Difference between revisions of "Futurerestore"

From The iPhone Wiki
Jump to: navigation, search
m (changed iPSW to to IPSW)
Line 1: Line 1:
 
{{DISPLAYTITLE:futurerestore}}
 
{{DISPLAYTITLE:futurerestore}}
'''futurerestore''' is a tool to [[Firmware downgrading|downgrade]], [[Update Ramdisk|upgrade]], and/or [[Restore Ramdisk|restore]] to unsigned versions of iOS, iPadOS, and tvOS.<br/>In essence, it’s described as "a hacked up idevicerestore wrapper, which allows manually specifying SEP and baseband for restoring".
+
'''futurerestore''' is a tool to [[Firmware downgrading|downgrade]], [[Update Ramdisk|upgrade]], and/or [[Restore Ramdisk|restore]] to unsigned versions of iOS, iPadOS, and tvOS. Contrary to popular belief, futurerestore in itself is not a restoring tool, rather a wrapper for idevicerestore that allows manually specifying the SEP and Baseband firmwares for restoring.
 
{{infobox software
 
{{infobox software
 
| name = Futurerestore
 
| name = Futurerestore
Line 14: Line 14:
 
| genre = Restoring
 
| genre = Restoring
 
}}
 
}}
  +
  +
== Methods ==
  +
  +
FutureRestore most commonly uses the [[Prometheus]] method, which utilises a [[wikipedia:Replay attack|replay attack]] in Apple's [[APTicket]] restore verification system. Any APTicket depends on the following conditions to be consistent with the device the ticket is being used to restore:
  +
*[[BORD|Board ID]]
  +
*[[ECID]]
  +
*[[Application Processor|Chip ID]]
  +
*[[Nonce#APTicket| APNonce]]
  +
*[[Firmware|Unique Build ID]]
  +
  +
If any of the following conditions are not met, the replay attack will fail and the [[Application Processor|AP]] will refuse to flash the firmware onto the device.
   
 
== Requirements ==
 
== Requirements ==
Line 19: Line 30:
 
The following are requirements in order to use futurerestore:
 
The following are requirements in order to use futurerestore:
   
# A valid saved [[SHSH]] blob for your device and firmware version you want to restore to
+
# A valid [[APTicket]] for your device and [[Firmware|firmware]] version you want to restore to.
# The [[IPSW]] of the target [[Firmware|firmware]] that you want to restore to for your device
+
# The [[IPSW]] of the target firmware that you want to restore to for your device
# A way to set your boot-[[nonce]] (see note below)
+
# A way to set your device's boot-[[nonce]] (see note below)
# Compatible [[SEP]] '''and''' [[Baseband]] firmwares for the target firmware for your device
+
# A signed [[SEP]] '''and''' [[Baseband]] which is [https://github.com/m1stadev/futurerestore/tree/test#firmware-signing-info compatible] with the target firmware for your device
   
 
===Notes===
 
===Notes===
* If your device uses an [[T8015|Apple A11]] or older, you can use [[ipwndfu]] and [https://github.com/libimobiledevice/libirecovery libirecovery] to upload a pwned [[iBSS]] and set your boot nonce,<br/>but all newer devices using an [[T8020|Apple A12]] or newer must use a jailbreak to set their boot nonce, as it is entangled with the [[UID_key|UID Key]].
+
* If your device uses an [[T8015|Apple A11]] or older, you can use [[ipwndfu]] and [https://github.com3/libimobiledevice/libirecovery libirecovery] to upload a pwned [[iBSS]] and set your boot nonce,<br/>but all newer devices using an [[T8020|Apple A12]] or newer must use a jailbreak to set their boot nonce, as it is entangled with the [[UID_key|UID Key]].
 
* '''The SEP and Baseband firmware MUST be compatible with the firmware version you are restoring to or the restore will fail.'''
 
* '''The SEP and Baseband firmware MUST be compatible with the firmware version you are restoring to or the restore will fail.'''
   
