mirrors/futurerestore
1
0
Fork 0
mirror of https://github.com/tihmstar/futurerestore.git synced 2025-07-09 16:10:32 +00:00
Code Issues Projects Releases Wiki Activity

Get with the times, README.md (#21)

Browse source 
* Get with the times, README.md.

Co-authored-by: Richard <nyuszika7h@gmail.com>
This commit is contained in:
Tanbeer 2021-06-02 23:18:15 +01:00 committed by GitHub
parent 893efffdcc
commit 0c3afd521d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 151 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

260
README.md
View file

@ -2,20 +2,21 @@
[![CI Building](https://img.shields.io/github/workflow/status/marijuanARM/futurerestore/CI)](https://github.com/marijuanARM/futurerestore/actions?workflow=CI)
_It is a hacked up idevicerestore wrapper, which allows manually specifying SEP and Baseband for restoring._
Latest compiled version can be found [here](https://github.com/marijuanARM/futurerestore/releases).
__Only use if you are sure what you're doing.__
__Make sure to read this page before continuing.__
---
## What is FutureRestore?
FutureRestore is a modified idevicerestore wrapper, which allows manually specifying SEP and Baseband for restoring. This allows unsigned firmwares to be restored onto devices, providing you have a backup of the APTicket (SHSH Blobs), and can recreate all the specific conditions of the APTicket e.g. ECID, APNonce, Board ID.
# Features
* Supports the following downgrade methods:
* Prometheus 64-bit devices (generator and ApNonce collision mode)
* Prometheus for 64-bit devices:
- Prometheus via APNonce recreation with the APNonce generator
- Prometheus via APNonce collision
* Odysseus for 32-bit & 64-bit (A7-A11) devices
* Re-restoring 32-bit devices to iOS 9.x with [alitek123](https://github.com/alitek12)'s no-ApNonce method (alternative — [idevicererestore](https://downgrade.party)).
* Allows restoring to non-matching firmware with custom SEP+baseband
# Dependencies
* ## External libs
@ -33,137 +34,175 @@ __Only use if you are sure what you're doing.__
* ## Submodules
Make sure these projects compile on your system (install it's dependencies):
* [jssy](https://github.com/tihmstar/jssy);
* [tsschecker](https://github.com/tihmstar/tsschecker);
* [idevicerestore](https://github.com/marijuanARM/idevicerestore)
## Report an issue
You can do it [here](https://github.com/marijuanARM/futurerestore/issues).
If you are cloning this repository you may run:
### Restoring on Windows 10
1. Try to restore the device, error `-8` occurs;
2. Leave the device plugged in, it'll stay on the Recovery screen;
3. Head over to device manager under control panel in Windows;
4. Locate "Apple Recovery (iBoot) USB Composite Device" (at the bottom);
5. Right click and choose "Uninstall device".
You may see a tick box that allows you to uninstall the driver software as well, tick that (all the three Apple mobile device entries under USB devices will disappear);
6. Unplug the device and re-plug it in;
7. Go back to futurerestore and send the restore command again (just press the up arrow to get it back, then enter).
Error `-8` is now fixed, but the process will fail again after the screen of your device has turned green;
8. Go back to device manager and repeat the driver uninstall process as described above (step 4 to 6);
9. Go back to futurerestore once again and repeat the restore process;
10. The device will reboot and error `-10` will also be solved;
11. The restore will now proceed and succeed.
```git clone https://github.com/m1stadev/futurerestore --recurse-submodules```
which will clone these submodules for you.
### Some about [cURL](https://github.com/curl/curl)
* Linux: Follow [this guide](https://dev.to/jake/using-libcurl3-and-libcurl4-on-ubuntu-1804-bionic-184g) to use tsschecker on Ubuntu 18.04 (Bionic) as it requires libcurl3 which cannot coexist with libcurl4 on this OS.
