#tvos-jailbreaks

you mean settings

nooo 💀

like

well kinda?

So did it update or no

ok lemme make this clear

i don’t know if it updated or not

there’s no reason it should’ve

Check on the tv

due to the ota blocker

i would’ve checked it but i don’t have access to it at the moment

If it did a normal update

it shouldn’t have

And u ran the cat command

misaka ota blocker

i already had TrollStore on it

The blob should still be there i think

then IF it updated

.

then it’s not that bad

let me reword that

true ^

Need to jb ssh and check

the only other person

who uses it (that i gave permission to use it)

knows not to update it

if it ever so happened to prompt one

not on local

My apple tvs that have misaka ota block

Still say the version properly in icloud

so therefore no reason it should say 18.0

yeah and that’s the problem

icloud reports everything correctly

so that means someone else was using my stuff without permission if it was ever updated

when i get access to the tv again we’ll just have to see if it saved the 16.1 data properly

IF it updated

Also the command u ran

Not sure which one u ran

idk it was cat smth smth

i don’t feel like digging through dms to find the command

But i had to modify it bc the normal cat command wouldnt give a proper blob

It would fail when converting the raw file

The blob data has been recovered

Just not converted

Probably disk 2 from 1

Yea it was something i told u the other day

already been done

luckily enough; they didn't update so the command can be modified and re-run

Why are they saying they updated lol

They're unaware if it did

oh @outer spruce

^

there’s no reason it should’ve

I was going to ask

however icloud says otherwise

and i can’t confirm if it did or didn’t

when you plug in DCSD to trigger DFU for the 4K..

how many blinks does it take until the apple tv trips?

or does it happen immediately?

immediately

really? so the moment you plug it in to a pc with goldeneye it just.. boom?

it’s like as if you were to throw an iphone or ipad into dfu mode normally

yeah

interesting

is that not normally supposed to happen?

the breakout board DFU takes 12 blinks whilst holding down the button

in order to trip dfu

damn

which i don't mind

idk i dont find it too terrible to just use dongles

nothing cable management can’t fix

but my DCSD doesn't trip with the breakout board installed.. maybe it's the solder job

I'm currently teeter-tottering between a theory of having a bad cable.. or the Apple TV mod is getting in the way

until the dongle ends up bending the wrong way

interesting

does any documentation specify that it happens instantly?

or that it is supposed to immediately trip DFU

interestingly enough; no. I do wonder if all three lights light up? or are there certain lights during dfu?

i don’t wanna wait like an extra 5 weeks to get my cables to rejb due to a power outage so trust me when i say ima take great care of the dongles

no it’s just all three always

idk how to explain it

when i get access and rejb the tv i can like film how it goes

Ah yes. That does explain it

I thought maybe the lights would blink or change to signify the process of DFU

are you able to trip DFU without rebooting? like can you just plug them in as-is and it goes instantly?

i’m not entirely sure

should i test it?

(obviously when i have access)

no it just

kinda works

you plug it into a mac and it trips dfu

if you want. AFAIK, I'm going to make a document as to how this works with the Apple TV seeing as the applewiki has zero documents about it specifically.. including the Goldeneye pinout and voltages and how it works to DFU whilst splitting USB and ethernet

because the goldeneye doesn't just split the connection

for documentation purposes yeah im down to test it

i don’t have ways to measure pinout and voltages but i can test the dfu thing so at least not all is lost

oh no, I will

based

i have the goldeneye too

like while the atv is on?

and it's confirmed working because I have re-restored my 4k

nice

not that i NEEDED to, but I wanted to test the modded ipsw

which worked to install trollstore without an exploit

and of course, permanently block the OTA with no vpn, profiles or anything like that needed

yes, I'm thinking that it's a possibility seeing as DFU can also be tripped on iOS while the device is on too

well then i might restore with a custom 18.0 ipsw for blocking ota

seeing as recent 18.1 betas break palera1n

i can try when i get the chance

very possible. But I am sad for those on 2nd gen tv's.. oh well, stop buying newer devices! Apple will kill our abilities to modify

it would be funny if i could use my ipad to rejb it

usb c

you actually can

i know

is it worth it? no

is it funny? yes

is it a waste of time and tedious? also yes

failure rate? yes!!

are you prone to tripping over more cables than you were when just the laptop was plugged in? Absolutely

funnily enough it’s not more cables because i don’t have a laptop with a usb port

How do you not have a laptop with a port? literally every laptop has a port

like

a normal usb port

it has usb c ports

oh, usb-c

so i had to use an adapter

I'm guessing macbook 2019?

yes!!!

