore success on tvOS 16.6 AppleTV 4K gen 1

some notes: I had to restart the AppleTV through system menu after Misaka injected Trollstore helper into Apple Developer app. Apple Developer app would not show Trollstore helper without restarting.

Also, I had to use Misaka tvOS from here: https://github.com/straight-tamago/misaka-tvOS/releases

The latest Misaka tvOS release is not on the regular Misaka github: https://github.com/straight-tamago/misaka/releases

Ya I had to do the same

Ah ok there’s the 5.1. I didn’t realize he split it off into another repo

Nah

Needs an exploit to work

Hence why misaka @vale yoke

So got Misaka and TrollStore installed. Have had 2 update nags by Apple within 1 hour (not seen that before) and I accidentally hit download but pulled the plug. I really can't wait to get this block working now.

I'm reading the instructions to install the block which says "After pairing with the iOS version of misaka, place this file in this path from the file manager". Is that correct? I've got Misaka on my iPhone too but see nowhere to "pair".

Yeah, there’s really no description on that part. On misaka on iOS go to the packages tab and hit the little blue box icon at the bottom left

There should be a button that says Apple TV Connect

Then you can switch to the file manager tab. I have found it’s more reliable if you pair with the TV first and then kopen. For some reason, if you kopen open first and then try to connect everything will just freeze up.

I think the newest misaka has a built-in OTA block function, though

I see now the new Misaka 5.1 has the OTA in it, but I just installed 5.0b2 an hour ago. I'm following your instructions, I have Misaka connected to the ATV, I loaded the file... but then what? It's very cryptic

Loaded the file into the Apple TV?

Once it’s in the right directory, that’s it. Just reboot.

Can I just delete Misaka 5.0b and sideload 5.1 over? The old method is very cryptic

Ya

https://github.com/straight-tamago/misaka-tvOS

This place is not the latest anymore.

The repository has been moved.

OMG OUR GOD HAS ARRIVED

@vale yoke
ok got 5.1 installed... where can I find the OTA block. It looks identical to the old one

settings

I hate to pull teeth here, I have settings open... it's identical to 5.0b

Mine doesn't have the OTA Blocker tab

and I have 5.1 installed

Try uninstalling it once and then reinstalling it.

Uninstall what?

misaka tv

I just did

https://github.com/straight-tamago/misaka-tvOS/releases/download/v5.1/misaka-for-tvOS-v5.1.ipa

I removed 5.0b and installed 5.1

ok open

Wait, you're installing it using TrollStore, right?

I already have TrollStore installed using 5.0b

no

and switched to 5.1 Misaka but no OTA block

Did you install Misaka with Trollstore? Or sideload it?

sideload

Install the misaka IPA with TrollStore

To use the ota blocker you need to reinstall Misaka using ts

I should have added that description to the app

vunderbar!

Question, I've got 3 other 4k's to do this on. Will sideloadly allow me to use the same appleID or will I have to use another one due to app limits.

I was able to sideload 4 apps in one day before on the free account so probably 🤷‍♂️

Just lock the assets folder via Spartan

Make a burner

@ionic copper
Got it working with Misaka and tested successfully. Finally, no more nags and today I got 3 within the hour of doing all these installs. Incredible how Apple keeps pushing this on us.

I find out more baffling how they managed to flash the firmware with no USB port on the third gen

Is it correct then as far as the 4k goes that Misaka only works on the 1st gen?

No, works for any apple tv

Any.. 4th gen and higher

Only issues, HD only works with MDC

Reason being: kfd hates A8

I was trying to do this, but can’t find the button. How do you get the lock button?

Hold the track pad button down

I tried that, but there was no lock button

Maybe press play/pause

Hmm i’ll try that when I get home. I didn’t want to just go mashing random buttons to find it because with the luck I have, I would accidentally delete a directory and brick that thing lmao

I'm on 17.0 can i downgrade

Which Apple TV?

it says a1625

32gb

That’s an Apple TV HD

You could go to 13.4.8 or 10.2.2 lol

ok

https://ipsw.me/AppleTV5,3

ok thank you so much

Trollstore doesn’t work on either of those, but I believe they have full jailbreaks anyway

what can i do with the jailbreaks

which jailbreaks

hello please

I'd save blobs

Checkra1n

Computer required

Think I found a bug in Misaka 5.2... won't block OTA but 5.1 does. I am on 16.5

wassup zenzeq we tried this before

but idk what happened last time

Oh no..

There is no misaka 5.2?

ig u dont remeber

A new update is coming out soon.. Beta testing

Oh

i can try again

steps

I think you have AMD?

wait how I get in the beta

yeah

Yeah, that's why. Garbage cpu

@vale yoke
yes there is but OTA not working for me, had to go back to 5.1
https://github.com/straight-tamago/misaka-tvOS/releases/tag/5.2

i mean i have a laptop

and another pc

Oh weird now it shows up. I refreshed the repo and was only seeing 5.1. Cache must’ve been fucked lol

But no Intel

@ionic copper yeah the other pc is intel

Inb4 usb issues

You can still try

lets go can i have the steps again

Steps: flash Odysseyn1x to a usb

Boot Odysseyn1x

Run checkra1n. Don't install the bootstrap

links please

@vale yoke
Just to update... I had to switch to another Apple ID to sideload Misaka on my second 4k. As I thought, I must have used up the 2 free slots on my everyday AppleID by first installing Misaka 5.0b then 5.1. I have a few spare Apple IDs so won't need to wait 7 days to finish up sideloading to all my 4k's

I don't think this board has been this busy in years lol.