# Help
_(might become outdated):_
Usage: `futurerestore [OPTIONS] iPSW`
| option (short) | option (long) | description |
|----------------|------------------------------------------|-----------------------------------------------------------------------------------|
| ` -t ` | ` --apticket PATH ` | Signing tickets used for restoring |
| ` -t ` | ` --apticket PATH ` | Signing tickets used for restoring, commonly known as blobs |
| ` -u ` | ` --update ` | Update instead of erase install (requires appropriate APTicket) |
| | | DO NOT use this parameter, if you update from jailbroken firmware! |
| | | This parameter is recommended to not be used for downgrading. If you are jailbroken, make sure to have your orig-fs snapshot restored (Restore RootFS). |
| ` -w ` | ` --wait ` | Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable) |
| ` -d ` | ` --debug ` | Show all code, use to save a log for debug testing |
| ` -e ` | ` --exit-recovery ` | Exit recovery mode and quit |
| | ` --use-pwndfu ` | Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already |
| | ` --just-boot "-v" ` | Tethered booting the device from pwned DFU mode. You can optionally set ` boot-args ` |
| | ` --latest-sep ` | Use latest signed SEP instead of manually specifying one (may cause bad restore) |
| ` -s ` | ` --sep PATH ` | SEP to be flashed |
| ` -s ` | ` --sep PATH ` | Manually specify SEP to be flashed |
| ` -m ` | ` --sep-manifest PATH ` | BuildManifest for requesting SEP ticket |
| | ` --latest-baseband ` | Use latest signed baseband instead of manually specifying one (may cause bad restore) |
| ` -b ` | ` --baseband PATH ` | Baseband to be flashed |
| | ` --latest-baseband ` | Use latest signed baseband instead of manually specifying one |
| ` -b ` | ` --baseband PATH ` | Manually specify baseband to be flashed |
| ` -p ` | ` --baseband-manifest PATH ` | BuildManifest for requesting baseband ticket |
| | ` --no-baseband ` | Skip checks and don't flash baseband |
| | | Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads) |
| | | Only use this for device without a baseband (eg. iPod touch or Wi-Fi only iPads) |
---
## 0) What futurerestore can do
**Downgrade/Upgrade/Re-restore same mobile firmware version.**
Whenever you read "downgrade" nowadays it means you can also upgrade and re-restore if you're on the same firmware version. Basically this allows restoring an firmware version and the installed firmware version doesn't matter.
# 1) Prometheus (64-bit device) - APNonce recreation with generator method
### You can only downgrade if:
* the destination firmware version is compatible with a currently signed SEP and baseband. Check whether your version is compatible [here.](#firmware-signing-info)
* if you have a signing tickets files with a generator for **that specific firmware version.**
---
## 1) Prometheus (64-bit device) - generator method
### Requirements
- Jailbreak
- signing ticket files (`.shsh`, `.shsh2`, `.plist`) with a generator
- nonceEnabler patch enabled
* A jailbreak or an exploit that allows nonce setting.
* Signing ticket files (`.shsh`, `.shsh2`, `.plist`) with a generator
* A12+ users must also have a valid APNonce / generator pair due to nonce entanglement. Only having an APNonce without a generator is not sufficient.
* A computer with a minimum of 8 gigabytes of free space + IPSW of the target version downloaded. You can find the IPSW for your device at [IPSW.me](https://ipsw.me).
* On Windows machines, make sure to have [this version](https://www.apple.com/itunes/download/win64) of iTunes installed. Using the Microsoft Store version will cause issues.
### Method:
1. Jailbreak your device if it isn't jailbroken already.
2. Open your blob in any text editor and search for the word "generator". In most text editors you can use CTRL + F / CMD + F to look for it.
### Info
You can downgrade, if the destination firmware version is compatible with the **latest signed SEP and baseband** and if you **have a signing tickets files with a generator for that firmware version**.
![GeneratorExample](https://user-images.githubusercontent.com/48022799/117004373-aa0b6700-acee-11eb-8a70-c488163e349b.jpeg)
- This should be a `0x` followed by 16 characters, which will be a combination of letters and numbers.