(somebody kill me)

I wonder if someone has found a hardware mod to convert usb-c to usb-a without an adapter

usb-a to usb-c!!

modernize AppleInternal! (why does everything go back to lightning!)

because lightning makes too much money to change. Especially when manufacturers have to purchase a specific license to be considered 'MFI'

sigh

and to be recognized by billions of devices without the "this cable might not work.." message

is that actually part of iOS ?

the alert?

or was that like a whole

idk i’m sleep deprived

Oh yes, I've had my fair share of knock-offs going under complaint by iOS to ensure that it will not connect without said certificate embedded inside the hardware

interesting

which is why the cables are the same price as the cases and screen protectors

well i do find that kind of odd, maybe i just purchase the right cables because i’ve never actually seen a message deliberately say “cable bad”

9/10 it would either charge on and off or will fail to sync. Some cases, DFU would never prompt or during restore, the device would stay in recovery

iOS actually has a list of vendor ID's and manufacturer brand names that it runs down once the cable is plugged in

you'll notice this when you plug the phone to charge... it takes about 5-8 seconds for the charge to initiate

this is the action of iOS checking the authenticity of the cable

interesting

whereas android devices don't care.. hence why charging happens immediately after plugging in

but i do wonder is this with older devices that take a while to verify the authenticity because any cable i’ve ever tried has always just immediately worked

one good way to check if a cable is authentic is with the forbidden tool

I believe that tool also has the extracted list from iOS that it also runs down to tell if it's MFI certified

My Apple TV is on tvOS 12.2.1 is there a way I can update to a certain tvOS or no?

crazy

you can, with blobs

If I don’t have them saved it’s a no I’m guessing

you can save them.. what apple tv is it?

Apple TV HD 4th Generation

you have the ability to save 13.4.8, 10.2.2, 17.6.1 and 18.

you can also save your on-board blobs and get that 12.2.1 blob

Will probably do 13.4.8 how do I go about doing this.

download and install blobsaver

it'll automatically save all the blobs mentioned above

Is there a guide for going about this?

plug apple tv in to computer with usb-c

click "read device"

click "start"

profit

https://github.com/airsquared/blobsaver?tab=readme-ov-file

This the one?

yes

How do I restore from blobs? My bad for all the questions. Was looking it up and not really finding anything

at least jailbreak your 12 first and dump that blob

Alright thanks for the info!

Checkra1n or unc0ver? Which is better in your opinion

Did palera1n for Apple TV released?

Still on 14.4 with checkra1n on 4k gen 1 🥲

could anyone help me with this?

Checkra1n

You don't need palera1n

What do you need help with?

Checkra1n working?

Only for the version you're currently on

If you update, palera1n won't work well

I see

So I’ll stay on 14.4 ig

Thank you

so supposedly i’ve manage to save my blobs, but now the future restore gui throws me an error

pro tip: don't use the gui

but what binary should i use?

is it mac or windows?

mac

and what are you trying to do?

cause it says that v194 is deprecated

you're on the right track, just don't use baseband

i have an apple tv HD in 14.2 and i want to update to 17.6 using delayota, but given that I used jailbreak from checkra1n i’m not able to update son i’m triying to reinstall 14.2 through future restore cause installing the firmware ipsw will fix the update error and allow me to do the delayota thing

what’s that?

why? just go to 17.6.1

i want to keep it on 17.6 or 17.5.1 to use palera1n

it won't work either way

(palera1n)

why?

because palera1ns broken

i’ve seen it working

like what you could do... is delayota.. save the blob

it has issues

ohhh what issues?

where you need to restore root fs the device in order to get the jailbreak to work again

what do you mean

meaning you can use delayota to update to 17.6, then save on-board blob

mmm i don’t know how to do that 🙃

we do.

but again, the process is tedious

what tvOS are you currently on?

14.2

that's a good firmware

and i want to update to 17 to use tailscale exit node thing

i'd save the on-board blob for that

i supposedly have it

if you give me the blob, i can verify it

but i’d like to reinstall 14.2 to be able to update and save 17.6 blobs

ok

`BuildNumber : 18K57
BuildTrain : ArcherB
DeviceClass : j42dap
FDRSupport : YES
MobileDeviceMinVersion : 1253
RecoveryVariant : Recovery Customer Install
RestoreBehavior : Update
Variant : Customer Upgrade Install (IPSW)

[IMG4TOOL] APTicket is GOOD!
[IMG4TOOL] SHSH2 contains generator 0x871fb3c28d7d469f which is GOOD for nonce in IM4M!
`

how i don’t use baseband? it’s a check or what?

so it’s ok?

the apple tv doesn't have one, that's what the gui is complaining about

[IMG4TOOL] APTicket is GOOD!

ok so i could skip it in the gui? or use te binary?

I'd use the binary

what would be the binary command? i just need to specify the shsh, ipsw and version am i right?

https://nightly.link/futurerestore/futurerestore/workflows/ci/main/futurerestore-macOS-RELEASE.zip

download, extract

chmod 0755 /location/of/binary

that’s the one i’m using, but i downloaded from archive.org cause the link is down

the binary command would be futurerestore -u -t blob.shsh2 --latest-sep --latest-baseband ipsw.ipsw --no-baseband

the link isn't down

oh wait, it is

Got ApNonce from device: dc bd 18 43 89 dc ee 57 39 79 13 c4 84 ca a9 e2 91 37 71 7d
Cleaning up...
[exception]:
what=Device ApNonce does not match APTicket nonce

code=63897668
line=975
file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp
commit count=308
commit sha =9554c0068dc50e141872ced5da2bd95baa595805
Done: restoring failed!

yes, you can set it within checkra1n

or.. you can use pwndfu

i find it easier with checkra1n though

ive done it with trollstore from your repo

this has nothing to do with trollstore

i used trollnonce

how can i do it with checkra1n?

trollnonce will not work

once you're jailbroken, you'll need to SSH in

ok

done it

then you'd type nvram com.apple.System.boot-nonce={Generator Code OF Blob)

make sure the generator code is the code inside the blob

did you save the blob for 17.6.1?

no

just for 14.2

would be a good idea to do that

you can with blobsaver

what?? you can go to 17.5.1??

cool

that’s what i’m trying to do hahaha

it's great, for just development

is this valid?