== Usage ==
+
== Options ==
  +
  +
futurerestore has several options, these include:
  +
  +
* <code>-u</code>/<code>--update</code>: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including corrupted [/var] leading to a recovery mode loop.
  +
* <code>--no-baseband</code>: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads.
  +
* <code>--exit-recovery</code>: This option exits the device out of recovery mode.
  +
* <code>-w</code>/<code>--wait</code>: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions.
  +
* <code> -s</code>/<code>--sep [PATH]</code>: this option allows you to manually specify SEP. SEP files are usually named in this format: <code>sep-firmware.(boardconfig).RELEASE.im4p</code> and can usually be found in the <code>/Firmware/all_flash/</code> directory of an IPSW. after typing <code>-s /path/to/sep.im4p</code>, you must also type <code> -m /path/to/firmware/buildmanifest.plist</code>
  +
* <code>-b</code>/<code>--baseband</code>: this option allows you to manually specify Baseband. baseband files usually begin with MAV/ICE and end in .bbfw. They're usually found in the /Firmware/ directory in IPSW files. After using <code>-b /path/to/baseband.bbfw</code>, you must also type <code>-p /path/to/firmware/BuildManifest.plist</code>
  +
  +
== Restoring ==
 
There are two main ways to use futurerestore, CLI and GUI.
 
There are two main ways to use futurerestore, CLI and GUI.
   
Line 34: Line 56:
 
[https://github.com/m1stadev/futurerestore/releases Download] or [https://github.com/m1stadev/futurerestore.git Compile] Futurerestore for your OS.
 
[https://github.com/m1stadev/futurerestore/releases Download] or [https://github.com/m1stadev/futurerestore.git Compile] Futurerestore for your OS.
   
Newer test builds are available from the [https://github.com/m1stadev/futurerestore/actions test branch]. This may be needed for some A14 devices and Wi-Fi only iPads. In order to get the newer builds, open the test branch link, press on the newest workflow run, scroll down to "artifacts" and choose the one appropriate for your OS
+
Newer test builds are available from the [https://github.com/m1stadev/futurerestore/actions test branch]. This may be needed for some A14 devices and Wi-Fi only iPads. In order to get the newer builds, open the test branch link, press on the newest workflow run, scroll down to "artifacts" and choose the one appropriate for your OS.
   
Open a terminal or command prompt, then write in the following command:
+
---Open a terminal or command prompt, then write in the following command:
  +
  +
/path/to/futurerestore -t /path/to/ticket.shsh2 --latest-sep --latest-baseband -d /path/to/firmware.ipsw
   
/path/to/futurerestore -t /path/to/blob.shsh2 --latest-sep --latest-baseband /path/to/firmware.ipsw -d
 
   
 
==== Notes ====
 
==== Notes ====
Line 50: Line 73:
 
[[File:Frgui_screenshot.png]]
 
[[File:Frgui_screenshot.png]]
   
== Options ==
+
== History ==
  +
{| class="wikitable"
futurerestore has several options, these include:
 
  +
|-
 
  +
! Version
* <code>-u</code>/<code>--update</code>: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including recovery loop.
 
  +
! Date
* <code>--no-baseband</code>: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads.
 
  +
! Changes
* <code>--exit-recovery</code>: This option exits the device out of recovery mode.
 
  +
|-
* <code>-w</code>/<code>--wait</code>: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions.
 
  +
| 194
* <code> -s</code>/<code>--sep [PATH]</code>: this option allows you to manually specify SEP. SEP files are usually named in this format: <code>sep-firmware.(boardconfig).RELEASE.im4p</code> and can usually be found in the <code>/Firmware/all_flash/</code> directory of an IPSW. after typing <code>-s /path/to/sep.im4p</code>, you must also type <code> -m /path/to/firmware/buildmanifest.plist</code>
 
  +
| {{date|2021|03|02}}
* <code>-b</code>/<code>--baseband</code>: this option allows you to manually specify Baseband. baseband files usually begin with MAV/ICE and end in .bbfw. They're usually found in the /Firmware/ directory in IPSW files. After using <code>-b /path/to/baseband.bbfw</code>, you must also type <code>-p /path/to/firmware/BuildManifest.plist</code>
 
  +
|
  +
* Fix Windows compilation
  +
* Fix restoring for devices with multiple boardconfigs (A9 devices)
  +
* Fix --exit-recovery
  +
|-
  +
| 193
  +
| {{date|2021|03|01}}
  +
|
  +
* Fixed restoring devices without cellular capabilities (like iPods or wifi-only iPads).
  +
|-
  +
| 189
  +
| {{date|2021|02|13}}
  +
|
  +
* Update idevicerestore submodule to support iOS 14
  +
|}

Revision as of 20:34, 19 June 2021

futurerestore is a tool to downgrade, upgrade, and/or restore to unsigned versions of iOS, iPadOS, and tvOS. Contrary to popular belief, futurerestore in itself is not a restoring tool, rather a wrapper for idevicerestore that allows manually specifying the SEP and Baseband firmwares for restoring.