3. Note that value down. This is your generator.
- **NOTE:** If there is no generator value, try to remember which jailbreak you were using at the time of saving blobs. If you were using unc0ver, your generator is most likely `0x1111111111111111`, and if you were using Chimera/Odyssey/Taurine, your generator is most likely `0xbd34a880be0b53f3`.
### How to use
1. Device must be jailbroken and nonceEnabler patch must be active
2. Open signing ticket file and look up the generator
* Looks like this: `<key>generator</key><string>0xde3318d224cf14a1</string>`
3. Write the generator to device's NVRAM
* Connect with SSH into the device and run `nvram com.apple.System.boot-nonce=0xde3318d224cf14a1` to set the generator *0xde3318d224cf14a1*
* verify it with `nvram -p`
4. Connect your device in normal mode to computer
5. On the computer run `futurerestore -t ticket.shsh --latest-baseband --latest-sep ios.ipsw`
4. Set your device's APNonce generator. You can use your [jailbreak tool](#using-jailbreak-tools) to set your generator in its native settings. However, setting your generator with [dimentio](#Using-dimentio) is recommended.
### Youtube
<a href="http://www.youtube.com/watch?feature=player_embedded&v=BIMx2Y13Ukc" target="_blank"><img src="http://img.youtube.com/vi/BIMx2Y13Ukc/0.jpg" alt="Prometheus" width="240" height="180"/></a>
*Prometheus*
5. Connect your device in normal mode to computer - make sure the trust dialog is accepted.
6. **Recommended:** Make a full backup of your device before running futurerestore.
7. On the computer run:
```futurerestore -t blob.shsh2 --latest-sep --latest-baseband -d target.ipsw```
<a href="http://www.youtube.com/watch?feature=player_embedded&v=UXxpUH71-s4" target="_blank"><img src="http://img.youtube.com/vi/UXxpUH71-s4/0.jpg" alt="Prometheus" width="240" height="180"/></a>
*nonceEnabler*
If you are upgrading and want to preserve user data you may run:
```futurerestore -u -t blob.shsh2 --latest-sep --latest-baseband -d target.ipsw```
### Recommended methods to activate nonceEnabler patch
#### Method 1: ios-kern-utils (iOS 7.x-10.x)
1. Install DEB-file of [ios-kern-utils](https://github.com/Siguza/ios-kern-utils/releases/) on device;
2. Run on the device `nvpatch com.apple.System.boot-nonce`.
#### Method 2: Using special applications
Use utilities for setting boot-nonce generator:
1. [PhœnixNonce](https://github.com/Siguza/PhoenixNonce) for iOS 9.x;
2. [v0rtexnonce](https://github.com/arx8x/v0rtexnonce) for iOS 10.x;
3. [Nonceset1112](https://github.com/julioverne/NonceSet112) for iOS 11.0-11.1.2;
4. [noncereboot1131UI](https://github.com/s0uthwest/noncereboot1131UI) for iOS 11.0-11.4b3;
5. [NonceReboot12xx](https://github.com/ur0/NonceReboot12XX) for iOS 12.0-12.1.2;
6. [GeneratorAutoSetter](https://github.com/Halo-Michael/GeneratorAutoSetter) for checkra1n jailbreak on iOS / iPadOS 13.x. Install it from Cydia's developer repo (https://halo-michael.github.io/repo/) on device.
## Using dimentio
To set generator with dimentio:
1. Open your package manager on your jailbroken iDevice
1. Add [https://repo.1conan.com](https://repo.1conan.com) to your sources.
1. Add [https://repo.chariz.com](https://repo.chariz.com) to your sources.
2. Download and install dimentio
3. Download and install NewTerm2
4. If you're on iOS 14.0 or above:
- Install `libkernrw` if you're using Taurine
- Install `libkrw` if you're using unc0ver
- checkra1n/odysseyra1n users don't need to install anything extra
5. Open NewTerm 2 on your iDevice and type the following command:
```su root -c 'dimentio [generator]'```
- `[generator]` should be the APNonce generator you just grabbed.