9/10 if it's saved by the blob saver, yes

it was

yesterday

[IMG4TOOL] IM4M is valid for the given BuildManifest for the following restore:
BuildNumber : 21M80
BuildTrain : StarlightG
DeviceClass : j42dap
FDRSupport : YES
MobileDeviceMinVersion : 1600
RecoveryVariant : Recovery Customer Install
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)

[IMG4TOOL] APTicket is GOOD!
[IMG4TOOL] SHSH2 contains generator 0x1111111111111111 which is GOOD for nonce in IM4M!```

i’m facing the same error again

Salon:~ root# nvram com.apple.System.boot-nonce=871fb3c28d7d469f

what did you type in for the command in ssh?

Product version: 14.2
Product build: 18K57 Major: 18
Device supports Image4: true
Got ApNonce from device: 06 3d fe 7d de a2 23 40 8f 8c 92 c9 27 e5 c3 bc 4d c4 15 dd
Cleaning up...
[exception]:
what=Device ApNonce does not match APTicket nonce

code=63897668
line=975
file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp
commit count=308
commit sha =9554c0068dc50e141872ced5da2bd95baa595805
Done: restoring failed!

needs to be 0x

shit

nvram com.apple.System.boot-nonce=0x871fb3c28d7d469f

sorry for being so dumb

what you should do is nvram -d com.apple.System.boot-nonce=871fb3c28d7d469f

first

then the command above

ok thanks

gonna try

after that, nvram auto-boot=false

then reboot

this one with 0x ?

or not?

with

THANK YOU, YOU ARE A GENIUS

working?

christ, your screens more cluttered than apple's security team when checkra1n launched

macbook screen? i know, i love to be tidy but this was just critical

i’m devastated hahahhaa

let's take a moment to admire the laptop-hotfix-whilst-taking-iphone-photo moment

HAHAHAHHAA

although, you're just re-restoring.. i don't know why

seeing as you're already on 14.2

tried so many things

but why re-restore? unless the OS is corrupt?

btw, let’s say i update to tvos 17.6.1 or 18, how could i downgrade to 14.2 if it doesn’t allow jailbreak

when i install checkra1n even after removing it, it doesn’t allow me to update to new versions of tvos

is a big many people experiment

did you use unc0verTV?

at one point

no, i don’t think so

the reason why updates don't work.. and I'm assuming you did the OTA

was because checkra1n was still installed

i removed it with the checkra1n built in app

how am i supposed to do it?

that's not good enough, you would need to do the removal of the jailbreak, then use reset all contents and settings after

done it too

because the OTA has check proceedings where it double checks to make sure

what’s the removal of the jailbreak you refer to?

the best removal method is just to use futurerestore without the -u

this?

without the -u

because -u is update

which saves jailbreak files

ohhh

so i should have done it without the -u then

probably update process will fail again then

I use -u to keep everything in place and test out new versions of jailbreaks

i just wanted to restore the apple tv to 14.2

erase everything

then it's the same command just without -u

and then do the delayota

ok thanks

btw, let’s say i update to tvos 17.6.1 or 18, how could i downgrade to 14.2 if it doesn’t allow jailbreak

You can set the nonce without a jailbreak

how on apple tv?

It's not easy but very possible

I have an app that should work called Ramiel

it's on my github

mind you; it hasn't been updated yet, but should still work nonetheless

ok i’ll try it in the future

about palera1n? is it that hard to maintain that jailbreak?

it gets difficult when Apple keeps updating security

i mean to use it, in 17.5.1

yeah, to use it is a fickle

so what’s the best tvos version and jailbreak for apple tv then?

it says it doesn’t allow to restore

I'm assuming you delay OTA-ed, then saved the blob?

mmm

i was on 14.2

that I installed ages ago

I saved the blob with the delay it’s profile installed

it's because you're using it to factory restore instead of update which is what that blob is signed for

is it what you mean

how can i get a restore blob?

you don't. Not when you used OTA

but good thing is, you can just use -u

but i need to restore

cause if i doesn’t restore it fails while updating

reset all contents and settings

that's a literal restore

i’ve already tried, but i’ll do it again

remove checkra1n and the reset? anithing else?

i didn’t know what that means

what is your goal?

be able to delayota to 17.5.1

but apple tv fails to update

and i need to restore from ipsw to fix it

you do realize you need to supervise the apple tv and apply the profile?

