The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Futurerestore"
Nyuszika7H (talk | contribs) (→Requirements: This should be part of a single list) |
m (→CLI) |
||
(14 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{DISPLAYTITLE:futurerestore}} |
{{DISPLAYTITLE:futurerestore}} |
||
− | '''futurerestore''' is a tool to downgrade, upgrade, and/or restore to unsigned versions of iOS, iPadOS, and tvOS. |
+ | '''futurerestore''' is a tool to [[Firmware downgrading|downgrade]], [[Update Ramdisk|upgrade]], and/or [[Restore Ramdisk|restore]] to unsigned versions of iOS, iPadOS, and tvOS. Contrary to popular belief, futurerestore in itself is not a restoring tool, rather a wrapper for idevicerestore that allows manually specifying the SEP and Baseband firmwares for restoring. |
+ | {{infobox software |
||
− | In essence, it’s described as a "a modified idevicerestore wrapper, which allows manually specifying SEP and baseband for restoring". |
||
+ | | name = Futurerestore |
||
+ | | title = Futurerestore |
||
+ | | author = [https://twitter.com/tihmstar tihmstar] |
||
+ | | developer = [https://twitter.com/tihmstar tihmstar], [https://github.com/Cryptiiiic Cryptic], [https://github.com/m1stadev Adam (m1stadev)] |
||
+ | | released = {{start date and age|2016|09|14}} |
||
+ | | latest release version = 194 (macOS, Windows, Linux) |
||
+ | | latest release date = {{Start date and age|2021|3|2}} |
||
+ | | operating system = [[wikipedia:macOS|macOS]] / [[wikipedia:Windows|Windows]] / [[wikipedia:Linux|Linux]] |
||
+ | | language = [[wikipedia:English|English]] |
||
+ | | status = Active |
||
+ | | genre = Restoring |
||
+ | }} |
||
+ | |||
+ | == Methods == |
||
+ | |||
+ | FutureRestore most commonly uses the [[Prometheus]] method, which utilises a [[wikipedia:Replay attack|replay attack]] in Apple's [[APTicket]] restore verification system. Any APTicket depends on the following conditions to be consistent with the device the ticket is being used to restore: |
||
+ | *[[BORD|Board ID]] |
||
+ | *[[ECID]] |
||
+ | *[[Application Processor|Chip ID]] |
||
+ | *[[Nonce#APTicket| APNonce]] |
||
+ | *[[Firmware|Unique Build ID]] |
||
+ | |||
+ | If any of the following conditions are not met, the replay attack will fail and the [[Application Processor|AP]] will refuse to flash the firmware onto the device. |
||
== Requirements == |
== Requirements == |
||
Line 7: | Line 30: | ||
The following are requirements in order to use futurerestore: |
The following are requirements in order to use futurerestore: |
||
+ | # A valid [[APTicket]] for your device and [[Firmware|firmware]] version you want to restore to. |
||
− | # An SHSH blob |
||
− | # IPSW of the |
+ | # The [[IPSW]] of the target firmware that you want to restore to for your device |
− | # A |
+ | # A way to set your device's boot-[[nonce]] (see note below) |
+ | # A signed [[SEP]] '''and''' [[Baseband]] which is [https://github.com/m1stadev/futurerestore/tree/test#firmware-signing-info compatible] with the target firmware for your device |
||
− | # The SEP '''and''' BB of the version you are restoring to must be compatible with a signed firmware |
||
− | == |
+ | ===Notes=== |
+ | * If your device uses an [[T8015|Apple A11]] or older, you can use [[ipwndfu]] and [https://github.com3/libimobiledevice/libirecovery libirecovery] to upload a pwned [[iBSS]] and set your boot nonce,<br/>but all newer devices using an [[T8020|Apple A12]] or newer must use a jailbreak to set their boot nonce, as it is entangled with the [[UID_key|UID Key]]. |
||
− | There are two main ways to use futurerestore, CLI and GUI. |
||
+ | * '''The SEP and Baseband firmware MUST be compatible with the firmware version you are restoring to or the restore will fail.''' |
||
− | + | == Options == |
|
− | [https://github.com/m1stadev/futurerestore/releases/ Download futurerestore] for your OS. |
||
+ | futurerestore has several options, these include: |
||
− | Newer test builds are available from the [https://github.com/m1stadev/futurerestore/actions test branch]. This may be needed for some A14 devices and Wi-Fi only iPads. |
||
+ | * <code>-u</code>/<code>--update</code>: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including corrupted [/var] leading to a recovery mode loop. |
||
− | Open a terminal or command prompt, then write in the following command: |
||
+ | * <code>--no-baseband</code>: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads. |
||
+ | * <code>--exit-recovery</code>: This option exits the device out of recovery mode. |
||
+ | * <code>-w</code>/<code>--wait</code>: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions. |
||
