tihmstar/futurerestore
Fork: 272 Star: 864 (更新于 2024-11-13 07:14:12)
license: LGPL-3.0
Language: C++ .
A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
最后发布版本: 180 ( 2020-01-03 17:26:59)
futurerestore
It is a hacked up idevicerestore wrapper, which allows manually specifying SEP and Baseband for restoring.
Latest compiled version can be found here.
Only use if you are sure what you're doing.
Features
- Supports the following downgrade methods:
- Prometheus 64-bit devices (generator and ApNonce collision mode)
- Odysseus for 32-bit & 64-bit (A7-A11) devices
- Re-restoring 32-bit devices to iOS 9.x with alitek123's no-ApNonce method (alternative — idevicererestore).
- Allows restoring to non-matching firmware with custom SEP+baseband
Dependencies
-
External libs
Make sure these are installed
- libzip;
- libcurl;
- openssl (or CommonCrypto on macOS/OS X);
- libplist;
- libusbmuxd;
- libirecovery;
- libimobiledevice;
- img4tool;
- liboffsetfinder64;
- libipatcher
-
Submodules
Make sure these projects compile on your system (install it's dependencies):
Report an issue
You can do it here.
Restoring on Windows 10
- Try to restore the device, error
-8
occurs; - Leave the device plugged in, it'll stay on the Recovery screen;
- Head over to device manager under control panel in Windows;
- Locate "Apple Recovery (iBoot) USB Composite Device" (at the bottom);
- Right click and choose "Uninstall device". You may see a tick box that allows you to uninstall the driver software as well, tick that (all the three Apple mobile device entries under USB devices will disappear);
- Unplug the device and re-plug it in;
- Go back to futurerestore and send the restore command again (just press the up arrow to get it back, then enter).
Error
-8
is now fixed, but the process will fail again after the screen of your device has turned green; - Go back to device manager and repeat the driver uninstall process as described above (step 4 to 6);
- Go back to futurerestore once again and repeat the restore process;
- The device will reboot and error
-10
will also be solved; - The restore will now proceed and succeed.
Some about cURL
- Linux: Follow this guide to use tsschecker on Ubuntu 18.04 (Bionic) as it requires libcurl3 which cannot coexist with libcurl4 on this OS.
Help
(might become outdated):
Usage: futurerestore [OPTIONS] iPSW
option (short) | option (long) | description |
---|---|---|
-t |
--apticket PATH |
Signing tickets used for restoring |
-u |
--update |
Update instead of erase install (requires appropriate APTicket) |
DO NOT use this parameter, if you update from jailbroken firmware! | ||
-w |
--wait |
Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable) |
-d |
--debug |
Show all code, use to save a log for debug testing |
-e |
--exit-recovery |
Exit recovery mode and quit |
--use-pwndfu |
Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already | |
--just-boot "-v" |
Tethered booting the device from pwned DFU mode. You can optionally set boot-args |
|
--latest-sep |
Use latest signed SEP instead of manually specifying one (may cause bad restore) | |
-s |
--sep PATH |
SEP to be flashed |
-m |
--sep-manifest PATH |
BuildManifest for requesting SEP ticket |
--latest-baseband |
Use latest signed baseband instead of manually specifying one (may cause bad restore) | |
-b |
--baseband PATH |
Baseband to be flashed |
-p |
--baseband-manifest PATH |
BuildManifest for requesting baseband ticket |
--no-baseband |
Skip checks and don't flash baseband | |
Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads) |
0) What futurerestore can do
Downgrade/Upgrade/Re-restore same mobile firmware version. Whenever you read "downgrade" nowadays it means you can also upgrade and re-restore if you're on the same firmware version. Basically this allows restoring an firmware version and the installed firmware version doesn't matter.
1) Prometheus (64-bit device) - generator method
Requirements
- Jailbreak
- signing ticket files (
.shsh
,.shsh2
,.plist
) with a generator - nonceEnabler patch enabled
Info
You can downgrade, if the destination firmware version is compatible with the latest signed SEP and baseband and if you have a signing tickets files with a generator for that firmware version.