it is

then what's the error?

unless future restore have deleted that

it start to updates

it’s a two step process

crash - reboot - throws an error when step 2 is about to start

what can i do?

are you running checkra1n at all?

i was

but i just removed it

and now restore the apple tv

that’s the error i get after step 1

don't run it

use futurerestore, do a clean restore

how?

then try the ota whilst supervised and the profile installed

i can’t without the -u flag

you can use ramiel to set nonce

you can also downgrade to 13.4.8

i’m not running checkra1n right now

as a clean restore

then use ota

and then update to 14.2?

or 17.5.1?

no, from 13.4.8 to 17.5.1

te ha i know

but i could update to 14.2 then with future restore right?

so you mean installing apple signed 13.4.8

and then delayota to 17.5.1?

yes, only to update

yes

so sounds ok

i’m gonna try

can i go from 17.5.1 to 14.2 with futurerestore right?

uhh, not quite

you'd have to go to 13.4.8 first

yeah, that’s what i was thinking

but it’s ok, no problem with that

hope 13.4.8 to 17.5.1 works

reason being: downgrading the SEP on an update will error and fail

btw THANKYOU FOR ALL YOUR HELP

and that 14.2 blob is only for updating

yeah

for future times

how can i save recovery blobs?

there's no such 'recovery' blobs

you can save blobs locally to recover them

perhaps OneDrive

restore*

Restore blobs are only obtainable via blobsaver when the numbers are signed

ok

that’s good to know

where can i check blobs, like you did previously

you need the BuildManifest

that’s on the ipsw right?

yup

you can use pzb to get them

and then?

for HD 14.2: pzb -g BuildManifest.plist https://updates.cdn-apple.com/2020FallFCS/fullrestores/001-19905/DBD18749-514B-48F0-B5A3-EC4DD4E5E7CC/AppleTV5,3_14.2_18K57_Restore.ipsw

for other versions, just change the URL

then you can mv ./BuildManifest.plist ~/Desktop/BuildManifest(whatever_Version).plist

which will allow you to sort based on differentiation

I could make a script to verify quickly

keeps failing, i’m trying with 17.6

now

this is of 17.5.1

Hey, I’m currently attempting to jailbreak my appleTV 4K running 17.4 and I got palera1n installed on my Mac

How do I connect to the Apple TV that doesn’t have a usb-c port? Do I buy some form of Ethernet adapter so that I can connect the two?

What cable can use to downgrade an Apple TV 4gen ?

what apple tv 4k is it?

yes, it's called goldeneye and dcsd

is it the HD? if so, usb-c to usb-a

17.6.1 got unsigned like 30 mins ago

Shoulda just updated normally to that via pc

yeah, but i wanted a palera1n capable version

Works on that

anyway, i don’t know why my apple tv is not capable of being updated

i’ve tried everything

restored from ipsw from pc

Just do via pc

but then i try to update and it fails

yeah but i wanna do delayota

to get 17.5.1

does any of you know what could be happening?

cause it fails when is about to enter the step 2 of updating

the bar doesn’t got to reach the end

it just throws an error saying apple tv couldn’t be updated

hope i would have known that a few hours ago 😦

Palerain was working up to tvos 18 lol

U could still update to latest

And palerain still works

Always have that 14.x blob in case u dont like

I update my atvs thru pc. I Dont do that method so idk

i’m updating to 17.6.1 cause i have blobs for that version, but probably it would be better to just update to tvos18? right?

the only thing that scares me is that to install 17.6.1 i needed to install checkra1n and i don’t no how to restore al delete checkra1n on 17.6.1, do you know how?

If u use pc u dont need to do anything

Just get tvos18 ipsw and update on pc

Not sure, bought it from appples website a few days ago

Look at the bottom for the model number

A2843

Can't jb that

oh damn

is there any work being done on developing one?

There would.. Had apple made a usb port

there would? people actually care that much about tvos?

Apple does everything in their power to stop jailbreaks, including accessibility to downgrading

so we can't use the goldeneye module to install it

that's what's limiting us?

Apple got rid of the hidden lightning port on those newer models

makes it virtually impossible to install via hardwire unless you sideload an app

Wouldn’t it be possible to solder a connector

solder a connector to what? there's no port

Ohhhh

that was the basis behind the first gen 4k, it has said lightning port that one could solder if the cables were unavailable at the time

yeah fair enough

so we won’t be seeing a jailbreak for any newer models?

I mean, it is certainly possible if one were to not update their apple tv.. the same exploits for ios can be used in tandem for apple tv

the main question is: is it worth it?

afaik, most folks are just using apple tv jailbreaks to pirate

which is primarily why apple put restrictions in the AppStore for higher versions

and jailbreak detection

seeing as there's no actual user data on the apple tv

which eliminates the theory of the 'security' aspect unlike ios that's stupidly locked down

I found out my DCSD cable is defective

It does purple mode and serial shell, but won't trip my 4K in DFU

broooo

F

Yeah, luckily though I can return it and get another cable

And also, I can DFU via solder

i’m not confident enough to solder 🔥🔥

Soldering is easy if you get the right tools.. Especially one iron with temperature control

Doing the single DFU point on the board was simple. What made it complicated was connecting the remaining individual points for usb data +/- and usb stability

idk repairing and soldering are two diff things and i can only do the first thing without messing up

too dumb to do this

This is the DFU point:

Just one single wire

The wire is set to send 2 volts of electricity to that point on the apple tv logic board which then, sends the apple tv to hardware update mode

This all happens by holding down a button as the device powers on

interesting

how long did it take to get your dcsd from the moment you paid?