TrollStore might work on 17.0. Sounds like you got from Target. https://github.com/straight-tamago/TrollStore-tvOS

Woo just snagged ANOTHER 4K 3rd gen from marketplace on 16.4.1 lmao

idk what Im gonna do with all these…

I don't get why you're needing more than 2 apple tv's

Unless you plan to hack em, then flip em

Exactly. Gonna wait a month or 2 and then sell them on JailbreakSwap with TS and OTA Block preinstalled 🤔

before tvOS 16 becomes impossible to find

All these people are selling them for like $80-$100 as well. I don’t know why people are selling Apple TV for $60 less than retail lol

Tis why Apple's promoting updates

The issue I see is, in 2 years, apps are going to require 17.x

Well that’s a problem for another day 🤷‍♂️

Hopefully by then a full jb will be out and we can patch out the version check and keep using the old versions of the apps

Doubt it, nitoTV retires at 17

He's done great work, would be sad to lose another developer to the community. The Apple walled garden still has cracks and we can be thankful for any developer who takes their free time to let us noobs get behind that wall but it's getting harder with each new OS.

I just want to permasign Kodi

You can with the older kodis

On checkrain? I’ve got Kodi installed but I don’t have it permasigned

Like I’m missing the core trust without trollstore

No, just trollstore

So do I use Troll Store helper to install on Apple TV?

Do we have a guide for installing?

Just upload the ipa to it

Using misaka on iOS

I’m on 17.0 14plus. Can I get misaka?

I’m using cowabunga

I also have a Mac

how do i put the MIsaka on there?

AppleTV 4k gen 3 tvOS 16.6 TrollStore success. Also used Misaka TVOS 5.2. but the OTA blocker won't work

I also I also have a 4K gen 1, and manually blocked OTA successfully using this: #1196223809812971720 message

Okay I ended up using the manual method (plist file) for 4K gen 3. Works. Don't know why the OTA blocker within Misaka 5.2 didn't work for me. But it's not needed with the plist method available

how did you install trollstore?

how did you install misaka. I have a mac, but i dont know how to get it over

lol i need a guide,

trollstore on apple tv? how

how do you even install stuff on it beside the app store

it doesn’t even have safari

Ok, i got misaka on there. TVOS 14.6 and now running MDC mode, its buffering

but it keeps crashing

Same way you do an iPhone, sideloading

yes but what do I use to sideload?

i had mine on tvOS 14 for a really long time, but you can’t plug it in from anywhere

Sideloadly on your mac

Over Wi-Fi

oh—

i’ll try that tomorrow

whats the last tvOS version trollstore will work on?

17.0. But there is currently no installation method for Apple TV 4K gen 2 and 3, so 16.6 right now

oh yeah, reminds me. I have a theory..

Do share it

Ya nope still can’t find the lock button that this guy has here

I installed this that was posted earlier, which was a newer version than what I had but still no luck. What version are you on?

My menu looks completely different lol

hold on, i'll take a look in a min

OMG my theory worked!!!

OK well now you have to share

What theory and what worked lol

Hello trollstore on tvOS 17!

1st gen 4K?

it can be

you install with the SSH RAMDISK?

i gotta implement this in misaka

Nice

Hey.. I wonder...

hold on.. Imma try something

what tvOS version? that doesn't fix tvOS 13, that fixes TS

if you're on 14.0-14.5(?) it's broken due to swiftUI bugs, i'm trying to find the root cause but so far no luck

No I’m on 16.5

with TS

It should be theoretically possible to install TS on an HD with checkm8, right?

Also I read above somebody said kfd hates A8? Is that just on Apple TV?

yes, but on 14

Apple TV HD KFD won't work, but MDC will on tvOS 16 and up

Oh nice. I thought MDC only worked up to 16.1.2

I thought it was fixed in 16.2?

it does

You said MDC would work on tvOS 16 and up so I was confused

well, from 16 to the highest it is compatible with

where is the jailbreak guide?

For what device? What version are you on? Need to be more specific lol

for what

there's no jailbreak

@ionic copper Do you have an SSH ramdisk version that works with AppleTV?

i do

Can I have it?

what device do you have?

HD

the ramdisk won't work with trollstore

Why couldn't I manually overwrite the persistenceHelper_Embedded in Developer using ramdisk?

Quick question, if I can downgrade to 13.4.8 can I upgrade to whatever version I want? (Apple TV 4/HD)

no

Like in iPhone, only signed versions… I hate Apple

thanks

you can between 13.4 - 17 if you have blobs

is there any advantage in getting apple tv 4k gen 2 on tvos 15 over a gen 3 on tvos 16? I'm guessing no, just wanted to check

wow really futurerestore will still work with ATV 4 HD? I still have blobs somewhere. I can update from 14.7 to 16.6.

technically it should be possible to go to 16.6 from 13.4 via beta updates

but I'm just trying to do that and the update keeps failing for me

yea doesn't work, tried like 5 times

it always ends up failing, apple seems to have fucked something up

just to confirm, there's no way to downgrade to 16.6 any more right on an HD?

wondering about the same

You can, with blobs

Yes

The only thing you cannot do with an HD is downgrade to 10.2.2

unfortunate, i just bought an HD with the assumption that 16.6 was still accessible but i obviously don’t have blobs

Because of SEP

If you're on 16.6, retrieving on-board blobs is possible via SSHRD

i believe it’s on 17.2 but we’ll see when it gets here monday

i was hoping to be able to dump and decrypt an app that requires 14.0 but i guess i won’t be doing that

What app? I can jump to decrypt

Don't need trollstore to decrypt when checkra1n works

i have several people that can decrypt it for me, i was just hoping to mess around with it myself

i’m assuming there aren’t any checkm8 based tvOS 17 jailbreaks out yet?

nope

Well, you can use kpf

To get code signing

But still need kernel rw to gain root

misaka doesn't seem to work for me on atv4 16.6, anyone any ideas what I'm doing wrong?

i press 'kopen' and it doesn't seem to be able to exploit

keep trying, it might take a few attempts

do I just let it run

or close the app and retry?