Example: `su root -c 'dimentio 0x1111111111111111'`
6. When asked for a password, enter your root password
- By default, this is set to `alpine`
7. Near the end of the text, you should see the line `Set nonce to [generator].` This indicates that your generator has been set successfully.
## Using jailbreak tools:
#### Method 3: Using jailbreak tools
Use jailbreak tools for setting boot-nonce generator:
1. [Meridian](https://meridian.sparkes.zone) for iOS 10.x;
2. [backr00m](https://nito.tv) or greeng0blin for tvOS 10.2-11.1;
3. [Electra and ElectraTV](https://coolstar.org/electra) for iOS and tvOS 11.x;
4. [unc0ver](https://unc0ver.dev) for iOS 11.0-12.2, 12.4.x;
5. [Chimera and ChimeraTV](https://chimera.sh) for iOS 12.0-12.2, 12.4 and tvOS 12.0-12.2, 12.4.
4. [Chimera and ChimeraTV](https://chimera.sh) for iOS 12.0-12.2, 12.4 and tvOS 12.0-12.2, 12.4.
5. [Odyssey](https://theodyssey.dev/) for iOS 13.0-13.7
- Note that there are some reported issues with Odyssey's generator setter. Using it is not recommended.
6. [Taurine](https://taurine.app/) for iOS 14.0-14.3
7. [unc0ver](https://unc0ver.dev) for iOS 11.0-14.3
### Activate tfp0, if jailbreak doesn't allow it
#### Method 1 (if jailbroken on iOS 9.2-9.3.x)
* reboot;
* reactivate jailbreak with [Luca Todesco](https://github.com/kpwn)'s [JailbreakMe](https://jbme.qwertyoruiop.com/);
* done.
#### Method 2 (if jailbroken on iOS 8.0-8.1 with [Pangu8](https://en.8.pangu.io))
* install this [untether DEB-file](http://apt.saurik.com/beta/pangu8-tfp0/io.pangu.xuanyuansword8_0.5_iphoneos-arm.deb) with included tfp0 patch
#### Method 3 (if jailbroken on iOS 7.x with [Pangu7](https://en.7.pangu.io))
* install this [untether DEB-file](http://apt.saurik.com/debs/io.pangu.axe7_0.3_iphoneos-arm.deb) with included tfp0 patch
## Firmware Signing Info
#### Method 4
* Use [cl0ver](https://github.com/Siguza/cl0ver) for iOS 9.x.
Currently you can restore to the following versions with the latest SEP and baseband for your device:
A7 and A8: 11.3-12.5.3
A9 and A10: 14.0-14.6
A11 devices and newer: 14.3-14.6
---
## 2) Prometheus (64-bit device) - ApNonce collision method (Recovery mode)
# Common Issues
## SEP Firmware is not being signed
This problem occurs when the user tries to manually specify SEP from the *target* version, instead of from the *latest* available version. To fix this problem, either choose the `latest-sep` argument or manually specify a SEP from the latest available iOS version.
## Could not connect to device in recovery mode / Failed to place device in recovery mode
**NOTE:** if the error is similarly named, follow these steps too.
If your device is in recovery mode:
- Run FutureRestore again while your device is in recovery mode.
If your device is not in recovery mode:
- Enter recovery mode manually, then run FutureRestore again.
## Device ApNonce doesn't match APTicket nonce
This error means that you have not set your generator on your device to that of the blob. In order to solve this problem, you must set your generator with [dimentio](#using-dimentio) or any [jailbreak tool](#using-jailbreak-tools).
- If after following the steps you still cannot resolve this issue, your generator may not correspond to its respective APNonce.