+ | * <code> -s</code>/<code>--sep [PATH]</code>: this option allows you to manually specify SEP. SEP files are usually named in this format: <code>sep-firmware.(boardconfig).RELEASE.im4p</code> and can usually be found in the <code>/Firmware/all_flash/</code> directory of an IPSW. after typing <code>-s /path/to/sep.im4p</code>, you must also type <code> -m /path/to/firmware/buildmanifest.plist</code> |
||
+ | * <code>-b</code>/<code>--baseband</code>: this option allows you to manually specify Baseband. baseband files usually begin with MAV/ICE and end in .bbfw. They're usually found in the /Firmware/ directory in IPSW files. After using <code>-b /path/to/baseband.bbfw</code>, you must also type <code>-p /path/to/firmware/BuildManifest.plist</code> |
||
+ | == Restoring == |
||
− | /path/to/futurerestore -t /path/to/blob.shsh2 --latest-sep --latest-baseband /path/to/firmware.ipsw -d |
||
+ | There are two main ways to use futurerestore, CLI and GUI. |
||
− | + | === CLI === |
|
+ | [https://github.com/m1stadev/futurerestore/releases Download] or [https://github.com/m1stadev/futurerestore.git Compile] Futurerestore for your OS. |
||
− | * While -d is optional, it may be harder to troubleshoot without it, as it gives more information on what's happening. |
||
− | * Instead of --latest-sep and --latest-baseband, you can also specify the SEP and baseband you want to use, however it still needs to be signed, and you have to manually download the IPSW and extract it. This is rarely ever necessary, as iOS versions older than the latest are generally unsigned within a week nowadays. |
||
+ | Newer test builds are available from the [https://github.com/m1stadev/futurerestore/actions test branch]. This may be needed for some A14 devices and Wi-Fi only iPads. In order to get the newer builds, open the test branch link, press on the newest workflow run, scroll down to "artifacts" and choose the one appropriate for your OS. |
||
− | === GUI === |
||
+ | Open a terminal or command prompt, then write in the following command: |
||
− | [https://github.com/CoocooFroggy/FutureRestore-GUI/releases/ Download FutureRestore-GUI then select the IPSW and SHSH2 blobs. It's recommended to have "Extra logs" is enabled so we can better help diagnose any issues. If you are upgrading or re-restoring, it's ok to turn on "Preserve Data", however make sure to restore rootfs before doing so. |
||
+ | /path/to/futurerestore -t /path/to/ticket.shsh2 --latest-sep --latest-baseband -d /path/to/firmware.ipsw |
||
− | [[File:Frgui_screenshot.png ]] |
||
− | == |
+ | ==== Notes ==== |
+ | * While <code>-d</code> is optional, it may be harder to troubleshoot without it, as it gives more information on what's happening. |
||
− | futurerestore has several options, these include: |
||
+ | * Instead of <code>--latest-sep</code> and <code>--latest-baseband</code>, you can also specify the SEP and baseband you want to use, however it still needs to be signed, and you have to manually download the IPSW and extract it. This is rarely ever necessary, as iOS versions older than the latest are generally unsigned within a week nowadays. See the options section above to learn more about manually specifying SEP and BB |
||
+ | === GUI === |
||
− | 1. -u, --update: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including recovery loop. |
||
+ | [https://github.com/CoocooFroggy/FutureRestore-GUI/releases/ Download FutureRestore-GUI] then select the IPSW and SHSH2 blobs. It's recommended to have "Extra logs" enabled so we can better help diagnose any issues. If you are upgrading or re-restoring, it's ok to turn on "Preserve Data", however make sure to restore rootfs before doing so. |
||
− | 2. --no-baseband: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads. |
||
+ | [[File:Frgui_screenshot.png]] |
||
− | 3. --exit-recovery: This option exits the device out of recovery mode. |
||
+ | == History == |
||
− | 4. -w, --wait: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions. |
||
+ | {| class="wikitable" |
||
+ | |- |
||
+ | ! Version |
||
+ | ! Date |
||
+ | ! Changes |
||
+ | |- |
||
+ | | 194 |
||
+ | | {{date|2021|03|02}} |
||
+ | | |
||
+ | * Fix Windows compilation |
||
+ | * Fix restoring for devices with multiple boardconfigs (A9 devices) |
||
+ | * Fix --exit-recovery |
||
+ | |- |
||
+ | | 193 |
||
+ | | {{date|2021|03|01}} |
||
+ | | |
||
+ | * Fixed restoring devices without cellular capabilities (like iPods or wifi-only iPads). |
||
+ | |- |
||
+ | | 189 |
||
+ | | {{date|2021|02|13}} |
||
+ | | |
||
+ | * Update idevicerestore submodule to support iOS 14 |
||
+ | |} |
Latest revision as of 14:27, 24 June 2021
futurerestore is a tool to downgrade, upgrade, and/or restore to unsigned versions of iOS, iPadOS, and tvOS. Contrary to popular belief, futurerestore in itself is not a restoring tool, rather a wrapper for idevicerestore that allows manually specifying the SEP and Baseband firmwares for restoring.