On HD?

yea

I've had to restart the Apple TV through system settings everytime Misaka failed. It eventually worked after several restarts (Apple TV 4K gen 1 and gen 3)

i don't think it's working with ATV4

hmm okay. I might test installing TrollStore when I get a chance to bring out my apple tv 4 hd from storage. It's on tvOS 14.7 checkra1n though.

so for those wondering, tvos 14 - 17.0 (including 17.0 betas) are all compatible with trollstore

this is confirmed on the HD and /should/ also be for the other 4k devices as well

sad part: you can't selectively downgrade with the 4k second or third gens. You CAN however, build an ipsw for the 1st gen, but to downgrade requires a modified version of checkm8 etc etc

IF you do find a device on 15, 16, 17.0, theoretically you CAN trollstore

But there’s currently no way to install Trollstore on 17.0 on 4K 2nd and 3rd gen yet, because KFD doesn’t work. right?

indeed. An exploit is required and maybe kfd might work? just need to iron it out

So same situation we are in with the iPhones on 17.0. Dang

shoud've been obvious

@trim wagon I’m having the same issue with the Apple TV HD not working.

did you save any blobs?

saving such would be ESSENTIAL to get trollstore working as of now

I have some blobs, yes. I’m on 16.6 currently.

what blobs?

if you have anything from 14 - 17.0, then you'd get trollstore no problem

What would be the process?

I’ve got 14.0.1, 16.1, 16.3.1, and 16.3.2. Didn’t you say it’s possible to retrieve current blobs off device as well?

it is, yes

i can give you the script i have that'll download the apple tv firmware, patch them and will grant you ssh access

from there, you can dump the raw image then convert it to a blob

What's the method of installing trollstore if I have blobs?

to downgrade to 16.1, install using MDC, then update to anything higher than 16.0 and below 17.0

you will need to set the nonce, which a mac is highly recommended

I use Ramiel

if you don't have a mac, you may downgrade to 13.4.8 using windows (it's signed) or use linux idevicerestore

and checkra1n with installed linux or use a live-boot method

Ok so here's what I'm thinking... save 16.6 blobs off device. Downgrade to 16.1, install trollstrore with mdc, upgrade back up to 16.6?

you can, but with a pc.. downgrading via windows will be difficult since you need checkm8

I've got a mac

even better.

Can you send me that blob script you mentioned? Also, where can I find ramiel?

ramiel is on github

easy to find

you will need to fix up ramiel to set the nonce which is easy to do.

took me like 5 mins

requires zero compiling

To make it compatible with appletv, yes? (Since it looks like it's just working for iOS/iPadOS

ramiel?

Yes

it works with apple tv out of the box

it just has an issue with setting the generator

Ok, what are you saying I will need to "fix up ramiel"

oh ok

it worked fine before, then apple updated 😛

Wouldn't I just be able to use SSH access to manually patch the Developer app with the PersistenceHelper_Embedded?

Can I have this script?

Doesn't work that way

I'll send it in a bit

Why not? It worked like that on my phone.

Because Apple added different security to tvOS

Oh

So how does misaka install it then

I thought it was just replacing the file lol

HD doesn’t seem to be exploitable with kfd though?

https://github.com/straight-tamago/misaka/issues/270

indeed not, hence why mdc is needed

kfd should be supported, but my guess is they’re not accounting for 4k page sizes properly

cause meowbrek2 works fine on A8(X) devices, and it makes sense that this issue wouldn’t be accounted for (since iOS 16 only supports A9(X) and later devices)

installed trollstore on appletv how can i block ota updates?

Wondering this as well. I have Misaka 5.3, which allegedly has the OTA blocker inside the settings, but it’s not there for me.

Also if anyone is having trouble installing Kodi via Trollstore I got it working, it was a little involved.

can you share the kodi ipa i need it too

I'll need to figure out how to share that, its a little tricky because if you jsut build an ipa from the deb it doesnt work. There is a workaround but you have to remove a folder inside the ipa and repackage it to get it to work for versions above 18.9. Since tvOS didnt get releases before 19.0 there are no working files available that I know of. It sounds like it's an issue involving the switch to python 3.

For myself I hosted it on my personal dropbox and then pointed trollstore to that, I need to look into how secure that is to share that link around, but if it seems legit I can pass it along

if you follow these two guides you can do it yourself. https://www.reddit.com/r/jailbreak/comments/188nlku/kodi_black_screen_ios_163_trollstore/

https://kodi.wiki/view/HOW-TO:Install_Kodi_for_iOS#(option_B)_Sideload_a_self_signed_.ipa_file

ok thanks

Is there an app like Filezilla for Apple TV to access the file system?

spartan

going the manual route?