- If you saved blobs while unjailbroken on A12+ without [getnonce](https://github.com/nyuszika7h/getnonce) or [blobsaver v3](https://github.com/airsquared/blobsaver/releases/tag/v3.0.1), your APNonce/generator pair is invalid. This cannot be resolved.
## Unable to send iBEC (error -8)
1. Leave the device plugged in, it'll stay on the Recovery screen;
2. Head over to Device Manager under Control Panel in Windows;
3. Locate "Apple Recovery (iBoot) USB Composite Device" (at the bottom);
4. Right click and choose "Uninstall device".
You may see a tick box that allows you to uninstall the driver software as well, tick that (all the three Apple mobile device entries under USB devices will disappear);
5. Unplug the device and re-plug it in;
6. Go back to futurerestore and send the restore command again (just press the up arrow to get it back, then enter).
7. Error `-8` should now be fixed.
## Error: Unable to receive message from FDR...
The fix for this is either waiting (it can take a very long time) or just re-trying the process.
This is an error that has been diagnosed but no fix for it is available as of the time of writing this.
---
# 2) Prometheus (64-bit device) - ApNonce collision method (Recovery mode)
### Requirements
- **Device with A7 chip on iOS 9.1 - 10.2 or iOS 10.3 beta 1**;
- Jailbreak doesn't required;
- Signing ticket files (`.shsh`, `.shsh2`, `.plist`) with a customly chosen ApNonce;
- Jailbreak isn't required;
- Signing ticket files (`.shsh`, `.shsh2`, `.plist`) with a custom ApNonce;
- Signing ticket files needs to have one of the ApNonces, which the device generates a lot;
### Info
You can downgrade if the destination firmware version, if it is compatible with the **latest signed SEP and baseband**. You also need to have **special signing ticket files**. If you don't know what this is, you probably can **NOT** use this method!
You can downgrade if the destination firmware version, if it is compatible with the [latest sep and baseband!](#firmware-signing-info). You also need to have **special signing ticket files**. If you don't know what this is, you probably can **NOT** use this method!
### How to use
1. Connect your device in normal or recovery mode;
@ -171,19 +210,22 @@ You can downgrade if the destination firmware version, if it is compatible with
* If you have saved multiple signing tickets with different nonces you can specify more than
one to speed up the process: `futurerestore -w -t t1.shsh -t t2.shsh -t t3.shsh -t t4.shsh --latest-baseband --latest-sep firmware.ipsw`
---
## 3) Prometheus (64-bit device) - ApNonce collision method (DFU mode)
# 3) Prometheus (64-bit device) - ApNonce collision method (DFU mode)
### Requirements
- __Devices with A7 (iPhone 5s, iPad Air, iPad mini 2), A8 (iPhone 6 [+], iPad mini [2,3,4], iPod touch [6th generation]) and A8X (iPad Air 2) chips on all firmwares;__
- __Devices have been released after ~September, 2015 {PROBABLY};__
- Jailbreak doesn't required;
- A device with an A7 SoC:
* (iPhone 5s, iPad Air, iPad mini 2), A8 (iPhone 6 [+], iPad mini [2,3,4], iPod touch [6th generation]) and A8X (iPad Air 2) chips on all firmwares
- __Devices that have been released after ~ September, 2015 {PROBABLY};__
- Jailbreak isn't required;
- Signing ticket files (`.shsh`, `.shsh2`, `.plist`) with a customly chosen APNonce;
- Signing ticket files needs to have one of the ApNonces, which the device generates a lot;
- __[img4tool](https://github.com/tihmstar/img4tool) can't be used for Windows [problem with signing iBSS/iBEC], now it's TO-DO;__
### Info
You can downgrade if the destination firmware version, if it is compatible with the **latest signed SEP and baseband**. You also need to have **special signing ticket files**. If you don't know what this is, you probably can **NOT** use this method!
You can downgrade if the destination firmware version, if it is compatible with the [latest SEP and baseband](#firmware-signing-info). You also need to have **special signing ticket files**. If you don't know what this is, you probably can **NOT** use this method!