Original author(s) | tihmstar |
---|---|
Developer(s) | tihmstar, Cryptic, Adam (m1stadev) |
Initial release | 14 September 2016 |
Stable release | 194 (macOS, Windows, Linux) / 2 March 2021 |
Development status | Active |
Operating system | macOS / Windows / Linux |
Available in | English |
Type | Restoring |
Contents
Methods
FutureRestore most commonly uses the Prometheus method, which utilises a replay attack in Apple's APTicket restore verification system. Any APTicket depends on the following conditions to be consistent with the device the ticket is being used to restore:
If any of the following conditions are not met, the replay attack will fail and the AP will refuse to flash the firmware onto the device.
Requirements
The following are requirements in order to use futurerestore:
- A valid APTicket for your device and firmware version you want to restore to.
- The IPSW of the target firmware that you want to restore to for your device
- A way to set your device's boot-nonce (see note below)
- A signed SEP and Baseband which is compatible with the target firmware for your device
Notes
- If your device uses an Apple A11 or older, you can use ipwndfu and libirecovery to upload a pwned iBSS and set your boot nonce,
but all newer devices using an Apple A12 or newer must use a jailbreak to set their boot nonce, as it is entangled with the UID Key. - The SEP and Baseband firmware MUST be compatible with the firmware version you are restoring to or the restore will fail.
Options
futurerestore has several options, these include:
-u
/--update
: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including corrupted [/var] leading to a recovery mode loop.--no-baseband
: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads.--exit-recovery
: This option exits the device out of recovery mode.-w
/--wait
: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions.-s
/--sep [PATH]
: this option allows you to manually specify SEP. SEP files are usually named in this format:sep-firmware.(boardconfig).RELEASE.im4p
and can usually be found in the/Firmware/all_flash/
directory of an IPSW. after typing-s /path/to/sep.im4p
, you must also type-m /path/to/firmware/buildmanifest.plist
-b
/--baseband
: this option allows you to manually specify Baseband. baseband files usually begin with MAV/ICE and end in .bbfw. They're usually found in the /Firmware/ directory in IPSW files. After using-b /path/to/baseband.bbfw
, you must also type-p /path/to/firmware/BuildManifest.plist
Restoring
There are two main ways to use futurerestore, CLI and GUI.
CLI
Download or Compile Futurerestore for your OS.
Newer test builds are available from the test branch. This may be needed for some A14 devices and Wi-Fi only iPads. In order to get the newer builds, open the test branch link, press on the newest workflow run, scroll down to "artifacts" and choose the one appropriate for your OS.
Open a terminal or command prompt, then write in the following command:
/path/to/futurerestore -t /path/to/ticket.shsh2 --latest-sep --latest-baseband -d /path/to/firmware.ipsw
Notes
- While
-d
is optional, it may be harder to troubleshoot without it, as it gives more information on what's happening. - Instead of
--latest-sep
and--latest-baseband
, you can also specify the SEP and baseband you want to use, however it still needs to be signed, and you have to manually download the IPSW and extract it. This is rarely ever necessary, as iOS versions older than the latest are generally unsigned within a week nowadays. See the options section above to learn more about manually specifying SEP and BB
GUI
Download FutureRestore-GUI then select the IPSW and SHSH2 blobs. It's recommended to have "Extra logs" enabled so we can better help diagnose any issues. If you are upgrading or re-restoring, it's ok to turn on "Preserve Data", however make sure to restore rootfs before doing so.
History
Version | Date | Changes |
---|---|---|
194 | 2 March 2021 |
|
193 | 1 March 2021 |
|
189 | 13 February 2021 |
|