I'm working on doing that right now

supposedly you can do it using the misaka IOS app paired with the tvOS version, but that's not working for me

https://github.com/WhitetailAni/Spartan

as a tip, if you host ipa's in a drop box in order to get the ipa to work for me with trollstore i had to copy the share link and then change the 0 at the end after "dl=" to a 1, that has been working consistantly for me.

You have to reinstall misaka through TrollStore to get the OTA blocker in settings.

ahhhh thats the secret! I'm gonna go give that a try right now. Thanks

do you mean misika app? i installed it with trollstore but the apps crasch cant open it

That makes a lot of sense, since when it's just sideloaded I would assume it lacks the entitlements necessary to access the file system.

no installed via trollstore for me. Did you follow that reddit post to remove the config folder inside the ipa?

no what must i do?

make an IPA from a deb following the instructions from the kodi wiki i posted. but before you creat the zip from the folder named Payload in step 7, follow the steps in the top comment on the reddit post i linked above. Basically you need to show the contents of the app, go in and remove a folder. then finish following the steps in the kodi wiki.

It worked for me using the 20.3 release

Thanks, that did it!

In case you didnt see it, @Phoder pointed out that you need to reinstall the misaka app using trollstore so it has access to the filesystem in order to succesfully use the OTA Blocker built in to the settings inside misaka

kodi already done works too

do you try it with misika does it work for you?

try what? getting the OTA blocker in misaka to work? yes it worked for me after i reinstalled it with trollstore.

yes

ya delete the misaka you sideloaded, and install it via trollstore

then the option will appear in the settings menu in misaka

I turned it on, and restarted as instructed. My aTV now shows up to date when i go into the settings app.

OK, that makes sense

ahhh yes i get what you were saying now, I misread your earlier response. That's all i had to do, and it worked fine for me, make sure you are pointing to the misaka for tvos ipa not the ios version.

ok thanks it worked now

What I need is YouTube ad blocker for appletv 👀

Couldn’t agree more. I hear yattee works but it’s a little ugly and you can’t sign in. That said I’m gonna try it anyways since the frequency and length of the ads on YouTube has gotten ridiculous.

Any working kodi ipa with trollstore ?

@stone crescent Yes but you’ll need to build it, take a look at my post above in response to ravika

Following Steps, but when I go to install in trollstore I get "Parse Error 30" "Unable to locate app bundle inside the .IPA archive."

Can you share your ipa ?

is there any way to get 16-16.6? im jb on 13.4.8 hd 4th gen

Do you have blobs

for 16? no but i can make 13.4.8 rightt

without 16.6 blobs you can’t get to 16.6

pardon if im stupid, but you cant share blobs correct?

No, you cannot unfortunately

they are specific to each device

I'm on 16.6 latest model

You can also just use Filzas built in WebDAV server on your phone. Or if you have your own Discord server, you can upload the file there and then copy the download link and use that as well. I have done both.

Thats a good idea, it would be cool to have a library for trollstore IPAs like there is for iOS on GitHub. I am tempted to try to do it, but I’d have to learn a few things first.

Maybe I’ll reach out to the owner of the iOS one and see if they can setup a subsection for tvOS

Piracy

And yet why they haven't been taken down for dmca is beyond me

Ok I found an HD on 16.4 that I can get for cheap, any reason I shouldn't get it instead of one on 16.6?

Also, if we erase it via settings will it update?

There’s a button for erase or erase and update

As long as you don’t hit erase and update, no it won’t

perfect

I'll get this one then

Here it is on mine lol

perfect, I couldn't remember if that was the case or not

thanks!

The fact that Apple still has the option to reset without doing a firmware update is quite surprising tbh

Ya that was one of the things I was gonna look into, not sure how that works with all of the different licenses that things are released with. But even if there was a central place that linked to original files that wouldn’t suck. In the past with proper package managers this was mostly not an issue since most things were organized into a few good repo’s, but with trollstore it’s just less organized.

I was definitely pleasantly surprised, I guess I’d just assumed you weren’t able to do that anymore.

Ok so with an Apple TV HD on 16.4, I can use this link to dump onboard blobs via ./sshrd.sh dump-blobs right?

https://github.com/verygenericname/SSHRD_Script

then I can downgrade to 16.4 in the future if I ever update

and I can also use TrollStore-tvOS (https://github.com/straight-tamago/TrollStore-tvOS) on 16.4

also Palera1n

it's been forever since I've been in the jailbreak scene, if it's not obvious

I can’t seem to get Misaka to install TrollStore. I’m jailbroken with Checkra1n on tvOS 14.6. When I open Misaka it will almost immediately crash. If I run ldrestart I can get to the point where I can actually click the mdc mode button which fails to grab free pages goal through the krkw helper. It seems like this whole misaka landa exploit process should be totally unnecessary considering I already have root access. Is there a way to install TrollStore without Misaka?

Best as I know misaka support doesn’t extend below 15.0, so I’m not surprised that isn’t working. But TrollStore for tvOS says it’s good down to 14.0, though it isn’t clear how you install it as the linked guide is for iOS.

Have you tried just sideloading troll store? Since you’re jailbroken already I could see it possibly working, though admittedly I could be way off on that.

https://github.com/straight-tamago/TrollStore-tvOS

How did you do it? Is there a step-by-step tutorial?