How to use
- Device must be jailbroken and nonceEnabler patch must be active
- Open signing ticket file and look up the generator
- Looks like this:
<key>generator</key><string>0xde3318d224cf14a1</string>
- Write the generator to device's NVRAM
- Connect with SSH into the device and run
nvram com.apple.System.boot-nonce=0xde3318d224cf14a1
to set the generator 0xde3318d224cf14a1 - verify it with
nvram -p
- Connect your device in normal mode to computer
- On the computer run
futurerestore -t ticket.shsh --latest-baseband --latest-sep ios.ipsw
Youtube
Recommended methods to activate nonceEnabler patch
Method 1: ios-kern-utils (iOS 7.x-10.x)
- Install DEB-file of ios-kern-utils on device;
- Run on the device
nvpatch com.apple.System.boot-nonce
.
Method 2: Using special applications
Use utilities for setting boot-nonce generator:
- PhœnixNonce for iOS 9.x;
- v0rtexnonce for iOS 10.x;
- Nonceset1112 for iOS 11.0-11.1.2;
- noncereboot1131UI for iOS 11.0-11.4b3;
- NonceReboot12xx for iOS 12.0-12.1.2;
- GeneratorAutoSetter for checkra1n jailbreak on iOS / iPadOS 13.x. Install it from Cydia's developer repo (https://halo-michael.github.io/repo/) on device.
Method 3: Using jailbreak tools
Use jailbreak tools for setting boot-nonce generator:
- Meridian for iOS 10.x;
- backr00m or greeng0blin for tvOS 10.2-11.1;
- Electra and ElectraTV for iOS and tvOS 11.x;
- unc0ver for iOS 11.0-12.2, 12.4.x;
- Chimera and ChimeraTV for iOS 12.0-12.2, 12.4 and tvOS 12.0-12.2, 12.4.
Activate tfp0, if jailbreak doesn't allow it
Method 1 (if jailbroken on iOS 9.2-9.3.x)
- reboot;
- reactivate jailbreak with Luca Todesco's JailbreakMe;
- done.
Method 2 (if jailbroken on iOS 8.0-8.1 with Pangu8)
- install this untether DEB-file with included tfp0 patch
Method 3 (if jailbroken on iOS 7.x with Pangu7)
- install this untether DEB-file with included tfp0 patch
Method 4
- Use cl0ver for iOS 9.x.
2) Prometheus (64-bit device) - ApNonce collision method (Recovery mode)
Requirements
- Device with A7 chip on iOS 9.1 - 10.2 or iOS 10.3 beta 1;
- Jailbreak doesn't required;
- Signing ticket files (
.shsh
,.shsh2
,.plist
) with a customly chosen ApNonce; - Signing ticket files needs to have one of the ApNonces, which the device generates a lot;
Info
You can downgrade if the destination firmware version, if it is compatible with the latest signed SEP and baseband. You also need to have special signing ticket files. If you don't know what this is, you probably can NOT use this method!
How to use
- Connect your device in normal or recovery mode;
- On the computer run
futurerestore -w -t ticket.shsh --latest-baseband --latest-sep firmware.ipsw
- If you have saved multiple signing tickets with different nonces you can specify more than
one to speed up the process:
futurerestore -w -t t1.shsh -t t2.shsh -t t3.shsh -t t4.shsh --latest-baseband --latest-sep firmware.ipsw
3) Prometheus (64-bit device) - ApNonce collision method (DFU mode)
Requirements
- Devices with A7 (iPhone 5s, iPad Air, iPad mini 2), A8 (iPhone 6 [+], iPad mini [2,3,4], iPod touch [6th generation]) and A8X (iPad Air 2) chips on all firmwares;
- Devices have been released after ~September, 2015 {PROBABLY};
- Jailbreak doesn't required;
- Signing ticket files (
.shsh
,.shsh2
,.plist
) with a customly chosen APNonce; - Signing ticket files needs to have one of the ApNonces, which the device generates a lot;
- img4tool can't be used for Windows [problem with signing iBSS/iBEC], now it's TO-DO;
Info
You can downgrade if the destination firmware version, if it is compatible with the latest signed SEP and baseband. You also need to have special signing ticket files. If you don't know what this is, you probably can NOT use this method!