I bought both a DCSD and a GoldenEye adapter on ebay and they took like 3 weeks to arrive

they do work at least although my DCSD cable only seems to kick the TV 4K into DFU in one direction than both

like 2-3 weeks

looks like latest homepod version bricks homepod minis lmao

i wonder what happens if they actually brick ATV4Ks

free replacement hopefully lmao

Yup, I love apples logic of "Please, update!" But if something goes wrong with the update "here's a new device"

This shouldn't be a thing. I am grateful that they're replacing the device but wouldn't it be more economically viable from a higher up company to at least allow the users to fix their own devices?

I do however wonder what Apple does to remedy said bricked devices? Do they restore them and resell as refurbished or is it recycled or are the chips taken out but the other parts placed in other devices?

Does the back of your DCSD say "ALEX"?

yes iirc

Yeah, mine says HWTE

Which I'm thinking it is a form of the ALEX cable but the knockoff version

No wonder DFU didn't work

tragic

mine says HWTE and does kick into DFU

Interesting.. Maybe mine was DOA or a knockoff to a knockoff

This is some jailbreak inception shenanigans

it gets unusually warm while connected though

Mine just lights up

it only works on that Apple TV though

it didn't kick my SE 3rd gen into DFU (although I have no idea if it's meant to work there)

it does charge it

ouch

I had to discover mine is proper dead

iBEC always takes too long and I have no idea if the board is damaged

at least I couldn't see anything obvious

I dunno how possible it is to actually kill the storage on an Apple TV though

That might work during a power cycle

Like.. The nand?

it's my only guess yeah

the processor seems to work and video output is fine too

I doubt even sending anything iBoot related would work if the RAM was damaged so I assume something about its NAND is damaged

it always fails when it gets to booting iBEC

after sending it takes like a full minute to show any image and then fails APTicket/APNonce stuff

I got it damaged and it looked unopened so god knows what happened to it

I don't know where to even start with diagnosing this

You can easily kill it by just injecting too much voltage

Without taking it apart though, checkm8 can brick it

damn

if you have an apple tv, tvOS 17.2 is still signed

I did try 17.2 and 18.0

both failed

17.2 made it to iBEC and 18.0 lacks dumped keys I think

i have the keys

they weren't on the apple wiki I think

I dunno if that's where futurerestore gets its key JSON files from though

it does, did you save your blobs?

I never figured out how to get them off the device but I do have ones downloaded for 17.2 and 18.0

I've never seen this one function

tsschecker -d AppleTV6,2 -e {Devices ECID] -o -i [TVOS VERSION] -s --save-path /path/to/save/blob.shsh2 --boardconfig J105aAP --no-baseband --build-manifest /location/of/tvOS/BuildManifest.plist

yes I did this

you'll just need to provide the buildmanifest from the otas

yes

then I use -Z with the build ID

off the device, as in on-board?

yeah

cat /dev/rdisk1 | dd of=dump.raw bs=256 count=$((0x4000))

hi - repost from main jailbreak channel:

I recently got a Apple TV A2737 model - it has no USB, has WiFi and I've successfully sideloaded only 1 app on it - Misaka 5.3 (but this crashes upon running).
My question is - given the recent palera1n update a few days ago - is there a way to jailbreak my model? (I also have a macOS which is now paired with the Apple TV) or am I stuck with sideloading? (which also doesn't completely work)
In reality I would only like to get KODI up and running on the Apple TV or uYou+ and a web browser then I'd be a happy chappy but if it needs to be jailbroken - I am open to this too.
If anyone can assist in any way, shape or form - I would be really greatful.
Thank you 🫡

Say I can to help for apple web with my jb?

There's no way to jailbreak your apple tv

What tvOS is it on?

Huh?

tvOS 18.0

And thank you - you saved me a monumental headache

Enjoy stock. Why you installed misaka is beyond me when it doesn't work for that.

I was more of a beginner yesterday than I am today

I.e. wasn't sure what I was doing 😭

Can you recommend any other methods e.g. sideloading kodi on there if possible

Sideloading is all you have

I see

Thank you 🙏 for your help - really appreciate it

I'm finding the common issue is: Old apple tv 4k: need cables to jailbreak - don't want to spend money/bricked - need to buy another
new apple tv: can't jailbreak it, cables don't work.. gotta sideload

Hi! I've finally jailbroken my AppleTV HD on tvOS 17.6.1 thanks to @ionic copper and @heavy patrol. Im really thankful for that 😉

By the way, does anyone knows how to install TrollAppsTV? and what repos to add to PurePkg or repos for TrollStore ipas? I've done a bit of a research but i didn't found anything interesting

It's on my repo

TrollStore won't work and trollapps are only for iOS

so cannot use trollstore? on that version?

it looks like they released a TV compatible one, but. it sure if it is available

Where?

where’s there’s no ipa but they talk about it on twitter and they have the repo so i supposed it was in the base IOS ipa

Nah

btw, cannot ssh into the appletv, pass isn’t alpine anymore?