I’d be interested to know if you could manually replace PersistenceHelper_Embedded (you can find it on the releases page of the above linked repo) in the Developer app, roughly following tutorials from the early days of TrollStore 2 on iOS where we copied that file into Tips. (Like this: https://reddit.com/r/jailbreak/comments/185kh7b/misaka_install_workaround/ )

@oak island ^

@stoic crown I’ve thought of that. However the Tips app is installable through AppStore (if it isn’t already installed) whereas the Developer app on tvOS is not. If I replace the developer app binary with the persistence_helper, Im not sure how I would then be able to launch the developer app as it wouldn’t be present on Home Screen (Pineboard)

what would tips vs developer gain you?

i'm trying to understand how trollstore/misaka work

@earnest grotto Tips app isn’t available on Apple TV therefore the percentage_helper needs another system app (Developer) in order to exploit the core trust bug which tricks the device into thinking your sideloaded app is a system app as opposed to a user app and persist on your home screen through uicache, reboots, etc…

gotcha, didn't realize Tips wasn't on Apple TV

@green basalt I’m guessing sideloading a TrollStore .ipa would work however I don’t think one exists for tvOS. I can’t find a .deb file either which would be easily installable through nitoTV (Apple TV package manager)

Not quite, needs to be modified

ah

you've made the modifications already though, right?

would you mind sharing that?

Maybe I'm misunderstanding you, but the developer app is installable through the app store. You could also try TestFlight (The other app that misaka uses during installation)

@stoic crown Your right! I was confusing Developer with the diagnostics app. My bad. I’ll try this. I was also thinking about the ssh ramdisk method for checkm8 devices

im sorry, is palera1n available for atv??

and if so, for what os?

i thought it was, but i think I was mistaken

oh okay lmao

hey, i have some blobs for 16.4.1, but i think i didn't specify the apnonce nor generator, is there something i can do with them? im assming this because i keep getting the "Device ApNonce doesn't match APTicket nonce" on futurerestore

is there somethinmg i can do

I remember when it was announced that the only susceptible devices that were continuing to receive OS updates were iPads and Apple tv’s there was an announcement from the team that they were going to continue iPad support for now, and that they intended to bring palera1n to the HD and 4k 1st gen, but I haven’t seen or heard anything else about that since.

u dont need the apnonce for hd/4k afaik

it's only for A11+ or so

so what u do when using futurerestore is just entering the apnonce that u can find in the shs2 blob

can you guide me please?

I haven’t seen any field to enter the apnonce on futurerestoregui

not apnonce, but nonce generator value

if you don't remember it, you'll need to do a pwned restore and enable the set nonce button (but don't type anything in)

okay, i do have it from inspecting the file on the notepad, but i still tried to do it as you said and it didnt work, i keep getting the error "assure failed"

No

yeah ik i was confused because cobre said so

Currently it fails while trying to load stuff before PineBoard loads - I would have logs by now but I bought the wrong debug cable

Anyone got a certified certificate

what am i doing wrong? i just keep getting an "assure failed" error when i try to downgrade my apple tv 4 to 16.4.1 with futurerestore
https://justpaste.it/fea63

Is this on an HD? If so, you don't need to do a pwned restore

yes, it is on an hd, but im doing a pwned restore because the nonce generators dont match between the atv and the blob

the ecids match tho

Do you have a Mac?

yep

You can use Ramiel to set the nonce

Just need to edit Ramiel

Just that?

Yes

Ok ill give it a try, thanks!

I got this error now: Device ApNonce does not match APTicket nonce

Yes because you have to edit Ramiel

yes i already did it

let me do it again

Wdym

i changed the nonce generator on ramiel

That's not what I meant by "you need to edit it"

I'm talking the app itself

Sorry but i dont understand

How do i edit the app?

Download and install hexfiend

on the app store?

okay i have the app what do i do now?

right-click ramiel, show package contents

okay

navigate to Contents/MacOS/Ramiel

open the Ramiel file inside hex fiend

inside hex field, press command F

it'll bring up the find strings

look for com.apple.System and click "next" until you find setenv com.apple.System-boot.nonce

change it from com.apple.System-boot.nonce to com.apple.System.boot-nonce

click save, then ramiel should work

alright

im going to try it

it doesnt want to open now lol

what macos are you on?

14.1

what happens when you try to open it

this ^^

it opens and suddenly closes

i wonder how you edited it

i just edited the string on the right

but did you delete the whole thing?

then copy/paste?

yep

do i have to change the setenv part too?

that's the issue

nono

i mean

it's literally one dot change

i wrote the thing

i didnt copy/paste

because if you just edit the one dot, it'll work

hold on, I'll see about something

i did everything as you told me

this

im sorry i meant to tag this

maybe that's why.. System Integrity Protection: enabled

lol maybe

you can disable it

yes i am doing that rn

okay it seems to work now

did it actually work with integrity disabled?

yes

what do i do now with this?

well, if it works, you can use it

just to change the nonce right?

yes

because i tried to load an ipsw file and it just crashed

dont know for what it is meant lol

ramiel does it for you

what parameters should i use on futurerestoregui?

you don't even need futurerestoregui

it's never worked for me

i just /path/to/futurerestore -t /ticket.shsh2 --latest-sep --latest-baseband /path/to/ipsw.ipsw --no-baseband

works every time

nothing special

okay it works now

thank you so much dude

np

ive been trying everything for three days now lol

i should recompile ramiel to update

that way you don't need to disable sip

yeah that would be awesome

because granted this bandaid works, it's not viable for everyone

did the downgrade succeed?

yes

it worked with the gui too which is amazing lol

im just trying to exploit the atv with misaka

problem with the gui I find is too many toggles to play with

what did you downgrade to?