How to use
-
Connect your device in DFU mode;
-
Use irecovery for checking ApNonce, which booted in DFU;
-
Extract iBSS/iBEC from target firmware for downgrade (unsigned);
-
Check DFU-collisioned ApNonces with irecovery, which booted in DFU. You can't automatically collision DFU ApNonces.
If ApNonce is not collisioned, "use hands" for DFU booting.
If ApNonce is successfully coliisioned, use this SHSH2 for sign iBSS/iBEC.
-
Use img4tool for sign iBSS:
img4tool -s ticket.shsh -c iBSS.signed -p <original_iBSS>
; -
Use img4tool for sign iBEC:
img4tool -s ticket.shsh -c iBEC.signed -p <original_iBEC>
; -
So, after signing we can boot into Recovery with irecovery.
irecovery -f iBSS.signed
- loading iBSS;irecovery -f iBEC.signed
- loading iBEC; -
So good! On the computer run
futurerestore -t ticket.shsh --latest-baseband --latest-sep -w firmware.ipsw
.
4) Odysseus (32-bit / 64-bit devices)
Requirements
- futurerestore compiled with libipatcher;
- Jailbreak or bootrom exploit (limera1n, checkm8);
- 32-bit: firmware keys for the device/destination firmware version must be public (check ipsw.me);
- 64-bit: devices with A12 and A13 chips is NOT compatible with this method;
- Signing ticket files (
.shsh
,.shsh2
,.plist
) from by destination firmware (OTA blobs work too!).
Info
If you have a jailbroken device, you can downgrade to any firmware version you have blobs for. You can still get OTA blobs for iOS 6.1.3, 8.4.1 or 10.3.3 for some devices and use those.
How to use
- Get device into kDFU/pwnDFU
- Pre-iPhone4s (limera1n devices):
- Enter to pwnDFU mode with redsn0w or any other tool
- iPhone 4s and later 32-bit devices:
- Enter to kDFU mode with kDFU app (cydia: repo.tihmstar.net) or by loading a pwnediBSS from any existing odysseus bundle
- Any 64-bit device:
- Enter to pwnDFU mode and patch signature check with special fork of ipwndfu
- Connect your device to computer in kDFU mode (or pwnDFU mode)
- On the computer run
futurerestore --use-pwndfu -t ticket.shsh --latest-baseband firmware.ipsw
Youtube
Enter kDFU mode (watch up to the point where the screen goes black)
You can use any odysseus bundle for this.
5) iOS 9.x re-restore bug by @alitek123 (only for 32-bit devices)
Requirements
- Jailbreak doesn't required;
- Signing ticket files (
.shsh
,.shsh2
,.plist
) from by iOS 9.x without ApNonce (noNonce APTickets)
Info
If you have signing tickets files for iOS 9.x, which do not contain a ApNonce, you can restore to that firmware.
How to use
- Connect your device in DFU mode
- On the computer run
futurerestore -t ticket.shsh --latest-baseband ios9.ipsw
tihmstar/futurerestore同语言 C++最近更新仓库
2024-11-22 19:14:23 ClickHouse/ClickHouse
2024-11-22 19:09:45 manticoresoftware/manticoresearch
2024-11-21 04:48:41 PCSX2/pcsx2
2024-11-20 09:02:24 dail8859/NotepadNext
2024-11-20 04:28:15 microsoft/terminal
2024-11-19 23:38:51 FreeCAD/FreeCAD