Rollback with futurerestore (Odysseus) | For iPhone (4S, 5, 5C), iPod touch 5G, iPad (2, 3, 4), iPad mini 1
AirShark @ 11/14/17, 2:51 PM
I changed the version in plist and update 8.4.1 itself began to swing and the norms were established
AirShark, I tried, I reset the settings after the rollback and the device is hellishly "buggy":
- jail on 8.4.1 is not set (or rather put but sidium does not work, writes errors)
- nothing is set up from the account in the appstore, says the appstore entry has never been used.
I think this is due to resetting the settings, i.e. With such a decrease in the firmware, the old garbage from the Jail remains, and resetting all problems leads to a rifle.
I wanted to cheat, changed the version to 6 and launched Cydia Eraser (Cydia Impactor), but this utility and version returned it back (((how can you get it to bypass the plist file and not return it? This would solve the problem.
And is it normal for you after a rollback through the replacement of the firmware version in the plist jail became? reset settings tried?
For a normal rollback, he has already prepared the virtual machine and corrected the files, but does not want to leave for kDFU, although it may leave, but the device does not see the tuna (((I don’t even know what else to try.
mal__, And through plist I installed 8.4.1 and through this method, the device is still buggy on this version. It's easier to install 9.3.5 with jail and install the coolbooter and install the desired firmware from 6.0 to 7.1.2 AirShark, I did not find in the description of the coolbooter support for iPad mini, did you check? works?
And in fact, I really want a normal stable firmware to have the main one, even if the coolbooter works on a mini, and then the stub turns into a bucket with all these manipulations)))
If anyone had experience of a more stable transfer of a minicar to kDFU, tell me, can you have any thoughts? Maybe someone has access to the developer kDFUApp and you can ask him to add support for minikov? or know how to eliminate the restoration of the plist in Cydia Eraser (Cydia Impactor)?
At 9.3.5 I don’t want to sit at all, it really slows down the device, it’s very annoying that the pages on the websites regularly fall into error and try to restart cyclically, on 8.4.1 it was not so often, and the principle on 8.4.1 is working faster
AirShark, the most effectivethe wayto roll back to 8.4.1
no errors and problems with the jail and so on. no
Danfrid, Well, this is essentially the same as futurerestore, only futurerestore has great potential, and so the author 1.
Good evening everyone. Dear, please enlighten on the problem:
iPad3 Wi-Fi, rolling back with a certificate to 6.1.2
Everything goes fine until the very end, writes recovery successfully,
an apple with a completely filled band goes out, but that’s all.
The launch of iOs does not occur, the black screen does not react at all to anything.
The iReboot tablet does not see and there is no reaction to more than one combination of buttons.
iTunes sees the iPad in recovery mode, and restores to 9.3.5 without problems
In general, I do not understand why it does not exit kDFU ... Below is the contents of the terminal.
Post has been editedmodelrc - 14.11.17, 21:03
iPad3 Wi-Fi, rolling back with a certificate to 6.1.2
Everything goes fine until the very end, writes recovery successfully,
an apple with a completely filled band goes out, but that’s all.
The launch of iOs does not occur, the black screen does not react at all to anything.
The iReboot tablet does not see and there is no reaction to more than one combination of buttons.
iTunes sees the iPad in recovery mode, and restores to 9.3.5 without problems
In general, I do not understand why it does not exit kDFU ... Below is the contents of the terminal.
Terminal
Last login: Tue Nov 14 19:37:48 on ttys001
MacBook-Pro: ~ ALEX $ cd / Users / ALEX / Desktop / downgrade
MacBook-Pro: downgrade ALEX $ ls
3841110437193-ipad3,1-6.1.2.shsh iPad3,1_6.1.2_10B146_Restore.ipsw
futurerestore_macos
MacBook-Pro: downgrade ALEX $ chmod + x futurerestore_macos
MacBook-Pro: downgrade ALEX $ ./futurerestore_macos -t 3841110437193-ipad3,1-6.1.2.shsh --no-baseband --use-pwndfu iPad3,1_6.1.2_10B146_Restore.ipsw
Version: b99eb8140d8e6c23f34e950102bb79e61c72384d - 152
Libipatcher Version: f32e41d850f51448bd6c588ead9c7d6455733f3c - 44
Odysseus Support: yes
[INFO] 32bit device detected
futurerestore init done
reading ticket 3841110437193-ipad3,1-6.1.2.shsh done
WARNING: baseband. If the device needs a baseband!
you can press CTRL-C now to cancel
continuing restore in 5 4 3 2 1
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as j1ap, iPad3,1
Extracting BuildManifest from IPSW
Product Version: 6.1.2
Product Build: 10B146 Major: 10
Device supports Image4: false
checking APTicket to be valid for this restore ...
Verified ECID in APTicket matches device ECID
[WARNING] skipping ramdisk hash check, since device is in pwnDFU according to user
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Extracting iBSS.j1ap.RELEASE.dfu ...
iBoot32Patch: iBoot-1537 inputted.
patch_rsa_check: Entering ...
find_bl_verify_shsh_5_6_7: Entering ...
find_bl_verify_shsh_5_6_7: Found MOVW instruction at 0x65ee
find_bl_verify_shsh_5_6_7: Found BL verify_shsh at 0x697c
find_bl_verify_shsh_5_6_7: Leaving ...
patch_rsa_check: Patching BL verify_shsh at 0x697c ...
patch_rsa_check: Leaving ...
iBoot32Patch: Quitting ...