16.4.1

go to 16.0

if you can

then use MDC

i cant

cause kfd won't work

i dont have blobs for that version

what why?

what versions do you have bobs for?

because a8 isn't liked

just for 16.4.1

oof.. until misaka updates kfd or if kfd improves..

maybe i can use other blob from a different atv?

no

blobs are device-specific

so i cant use it at all?

nope

you can keep trying

maybe you'll get lucky?

ill let it run for a while and see

and what do the parameters in settings mean?

wdym

like landa, sem_open and all the numbers

the numbers are how many pages

the others are kernel read/write primitive options

landa/sock puppet etc are the exploits used

no luck yet

not surprised.

your odds are best winning the lottery

by that time, we'd still be exploiting a8

but at least you have the capability of downgrading which is a plus

Well fuck me then

I did it for nothing lol

not really

Do you think there will be a fix to this?

there's always room for improvement

of course

Oh okay then

Wait

Does this happen too with older misaka versions?

probably worse

best thing that works for a8 is mdc

but it works up to 16.1.2 afaik

it IS possible to tether boot

then simply trollstore, then update to 17.0

or 16.4.1

exactly

but i don't have the blobs for it

tis why i mentioned tether booting

what's that?

boot tethered

needing a computer to boot

oh i see

and how can i try to do it?

well I'd need to fix the script to do so

theres no quick fix for it?

@gritty hamlet said earlier that a8 devices can be supported with kfd because meowbrek2 works on a8 devices. I feel like Misaka could be updated to properly support kfd on HD Apple TVs between 16.1.2-16.6 but I don’t know enough about it to say that with confidence. I’m still holding out hope.

Oh, except meowbrek2 doesn’t support 16.x…. So maybe that’s wrong info? Idk.

well there are no A8(X) iOS devices that got 16.x

Ah. But is meowbrek using kfd or mdc?

kfd?

mdc can’t achieve kernel r/w and was also patched in 15.7.2 anyways

Any success?

Darn developers... what's the incentive to up the minimum OS requirement on apps so quickly? Tubi is a free streaming app and now requires 17.0. What's so special about that app that it requires the latest update?

I bet you it’s probably the enhanced dialogue system in tvOS 17 that they are starting to use

Does tvOS let you install the last compatible version like iOS does? I haven’t tried lol

it should, though you may have to get it from the Purchased tab

Hmm. What if I haven’t downloaded it before?

maybe try downloading it on an iPhone, i think that should sync your purchases

Oh good idea i’ll try that. I just heard about Tubi recently and was thinking of trying it, but I didn’t realize it required 17 already 😫

When you hcave a chance, can you send me the modified script?

i could just push the script on github

that would be brilliant

although the ramdisk doesn't do much good other than block ota when 17 tends to restore root fs upon reboot

i think 16 does that too?

All I'm wanting to do is dump blobs for 16.4

do you have trollstore installed?

I don't have my hands on the tv yet, but i'm trying to gather all the tools I need so that in a few days when I get it I'll be good to go

I plan to install TS though

is it an HD?

HD on 16.4 yes

yeah, you're not getting trollstore on it

it would be amazing if the github would actually say that

https://github.com/straight-tamago/TrollStore-tvOS

so what can I do with it?

i do understand what the github states

but kfd doesn't work with 16.4 on a8

which is what the HD has

alright

so what are my options, am I out of luck for everything?

My end goal was to be able to dump and decrypt IPAs, but that may not be possible ig

afaik, you could just wait until misaka gets updated

we're working on it

so far, the best bet is to downgrade, but I doubt that device has blobs

it doesn't

so in the meantime, can I use your modified script to dump the 16.4 blobs?

or no

you could, but the blobs would be useless unless you want to go back and fourth

what do you mean by back and forth?

from 16 to 17 back to 16

ah, you can’t use them to go from 13 to 16?

you can, seeing as 13 is signed forever

that’s fine then

hold on.. i have an idea

i’ll just dump them as soon as i get my hands on the tv and your script, and then once I confirm that those blobs are valid I’ll probably go down to 13 for a bit until Misaka/Trollstore are updated

anyway ping me when you have a chance to upload the script for dumping blobs, thanks for the clarification!

@stoic crown No, the Developer App just immediately crashes when I open it. Thought about trying to compile TrollHelper from straight-tomago’s repo, adding the persistence helper and packaging it as a Deb file which I can install by airdropping it to NitoTV

you don't need to.

actually; I think the scrip already works for apple tv

just download an older version (I can send you instructions to get older versions of app store apps)

Download it on a different device, or through an old version of iTunes that allows downloading apps

Here's the older version: https://web.archive.org/web/20181116064137id_/https://support.apple.com/en-us/HT208079

Thanks I have the app already for my device which is on 16.5. Just surprised at how quick some apps need 17 already

well, 18 is brewing..

I also recompiled ramiel to work

requires macOS 13.0.0 or higher

https://ios.cfw.guide/installing-trollstore-tvos/ suggests otherwise (CC @earnest grotto)

it's amazing how much conflicting information there is

it's amazing how much they don't pay attention when I mention compatibility

15 - 17

desn't that include 16.4?

it does

you just can't install it the official way

@gritty hamlet trollstore can be installed via checkra1n and/or sshrd

works for all CT-compatible versions

(a8)

is there a guide out there on how to do that, or would we be on our own?

a10 is possible if goldeneye/dcsd was conducted

i have a guide

I'll quickly post it

How to install TrollStore on any Apple TV HD:

This covers firmwares of tvOS 14.0 beta 2 - 14.8.1, 15.7.2 - 15.8.1 and 16.2 - 17.0. Reason why for these specific firmwares is because KFD may or may not work at the moment. If you're on tvOS 15.0 - 15.7.1 or 16.0 - 16.1.2, you may use MDC to install. For the others, there are 2 methods of installing..