You can, just log in to mobile

ohhh not root ok

that’s why they ask you for a sudo pass

Because tis rootless

thanks

the best way to install ipa files? on tvos 14 I occasionally used appinst

is there any better way?

TrollStore

What app are you installing?

some like games, kodi...

i do know how to install .deb apps (I assume its with the dpkg -i ...) but i dont know how to install .ipa files (i used to use appinst cli on tvOS 14)

I'm on 17.6.1? does trollstore works?

You can use TrollStore to install ipas

sorry i missundertand this message

i thought it wont work on that os version

the method to install apps does

just not persisting

ohhh yeahh so only while jailbroken

and about that rootfs thing you told me some days ago... if the apple tv restarts do i need to do anything or just re-jailbreak?

If it restarts, restore root fs

how? hahaha

palera1n --force-revert --cli

great, thanks

Apple TV upgraded to ios18 last night without me knowing - luckily I have a older apple tv hd and it palrine worked

there is a tvos version of trollstore but its trollstore lite.

Not good enough

Hi all, about to install TrollStore on my first gen AppleTV 4k running tvos 16.3, anything to keep in mind while following the instructions?

does palera1n work on ATV HD on 18.0?

it should

No reason it shouldn't, but remember...

https://tenor.com/view/try-it-and-see-give-it-a-try-try-try-and-see-try-it-yourself-gif-24095805

my HD isn't on 18 yet

don't update

18 on a device that has tvos 9 capabilities is a mistake

Alright, other than that it should be smooth sailing yeah?

not quite; 16.3 won't install trollstore normally

The guide mentions dev mode, is that a hassle?

there is no dev mode on apple tv

Could you perhaps give me a bit more relevant steps please? 😅

well the method to install it would be KFD but it doesn't work on 16.3

So am I left with jailbreak first and then trollstore?

yes.

I could swear the GitHub said up to 16.6 is supported

Btw which version of tvos doesn't require jailbreak?

it is, but the function for tvos doesn't work

Can I jailbreak a Apple TV first gen 4K?

yes, u can use https://github.com/palera1n/palera1n

I can’t seem to get futurerestore to work properly, I saved blobs using Blob Saver. The other blobs I have for other devices work so I think the blobs are valid.

When I try to start it initially I was getting an exception APTicket can’t be used with this restore, I tried it with 2 versions and both of them gave me the same error (version match blobs). I was also getting a IM4M signature is not valid.

I tried another copy of FutureRestore and segmentation fault with my options listed.

I’m trying to futurerestore an Apple TV 4 HD. From 14.6 to 17.0 (16.6 if it can’t be done, since I just want to be able to use Troll Store)

you can restore anywhere from 13.4 to 18

as long as you have the proper blobs for the proper device

also, what configuration did you use for the blob saver?

you can.. save 17.2 blobs as of right now. If you give me you ECID, I can save it

I have blob saver automatically saving blobs, it checks it weekly and downloads them to my computer

The problem is I’m trying to restore to 17.0 so I can use updated apps and use trollstore

But for some reason futurerestore keeps spitting out an error that I can’t use the blobs I saved with the restore file

Is there a specific compiled version that someone has used to successfully futurerestore with?

If someone has one I can try then I can verify if my blobs are valid or not or if it was just the copy of FR I was trying to use.

whitout a cable

?

Yeah would also like to know how to do it without a cable

I can verify them

Cable is required unless you have breakout board

How Can i jailbreak my Apple TV 4K whitout a cable

What is the benefit to jailbreaking Apple TV

you don't

Why ?

It has no Port

indeed

I cant jailbreak it ?

it dont work at all

You Can Play Fortnite

Golden Eyecable ?

You need the cables to jailbreak

If I’m not mistaken it was some kind of hidden weird port in the Ethernet port right?

Can you sent me The Amazon links

see pinned comments

it's the third or fourth message

Damn for the price of the cables alone I could buy apple TV hd instead

yep

I bought a 4K 😭

Thankfully I only bought my 4k apple TV for 5e 😂

I Think i Only use it as a tv Box

Why would someone need 9x Siri Remotes without having 9x Apple TVs all without remotes

9 bricked ATVs :)

Is there a a10 hd Apple TV ?

Stupid investment

No

Why?

because you need to invest another 80 bucks to jailbreak it

also, is this 4k even the first gen?

Yes

I have the money but

how do you know?

The Remote

the remote doesn't mean anything

And Its relly cheap

Should I just DM you?

dont have to

blobs hold no sensitive info

Well more of I thought it might clutter the group but ok

you're just verifying one file?

