The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "IDeviceReRestore"
m |
(update latest version to 1.3) |
||
(7 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
| name = iDeviceReRestore |
| name = iDeviceReRestore |
||
| title = iDeviceReRestore |
| title = iDeviceReRestore |
||
− | | author = [https://twitter.com/alitek123 alitek123], [https://twitter.com/ |
+ | | author = [https://twitter.com/alitek123 alitek123], [https://twitter.com/Trsvsr Trevor], [https://twitter.com/JonathanSeals Jonathan Seals] |
− | | developer = [https://twitter.com/alitek123 alitek123], [https://twitter.com/ |
+ | | developer = [https://twitter.com/alitek123 alitek123], [https://twitter.com/Trsvsr Trevor], [https://twitter.com/JonathanSeals Jonathan Seals] |
| discontinued = |
| discontinued = |
||
| released = {{start date and age|2017|04|02}} |
| released = {{start date and age|2017|04|02}} |
||
− | | latest release version = 1. |
+ | | latest release version = 1.3 (macOS, Windows, Linux) |
− | | latest release date = {{Start date and age| |
+ | | latest release date = {{Start date and age|2018|12|17}} |
− | | operating system = [[wikipedia:macOS|macOS]] / [[wikipedia:Linux|Linux]] |
+ | | operating system = [[wikipedia:macOS|macOS]] / [[wikipedia:Windows|Windows]] / [[wikipedia:Linux|Linux]] |
| language = [[wikipedia:English|English]] |
| language = [[wikipedia:English|English]] |
||
| status = Active |
| status = Active |
||
Line 18: | Line 18: | ||
'''iDeviceReRestore''' is a tool based off of [https://cgit.sukimashita.com/idevicerestore.git/ idevicerestore] that can be used to downgrade 32-bit devices to any iOS 9 version, provided the user has [[SHSH]] blobs for the version. It uses a bug discovered in 32-bit versions of iOS 9.x [[iBoot (Bootloader)|iBoot]]'s APTicket verification routines which allows valid cached tickets with a missing APNonce, regardless of the current nonce. |
'''iDeviceReRestore''' is a tool based off of [https://cgit.sukimashita.com/idevicerestore.git/ idevicerestore] that can be used to downgrade 32-bit devices to any iOS 9 version, provided the user has [[SHSH]] blobs for the version. It uses a bug discovered in 32-bit versions of iOS 9.x [[iBoot (Bootloader)|iBoot]]'s APTicket verification routines which allows valid cached tickets with a missing APNonce, regardless of the current nonce. |
||
− | The bug only exists |
+ | The bug only exists in iOS 9, but it does not require you to currently run iOS 9 to use it. The reasoning being, due to the fact that all 32-bit bootroms (other than [[Apple Watch]]) verify the next bootloader, [[iBSS]], based on SHSH when in [[DFU Mode]] rather than with APTicket, with no enforcement of APNonce, you can always boot into your iBSS you have cached blobs for, via DFU mode, regardless of your current APNonce. Furthermore, 9.x iBSS has the same bug as all other 9.x 32-bit iBoot, and so you can continue a restore straight from there. On a firmware without the bug, or when using an iOS 9.x APTicket with an APNonce, iBSS will not accept your APTicket, and will not continue into the rest of the restore chain. |
== Notes == |
== Notes == |
||
Line 30: | Line 30: | ||
** Restores from DFU require a cached iBSS SHSH blob (dumped blobs will not include this). |
** Restores from DFU require a cached iBSS SHSH blob (dumped blobs will not include this). |
||
** Most tickets saved by [[Cydia]] seem to be usable for this, and include iBSS SHSH blobs. |
** Most tickets saved by [[Cydia]] seem to be usable for this, and include iBSS SHSH blobs. |
||
− | * The technique requires a signed [[baseband]], like [[Prometheus]]. However, between the currently signed basebands for iOS |
+ | * The technique requires a signed [[baseband]], like [[Prometheus]]. However, between the currently signed basebands for iOS 9 and 10, most devices (if not all) should be able to get a working baseband without issues. The tool automatically downloads the most compatible baseband available per device by default, but the user has the option of specifying their own OTA signed baseband. |
* iOS 9 -> iOS 9 restores can be done from [[Recovery Mode]]. Devices on other firmwares must be restored from [[DFU Mode]]. |
* iOS 9 -> iOS 9 restores can be done from [[Recovery Mode]]. Devices on other firmwares must be restored from [[DFU Mode]]. |
||
Latest revision as of 03:21, 18 December 2018
Original author(s) | alitek123, Trevor, Jonathan Seals |
---|---|
Developer(s) | alitek123, Trevor, Jonathan Seals |
Initial release | 2 April 2017 |
Stable release | 1.3 (macOS, Windows, Linux) / 17 December 2018 |
Development status | Active |
Operating system | macOS / Windows / Linux |
Available in | English |
Type | Downgrading |
License | GNU LGPL 2.1 |
Website | iDeviceReRestore |
iDeviceReRestore is a tool based off of idevicerestore that can be used to downgrade 32-bit devices to any iOS 9 version, provided the user has SHSH blobs for the version. It uses a bug discovered in 32-bit versions of iOS 9.x iBoot's APTicket verification routines which allows valid cached tickets with a missing APNonce, regardless of the current nonce.
The bug only exists in iOS 9, but it does not require you to currently run iOS 9 to use it. The reasoning being, due to the fact that all 32-bit bootroms (other than Apple Watch) verify the next bootloader, iBSS, based on SHSH when in DFU Mode rather than with APTicket, with no enforcement of APNonce, you can always boot into your iBSS you have cached blobs for, via DFU mode, regardless of your current APNonce. Furthermore, 9.x iBSS has the same bug as all other 9.x 32-bit iBoot, and so you can continue a restore straight from there. On a firmware without the bug, or when using an iOS 9.x APTicket with an APNonce, iBSS will not accept your APTicket, and will not continue into the rest of the restore chain.
Notes
- iDeviceReRestore works for 32-bit iOS devices only. (Apple Watch is not included.)
- The initial firmware does not matter.
- The initial firmware does not require a jailbreak.
- The destination firmware must be iOS 9.x. SHSH blobs for the destination firmware are required.
- The process does not require keys, bundles, or nonces.
- The SHSH blobs cannot be OTA blobs. They can be Erase or Update blobs, though not all of them will work.
- They must have been saved without a nonce.
- Restores from DFU require a cached iBSS SHSH blob (dumped blobs will not include this).
- Most tickets saved by Cydia seem to be usable for this, and include iBSS SHSH blobs.
- The technique requires a signed baseband, like Prometheus. However, between the currently signed basebands for iOS 9 and 10, most devices (if not all) should be able to get a working baseband without issues. The tool automatically downloads the most compatible baseband available per device by default, but the user has the option of specifying their own OTA signed baseband.
- iOS 9 -> iOS 9 restores can be done from Recovery Mode. Devices on other firmwares must be restored from DFU Mode.