Method 1: if you have blobs saved on tvOS 14 - 17.0 then you may downgrade to 13.4.8 (this firmware is signed forever). From there, you can SSH in via checkra1n and overwrite the apps binary with PersistenceHelper from this link https://github.com/straight-tamago/TrollStore-tvOS/releases/download/2.0.11.v3/PersistenceHelper_Embedded on any sideloaded/AppStore app.

(For ex) the Developer app, use the command find / -name Developer.app to find the location of the app, from there I then used scp -P 44 /location/of/PersistenceHelper root@Apple_TV_IP_Address:/location/of/Developer.app/Developer If this is too complicated, you can also use winSCP, Cyberduck and log in as well with the settings of: Protocol:SCP Port:44 Server:Apple TV IP Address Login:root Password:alpine and find the app, then overwrite.

After that, you may use futurerestore -u -t /location/of/blob.shsh2 --latest-sep --latest-baseband /location/of/ipsw.ipsw --no-baseband with any of the blobs between 14 - 17 to selectively update to. After that, click "uninstall TrollStore" inside the sideloaded/AppStore app you chose, then reinstall TrollStore. It should then work.

If you get "Apnonce no match" or anything of that sort in futurerestore, you'll need to set your generator. You can do so after using checkra1n with the following commands: nvram com.apple.System.boot-nonce=GENERATOR The "GENERATOR" is the number inside your blob file. That code is usually 0x1111111111111111

Method 2: if you DO NOT have blobs saved, you can use SSHRD to install the PersistenceHelper on any sideloaded/AppStore app and it will still work.

For A10, it may be possible to use a ramdisk and overwrite said files (Apple TV 4K 1st gen) but requires Goldeneye cable and DCSD.

hope that helps @earnest grotto

brilliant, I'll give it a go once my HD arrives

thank you!

I'm assuming there aren't any special instructions for using SSHRD to do things like dump blobs, just follow the GitHub instructions?

it /should/ work on the latest

perfect

it does cover j42dap and t7000

which is apple tv HD's specifically

cool, appreciate the help!

this is primarily unfinished

is there any reason you couldn’t ssh in via checkra1n on tvOS 14.x?

Is there any guide/write up for what we can do with tvos? Like trollstore, jailbreaks, or exploits in general

what are you even asking

Like what can we do on tvos

Exploit wise

Probably the same exploits iOS has

you can

checkra1n for the majority

rest of it is trollstore and kfp for palera1n

That’s amazing

can we pin this in the channel?

Where can I download it?

What if I’m already jailbroken with checkra1n on ATV 4 HD tvOS 14.7? Same method?

yes

checkra1n just makes it easier

if you're already jailbroken, you need not downgrade

it's only if you're on the latest

I hve to run some tests but I'll upload it github

What are the supported Apple TV’s and OS?

I did it step by step and it didnt work

Sounds good

Is it enough to just do the scp thing and leave it like that or do i have to delete files?

Depends what Apple TV you have

Got the 4k one Gen 4 I think? What’s the newest one?

@ionic copper how is an sshrd made on an atv?

Same way it is for iOS

The github script doesnt work for me

Error?

yep

something about sigpatches

.. What's the error

wait

getting get_sigcheck_patch() patch
main: Error doing patch_rsa_check()!
[-] An error occurred

Try making 15.4

I'd give you the ramdisk but I think it's against the rules

now it works

Good

but the atv doesnt show any image

That's normal

You can now use iproxy

Set up a port with 44

So iproxy 2235 44

Then ssh in to said port

ssh -p 2235 root@localhost

After typing in the password and logging in, use mount_filesystem

done

its stuck on rsep nonce

is that normal?

Yes

You should still get some kind of line to type in

yes

what do i type?

Well.. what’s mentioned above

#tvos-jailbreaks message

Any chance you might be able to post a trollhelper Deb for tvOS on your NitoTV repo? Would make installation a beeeze. Also , your instructions on ssh’ing in and replacing random.app binary with the persistence helper, does that only work with the SCP protocol? I did the same exact thing only via SFTP and the app crashes immediately when I try to open it.

What tvOS version are you on that it crashes?

@ionic copper 14.6

The app probably needs to be refreshed or the device rebooted

Tried that, I’m thinking it had something to do with me opening the persistence_helper to take a look around and then not resigning it with ldid after. Would that make sense? Also one other unrelated question…If I have a tvOS .tipa file that I wanted to use as a regular tvOS .ipa file and say airdrop it to be installed ReProvision, is converting it as easy as just renaming the file extension to .ipa?

i have a better idea

@gritty hamlet could you add a picture to the assets inside cfw website?

that way the guide can see it

I can add it, but you should be able to add it yourself

I tried, I kept getting a 404

uploaded, also submitted a review and requested changes on your PR

I'm looking through your guide and it looks good, but how come you aren't saying anything about KFD not working on the HD on 16.2+ and having to install via #tvos-jailbreaks message?

I realize that's (hopefully) a temporary thing, but you should put a notice there for now imo

did you intend to ping Mastermike88?

nope, i'm talking about zenzeq's changes

any idea why troll store doesn’t work?

I’m trying to install Kodi

I know why

?