2

that's fine

ecid: 0xa35c920508426

16.6: ``[IMG4TOOL] IM4M signature is verified by TssAuthority
[IMG4TOOL] IM4M is valid for the given BuildManifest for the following restore:
BuildNumber : 20M73
BuildTrain : ParisG
DeviceClass : j42dap
FDRSupport : YES
MobileDeviceMinVersion : 1400
RecoveryVariant : Recovery Customer Install
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)

[IMG4TOOL] APTicket is GOOD!
[IMG4TOOL] SHSH2 contains generator 0x1111111111111111 which is GOOD for nonce in IM4M!``

17.0: ``[IMG4TOOL] IM4M signature is verified by TssAuthority
[IMG4TOOL] IM4M is valid for the given BuildManifest for the following restore:
BuildNumber : 21J354
BuildTrain : Starlight
DeviceClass : j42dap
FDRSupport : YES
MobileDeviceMinVersion : 1600
RecoveryVariant : Recovery Customer Install
RestoreBehavior : Erase
Variant : Customer Erase Install (IPSW)

[IMG4TOOL] APTicket is GOOD!
[IMG4TOOL] SHSH2 contains generator 0x1111111111111111 which is GOOD for nonce in IM4M!``

ok, so they are correct...

these can't be used to upgrade right?

they are, but here's the thing: you cannot upgrade, only erase

ah that might be it then

which isn't bad... you just lose your apps and settings

didn't know there were 2 separate ones for upgrading erasing...

ota blobs can update

which is on-board

or using the apple tv 4K

oh?

can i pull the blobs still? or is it too late?

but blob saver doesn't save ota blobs as effeciently

I think it's too late, but a blob is a blob

at least apple tv has no user data

sorta does, I'm logged into someone else's account as well for Apple TV sub haha

hmm ok i'' look up how to pull onboard blobs to see if i can update to 17.0

unfortunately 1conan's tssaver has 2 files but they are 0 bytes

are you currently on 17.0?

no I'm on 14.4.6

err 14.6

ah it's only for currently installed version?

yes

you can still get to 17

you just start fresh

ah alright

oh well

I guess after I install 17 I should pull blobs again so I can use update in the future?

you could but then again, it wouldn't make sense

well first things first is I'll be updating to 17.0

to at least use trollstore

hmm ok, so I think my copy of futurerestore is not working with the ATV... I keep getting:

IM4M signature is not valid!
Cleaning up...
[exception]:
what=APTicket can't be used for this restore

so 2 questions

1 what version of futurerestore are you using?

and 2 what commands are you using?

-t --no-baseband --latest-sep

nightly off the github action, that said "no update check"

what's the version?

v2.0.0(e7abce113e1b98e126eff0e77fa3a002b99a195a-332)

you're using a fork

add --latest-baseband

latest baseband? but there's no baseband on apple tv right?

also is this not the proper github? futurerestore/futurerestore/

so where should i get the proper version?

nevermind, it's correct

can i get the full log?

are you using usb-c to usb-c?

USB-c to USB-A with a usb-c adapter

my MBP is only usb-c

that's why

I know the adapter works, because I used it with lightning-USB-A and futurerestore worked

should I use C-to-C?

no, use another computer

uhhh....

oh wait i have an old MBA... that has USB-A ports

would that work?

yes

but did you also set the nonce?

I did by SSH with checkra1n

then disabled auto-renew just in case I had to keep restarting the thing (which I have)

were you using -u before?

before yes but not the last try

I got the same error

using the macbook air

with --latest-baseband setting I get:

[Error] futurerestore: failed with exception:
[exception]:
what=Could not get BasebandFirmware path

add --no-baseband

with latest on both

ok, so --lastest-baseband --latest-sep --no-baseband

like this?

still same error

the im4m doesn't match error?

You could.. Do a pwned restore..

[IMG4TOOL] failed to verify IM4M signature with error:
[exception]:
what=assure failed
code=12910610
line=197
file=ASN1DERElement.cpp
commit count=202
commit sha =e1c37d6ce8c629ca9669efc9cb5b5f7d6810ed30
IM4M signature is not valid!
Cleaning up...
[exception]:
what=APTicket can't be used for this restore

Strings used: --no-baseband --latest-sep --use-pwndfu

You need to use gaster

Then --skip-blob

Gaster pwn

Gaster reset

nevermind, restoring

?

I was going to ask your help with futurerestore, but I got it restoring. although it is failing once restore is done

am trying it again

do you mind if I DM you about it?

is there a specific build of futurerestore for A10?

I don't mind, go for it

It finally went through!

thank you

what did you do different?

unless you just kept doing it like trying to convince a toddler to eat their veggies until they buckled down

I didn’t do no-blobs when I did pwndfu last time so I added that, basically this latest sep, no base and, pwndfu and no blobs as options

Now I need to figure outbhow to install troll store… but looking at everything I might need to pull on board blobs so I can use upgrade

Then downgrade and upgrade back…

You can just view the pins that are posted here on how to do that

Any apps released that may be worth using?

yeah that's what I was looking at. but I think now I need to figure out how to pull the on board blobs. If I do that I can use them to do Upgrade rigth? since my current blobs only allow me to erase install.

darn thought i might be able to us method 2 without going through futurerestore agan... but maybe not

how can sideloud to apple tv 4k first gen

?

