diosra2’s blog

iOSの脱獄、ダウングレード

iOSの署名状況(β)

Prepare to restore iPhone 5s to iOS 11.3.1 using futurerestore without jailbreak

スポンサーリンク
 

Important

My English is poor :(

*For Japanese: iPhone 5sなら脱獄なしでもiOS 11.3.1維持が可能!準備をしておこう。

 

On the iPhone 5s (and perhaps the iPad Air) you can restore it by collisioning it with shsh2's nonce, letting you do the DFU Loop as before . As something, Ian Beer is supposed to release what is likely to be useful for iOS 11.3.1 next week, so let's prepare first.

By adopting this method, it is conditional if there is SEP compatibility between iOS 11.3 and iOS 11.x, but iOS 11.3.1 can be maintained.

 

Advance Preparation 1

Collect Nonce of DFU Mode. Those who have already done are unnecessary.

What to prepare

*Mac

*igetnonce

*device

*Leisure and perseverance

 

Procedure

Use igetnonce to collect nonce. First, build igetnonce with Xcode.

After, connect the device to Mac with DFU Mode. When the Mac recognizes the device, run igetnonce on Terminal.

User$ ./igetnonce

Version: undefined commit - undefined version

Identified device as n51ap, iPhone6,1 in dfu mode... 

ecid=xxxxxxxxxxx

ApNonce=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 Please record 20 bytes (40 digits) Nonce in the part of ApNonce=~

After recording, forcibly restart the device and enter DFU Mode again. Then record ApNonce in the same way, collect forcibly restart, DFU Mode... repeat it over and over again.

I think that it can be collected considerably from 30 minutes to about 1 hour. Let's put together a lot of nonces among them. I will describe it later, but Nonce should be record more. (When you record a lot of Nonce, the trouble of obtaining shsh2 increases, but it takes less time in the later operation.)

 

Advance Preparation 2

Even if you collected Nonce, since it is meaningless unless you save shsh2, get shsh2 of Nonce obtained earlier.

 

What to prepare

· Mac or linux

· tsschecker: tsschecker-latest.zip

 

1, Preparation

First, iTunes will check the ECID.

(You can also check it with igetnonce so you can do that.)

2, Get model code

For example, Japanese iPhone 5s (iPhone 6,1) it is "n51ap".

(You can also check it with igetnonce so you can do that.)

In addition, you can check with SysSecInfo.

 

open redsn0w.

Extras -> Even more -> Identify

  

it is "Hardware Model".

In this case it is n71ap.

 

3, Save of SHSH

After confirming, Save shsh2 with tsschecker.

 

First, save as usual. "generator" is generated as usual. It is much easier to set Nonce by using generator if you have jailbreak, so let's go on this.

If ECID is a hexadecimal number, please head 0x. (Example: "0x5F" if display is "5F")

User$ ./tsschecker --boardconfig [Model_Code] -e [ECID] -i [VERSION] -s

If you can save shsh2, you will see such a message.

iOS 11.3.1 for device iPhone6,1 IS being signed!

"~.shsh2" file will be generated, so that file will be shsh2 containing the generator.

 

Next, save shsh2 with ApNonce specified.

Add "--apnonce" to the previous command, then set the Nonce acquired earlier and save shsh2.

User$ ./tsschecker --boardconfig [Model_Code] -e [ECID] -i [VERSION] -s --apnonce [NONCE]

If you can save shsh2, you will see such a message.

iOS 11.3.1 for device iPhone6,1 IS being signed!

"~.shsh2" file will be generated, so that file will be shsh2 containing the ApNonce specified.

 

Preparation is complete.

Copyright (C) 2017-2018 Diosra2. All Rights Reserved.