Copy debug log, I guess

Wtf it just worked

I tried installing mame and it worked

Because it’s still a wip

do you have any idea on why trollstore doesn’t finish installing kodi?

It gets stuck on the installing screen

Because the new Kodi has different builds, you can use older versions

If you install successfully through TrollStore, can you let me know which kodi build you used?

17

Works just fine with the method above:

tvOS 14.6

Why is it so low?

That version is obsolete

And there are little to no plugins available for that version too

Wait did you replace the NitoTV binary?

Yup

Just an idea, but for the ios.cfw.guide would it maybe be easier for begginers to replace the instruction of first downloading the PersistenceHelper_Embedded with downloading the .tar and getting the PersistenceHelper binary directly from TrollStore.app?

I have a better idea

Just need to implement it

trying to reinstall misaka through trollstore for the ota blocker but it has no icon and doesn't launch

have refreshed app registrations and restarted

is it a common bug?

Reboot

was my bad, I accidentally pasted the iOS ipa in trollstore

all good now

@ionic copper Any idea why this is happening?

What are you installing? And what os?

Just trying to install TrollStore 14.6

But what are you using to install it with?

The method you recommended above. 👆 overwrote Developer.app/Developer with PersistenceHelper via SCP

Try rebooting

@marsh rune I used the 20.3 release version. I had to modify the ipa to make it work. See if following the two guides works for you. Do the kodi wiki for converting from deb to ipa but before archiving in step seven follow the instructions in the top comment of that Reddit post. Hopefully that works for you, did for me. #tvos-jailbreaks message

I must be doing something wrong because it keeps getting stuck on the installing screen on trollstore. I did what the top comment said and it still won’t work. Just to make sure, did you delete the config-3.1.1-darwin folder right?

Nvm it did work

Thank you so much! @green basalt

Does removing that folder remove any functionality?

hi guys, I installed misaka and ran the summa developer mode on my Appletv.... but how do I install trollstore now? thanks to who helps me

I would not use 5.2, it does not block OTA properly. I had to go back to using 5.1 but since then 5.3 has been released and is suppose to fix the issue.

thak for your reply man , ok but after the misaka installation , what i have to do for install troll store please ?

I installed Misaka/TrollStore on four ATV 4's (16.5) and I documented my success as I went along. This was mine, yours may differ slightly...

Misaka/TrollStore for ATV
Note currently Misaka 5.1 or 5.3+ works for OTA blocking (5.2 does not)

1. Make sure Macbook is paired to ATV with Apple Configurator (any version). If not, go into ATV Settings>Remotes and Devices>Remote App and Devices. Need to have the Remote App and Devices page visible in order to pair in Apple Conifigurator.
2. On ATV, download Apple Developer app. Open then quit it completely (Misaka will use this app later to install TrollStore)
3. Keep Apple Configurator open and launch Sideloadly. Load Misaka IPA and use an AppleID that has free signing slots then click Start. When done, quit all apps on Macbook.
4. On ATV open Misaka>Settings makes sure Landa is set by default (for tvOS 16.5). Back on main screen click "kopen". If it crashes, quit app from app switcher & run this step again.
5. Click Install TrollStore and on the popup screen click "Developer". If get an error, quit Misaka from app switcher, reboot ATV and try Step 4-5 again.
6. Open Developer app and click "Install TrollStore". ATV will automatically reboot. Open Developer app again, click "Register Persistence Helper".
7. Delete the sideloaded Misaka app. Open TrollStore, click link icon on the right and enter the URL of the Misaka app then install.
8. Open Misaka>Settings and click Block to block OTA updates. Reboot (not respring) and check if updates are now blocked.
9. Use TrollStore to install any other apps

It crash in this page and i dont understand Why

I have tvOS 16.2

what apple tv is it?

oh wait, you have HD.. use sshrd

Looking at the SSHRD readme, do you have to specify tvOS vs iOS?

The iOS version doesn't have to be the version you're currently on, but it should be close enough, and SEP has to be compatible
If you're on Linux, you will not be able to make a ramdisk for 16.1+, please use something lower instead, like 16.0
This is due to ramdisks switching to APFS over HFS+, and another dmg library would have to be used```

yeah, sshrd is your only hope

./sshrd.sh boot```

ah, you just specify the IPSW

perfect

and does that version have to match the currently installed version (15.4 in this case)?

no

ok thanks

15.4 works in conjunction with 15 - 17.3

perfect

sorry man , can you send me the guide to do that please?

do you have a mac?

#tvos-jailbreaks message

i have only a virtuam machine whit macOS ...i have a normal laptop

you'll need either a hackintosh or linux

you can make a live boot linux disk pretty easily, might be the best option

i have already a virtual machine whit Linux kali 😛

vms won't work

needs to be a native installation

ok, i try to make a live usb bootable whit linux , and after that what i have to do ?

after that, just clone the sshrd repo, download tvos 15.4 ipsw and make the ramdisk as mentioned above

sudo apt-get update
sudo apt-get install -y git
git clone --recursive https://github.com/verygenericname/SSHRD_Script.git```

but this install somethink in the apple tv in this way ? i dont understand sshrd what si for

sshrd is going to be used to install the TrollStore persistence helper

this then, installs trollstore

misaka uses an exploit to install trollstore but...
This covers firmwares of tvOS 14.0 beta 2 - 14.8.1, 15.7.2 - 15.8.1 and 16.2 - 17.0. Reason why for these specific firmwares is because KFD may or may not work at the moment.

sshrd allows you to get ssh access to the apple tv