«

Sideloadly

it wont show up

macos

over wifi

have i to somepfing whit xcode?

@ionic copper may be able to help

comand line no Blobs Appletv4 futurerestore thanks

i'm not that experiances with apple tvs

AppleTv 4 hd in pwndfu futurerestore no blobs command thanks

With?

AppleTV not showing up in Sideloadly

Get xcode, pair the Apple TV, use the pair code with sideloady, profit

no blobs 17.0 tvhd 4 I am with pwndfu in fiñuturerestore thanks

Hi, I was wondering what the state of tvOS shenanigans is atm, specifically for tvOS 16.6, on a 4th gen Apple TV. Reason being, I’ve seen what has happened on iOS 16 with trollstore, misaka (tho not a fan tbh), KFD exploit based apps, etc.

So I was wondering if I could install Trollstore on my Apple TV, jailbreak it perhaps (though with what I’ve heard about pailra1n I’m not sure I will), and perhaps something else if I’m missing it

Palera1n can jailbreak it

And you can install TrollStore from my repo

You happen to have it on hand? Asking as I’m on mobile, if you don’t no worries I’ll just Google it later when I’m on my desktop

Check the pins

Thanks Zenzeq :)

Can i sideload iPhone Apps to it?

Take a wild guess what answer I'm going to give

maybe

Only whit trollstore ?

If the Apple TV was converted in to an iPhone then yes, you could use iOS ipa's

Whats whit The Minecraft Apple TV edition

@ionic copper

Is this a normal minecraft ipa or the one for the appletv version

for the apple tv

Since when does Minecraft for the Apple TV exist

Email leak

And what you've downloaded is piracy

Nope

When it down exist in the first place?

Okay, where did you get it from?

1. Bought the game

How? It hasn't been on the store in years

On my dead Apple TV 4?

Don't know how it died if you were able to jailbreak it

It was around iOS 8-10 idk

You're making less sense but okay

I can’t download it in the store anymore

Exactly my point

but I want to play Minecraft on my Apple TV 4K

I already ordered the cables

Okay?

I want to sideloud it

You can do that with the cables

They come in 14 days i live in Germany Bro

Okay, what's the hurry?

So I want to try and use the SSHRD method to install trollstore but following the guide on Reddit what should I use instead of Tips since there is no tips app

And is this guide ok to follow? https://www.reddit.com/r/jailbreak/s/IDVkSZ72dR

The guide is literally in the pins

Sorry I don’t see the guide for method 2 just states that sshrd should work…

? Method 2 installs it via sshrd

You just use SSHRD then follow the rest in method 1

Can you install persistence helper if you jailbreak first?

you can but you can do it on sshrd too

Kinda need and ELI5 guide because I’m so confused reading it

But jailbreak with palera1n, add repo install trollhelper seems much more straightforward

But I need to se what options are available for persistence helper through trollstore

why? the guide here tells you how to use it

sshrd.sh (link to hd ipsw) 15.5

sshrd.sh boot

then just transfer persistence helper

I don’t see this guide it’s not in the pins

it's right there.

I meant the sshrd commands, the message you sent just now is the first seeing that command that’s why I couldn’t figure it out

but this is for misaka.. you'd install it in /Applications/whateverapp.app

the commands are on the github

So I gather I should install any app first from the store that I don’t plan to use?

sure

Ok

Now it makes more sense

I’ll try

hmm I get an error when launching SSHRD

I ended up just doing ./sshrd 17.0 as the command

ownload succeeded
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
usb_timeout: 5
usb_abort_timeout_min: 0
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[IOKit] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
Version: 26bee8a5fe80f874a590b776da450cac62c01328-26
main: Starting...
iOS 17 iBoot detected!
getting get_sigcheck_patch() patch
main: Error doing patch_rsa_check()! (img4interposercallback couldn't find branch for ret2!)
[-] An error occurred

don't use ios 17

use 15.5

#tvos-jailbreaks message

I just got in with 17.5

and then it just restarted on me

ah nevermind it panicked

I'll try 15.5

ok so it looks like it went through, but it's now just flashing the light in the front, and nothing on the screen

apple configurator doesn't show it either

ok I think I'm in

I ran ssh, then mount_filesystems

when I run "find / -name airbnb" I get an error

localhost:~ root# find / -name airbnb
find: /mnt2/mobile/Library/Caches/com.apple.amsengagementd.classicdatavault: Operation not permitted
find: /mnt2/mobile/Library/com.apple.nsurlsessiond: Operation not permitted
find: /mnt2/mobile/Library/com.apple.internal.ck: Operation not permitted
find: /mnt2/mobile/Library/CoreDuet/Knowledge: Operation not permitted

yeah I can't see where the apps are located, I've also used Cyberduck to view the mounted folders but I don't see anything

It wouldn't be airbnb

Just go to Applications and overwrite fitness.app