### How to use
1. Connect your device in DFU mode;
@ -212,12 +254,14 @@ You can downgrade if the destination firmware version, if it is compatible with
### Requirements
- futurerestore compiled with libipatcher;
- Jailbreak or bootrom exploit (limera1n, checkm8);
- **32-bit**: firmware keys for the device/destination firmware version must be public (check ipsw.me);
- **64-bit**: devices with **A12** and **A13** chips is **NOT** compatible with this method;
- Signing ticket files (`.shsh`, `.shsh2`, `.plist`) from by destination firmware (OTA blobs work too!).
- **32-bit**: firmware keys for the device/destination firmware version must be public (check [ipsw.me](https://ipsw.me))
- **64-bit**: Signing ticket files (`.shsh`, `.shsh2`, `.plist`) for the destination firmware (OTA blobs work too!).
### Info
If you have a jailbroken device, you can downgrade to **any** firmware version you have blobs for. You can still get OTA blobs for iOS 6.1.3, 8.4.1 or 10.3.3 for some devices and use those.
If you have a jailbroken device, you can downgrade to **any** firmware version you have blobs for, as long as the [baseband](#firmware-signing-info) is compatible, SEP does not have to be compatible.
You can still get OTA blobs for iOS 6.1.3, 8.4.1 or 10.3.3 for some devices and use those.
### How to use
1. Get device into kDFU/pwnDFU
@ -228,25 +272,23 @@ If you have a jailbroken device, you can downgrade to **any** firmware version y
* Any 64-bit device:
* Enter to pwnDFU mode and patch signature check with special fork of [ipwndfu](https://github.com/LinusHenze/ipwndfu_public)
2. Connect your device to computer in kDFU mode (or pwnDFU mode)
3. On the computer run `futurerestore --use-pwndfu -t ticket.shsh --latest-baseband firmware.ipsw`
### Youtube
<a href="http://www.youtube.com/watch?feature=player_embedded&v=FQfcybsEWmM" target="_blank"><img src="http://img.youtube.com/vi/FQfcybsEWmM/0.jpg" alt="Odysseus" width="240" height="180"/></a> *futurerestore + libipatcher*
<a href="http://www.youtube.com/watch?feature=player_embedded&v=8Ro4g6StPeI" target="_blank"><img src="http://img.youtube.com/vi/8Ro4g6StPeI/0.jpg" alt="Odysseus" width="240" height="180"/></a> *kDFU app*
<a href="http://www.youtube.com/watch?feature=player_embedded&v=Wo7mGdMcjxw" target="_blank"><img src="http://img.youtube.com/vi/Wo7mGdMcjxw/0.jpg" alt="Odysseus" width="240" height="180"/></a> *Enter kDFU mode (watch up to the point where the screen goes black)*
You can use **any** odysseus bundle for this.
3. On the computer run `futurerestore --use-pwndfu -t ticket.shsh --latest-baseband -d firmware.ipsw`
- You can use **any** odysseus bundle for this.
## 5) iOS 9.x re-restore bug by @alitek123 (only for 32-bit devices)
### Requirements
- Jailbreak doesn't required;
- Jailbreak isn't required;
- Signing ticket files (`.shsh`, `.shsh2`, `.plist`) from by iOS 9.x without ApNonce (noNonce APTickets)
### Info
If you have **signing tickets files for iOS 9.x**, which **do not contain a ApNonce**, you can restore to that firmware.
If you have **signing ticket files for iOS 9.x**, which **do not contain a ApNonce**, you can restore to that firmware.
### How to use
1. Connect your device in DFU mode
2. On the computer run `futurerestore -t ticket.shsh --latest-baseband ios9.ipsw`
---
## Report an issue
Before you report an issue, please check that it is not mentioned in the [Common Issues section](#common-issues).
If it is not, you can report your issue [here](https://github.com/m1stadev/futurerestore/issues).