Futurerestore
Original author(s) tihmstar
Developer(s) tihmstar, Cryptic, Adam (m1stadev)
Initial release 14 September 2016; 8 years ago
Stable release 194 (macOS, Windows, Linux) / 2 March 2021; 3 years ago
Development status Active
Operating system macOS / Windows / Linux
Available in English
Type Restoring

Methods

FutureRestore most commonly uses the Prometheus method, which utilises a replay attack in Apple's APTicket restore verification system. Any APTicket depends on the following conditions to be consistent with the device the ticket is being used to restore:

If any of the following conditions are not met, the replay attack will fail and the AP will refuse to flash the firmware onto the device.

Requirements

The following are requirements in order to use futurerestore:

  1. A valid APTicket for your device and firmware version you want to restore to.
  2. The IPSW of the target firmware that you want to restore to for your device
  3. A way to set your device's boot-nonce (see note below)
  4. A signed SEP and Baseband which is compatible with the target firmware for your device

Notes

  • If your device uses an Apple A11 or older, you can use ipwndfu and libirecovery to upload a pwned iBSS and set your boot nonce,
    but all newer devices using an Apple A12 or newer must use a jailbreak to set their boot nonce, as it is entangled with the UID Key.
  • The SEP and Baseband firmware MUST be compatible with the firmware version you are restoring to or the restore will fail.

Options

futurerestore has several options, these include:

  • -u/--update: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including corrupted [/var] leading to a recovery mode loop.
  • --no-baseband: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads.
  • --exit-recovery: This option exits the device out of recovery mode.
  • -w/--wait: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions.
  • -s/--sep [PATH]: this option allows you to manually specify SEP. SEP files are usually named in this format: sep-firmware.(boardconfig).RELEASE.im4p and can usually be found in the /Firmware/all_flash/ directory of an IPSW. after typing -s /path/to/sep.im4p, you must also type -m /path/to/firmware/buildmanifest.plist
  • -b/--baseband: this option allows you to manually specify Baseband. baseband files usually begin with MAV/ICE and end in .bbfw. They're usually found in the /Firmware/ directory in IPSW files. After using -b /path/to/baseband.bbfw, you must also type -p /path/to/firmware/BuildManifest.plist

Restoring

There are two main ways to use futurerestore, CLI and GUI.

CLI

Download or Compile Futurerestore for your OS.

Newer test builds are available from the test branch. This may be needed for some A14 devices and Wi-Fi only iPads. In order to get the newer builds, open the test branch link, press on the newest workflow run, scroll down to "artifacts" and choose the one appropriate for your OS.

---Open a terminal or command prompt, then write in the following command:

/path/to/futurerestore -t /path/to/ticket.shsh2 --latest-sep --latest-baseband -d /path/to/firmware.ipsw


Notes

  • While -d is optional, it may be harder to troubleshoot without it, as it gives more information on what's happening.
  • Instead of --latest-sep and --latest-baseband, you can also specify the SEP and baseband you want to use, however it still needs to be signed, and you have to manually download the IPSW and extract it. This is rarely ever necessary, as iOS versions older than the latest are generally unsigned within a week nowadays.

GUI

Download FutureRestore-GUI then select the IPSW and SHSH2 blobs. It's recommended to have "Extra logs" enabled so we can better help diagnose any issues. If you are upgrading or re-restoring, it's ok to turn on "Preserve Data", however make sure to restore rootfs before doing so.

Frgui screenshot.png

History

Version Date Changes
194 2 March 2021
  • Fix Windows compilation
  • Fix restoring for devices with multiple boardconfigs (A9 devices)
  • Fix --exit-recovery
193 1 March 2021
  • Fixed restoring devices without cellular capabilities (like iPods or wifi-only iPads).
189 13 February 2021
  • Update idevicerestore submodule to support iOS 14