Extracting iBEC.j1ap.RELEASE.dfu ...
iBoot32Patch: iBoot-1537 inputted.
patch_ticket_check: Entering ...
patch_ticket_check: Found iBoot baseaddr 0xbff00000
patch_ticket_check: Found iboot_vers_str at 0x280
patch_ticket_check: Found str_pointer at 0x308
patch_ticket_check: Found iboot_str_3_xref at 0x2028c
patch_ticket_check: Found ldr_intruction at 0x201ee
patch_ticket_check: Found last_good_bl at 0x201f6 ...
patch_ticket_check: Found next_pop at 0x20280 ...
patch_ticket_check: Found next_pop at 0xbff20280 ...
patch_ticket_check: Detected prev_mov_r0_fail at 0x20268 ...
patch_ticket_check: Found last_branch at 0x20266 ...
patch_ticket_check: Patching in mov.w r0, # 0 at 0x201fa ...
patch_ticket_check: Patching in mov.w r1, # 0 at 0x201fe ...
patch_ticket_check: NOPing useless stuff at 0x20202 to 0x20268 ...
patch_ticket_check: Detected mov r0, # 0xffffffff at NOPstop
patch_ticket_check: Applying additional mov.w r0, # 0 patch at 0x20268 ...
patch_ticket_check: Leaving ...
patch_rsa_check: Entering ...
find_bl_verify_shsh_5_6_7: Entering ...
find_bl_verify_shsh_5_6_7: Found MOVW instruction at 0x1c2da
find_bl_verify_shsh_5_6_7: Found BL verify_shsh at 0x1c924
find_bl_verify_shsh_5_6_7: Leaving ...
patch_rsa_check: Patching BL verify_shsh at 0x1c924 ...
patch_rsa_check: Leaving ...
iBoot32Patch: Quitting ...
Sending iBSS (76056 bytes) ...
[==================================================] 100.0%
Sending iBEC (284952 bytes) ...
[==================================================] 100.0%
INFO: device serial number is DYVJ3LHADJ8T
Extracting filesystem from IPSW
[==================================================] 100.0%
Sending APTicket (2308 bytes)
Getting ApNonce in recovery mode ... c0 6c 2e d0 07 5f 6b 41 41 47 47 e5 33 22 62 fa b4 66 5c 82
[WARNING] Setting bgcolor to green! IBEC correctly if you don’t see a green screen
Sending APTicket (2308 bytes)
Recovery Mode Environment:
iBoot build-version = iBoot-1537.9.55
iBoot build-style = RELEASE
Sending RestoreLogo ...
Extracting [email protected] ...
Sending RestoreLogo (15008 bytes) ...
ramdisk-size = RELEASE
Extracting 048-0734-002.dmg ...
Sending RestoreRamDisk (9918644 bytes) ...
Extracting DeviceTree.j1ap.img3 ...
Sending RestoreDeviceTree (81832 bytes) ...
Extracting kernelcache.release.j1 ...
Sending RestoreKernelCache (7811796 bytes) ...
About to restore device ...
Waiting for device ...
Device 121a9fde2582a74ff4585ae1e562c61f741010c0 is now connected in restore mode ...
Connecting now ...
Connected to com.apple.mobile.restored, version 12
Device 121a9fde2582a74ff4585ae1e562c61f741010c0 has successfully entered restore mode
Hardware Information:
BoardID: 0
ChipID: 35141
UniqueChipID: 3841110437193
ProductionMode: true
Starting FDR listener thread
ERROR: Unable to connect to FDR client (-2)
ERROR: Failed to start FDR Ctrl channel
Waiting for NAND (28)
Creating partition map (11)
Creating filesystem (12)
Creating filesystem (12)
Checking filesystems (15)
Mounting filesystems (16)
Checking filesystems (15)
Mounting filesystems (16)
Resizing system partition (51)
Unmounting filesystems (29)
Unmounting filesystems (29)
About to send RootTicket ...
Sending RootTicket now ...
Done sending root ticket
About to send filesystem ...
Connected to ASR
Validating the filesystem
Filesystem validated
Sending filesystem now ...
[==================================================] 100.0%
Done sending filesystem
Verifying restore (14)
[==================================================] 100.0%
Checking filesystems (15)
Mounting filesystems (16)
Checking filesystems (15)
Mounting filesystems (16)
About to send KernelCache ...
Extracting kernelcache.release.j1 ...
Personalizing IMG3 component KernelCache ...
reconstructed size: 7812058
Sending KernelCache now ...
Done sending KernelCache
Installing kernelcache (27)
Fixing up / var (17)
Modifying persistent boot-args (25)
About to send NORData ...
Found firmware path Firmware / all_flash / all_flash.j1ap.production
Getting firmware manifest from Firmware / all_flash / all_flash.j1ap.production / manifest
Extracting LLB.j1ap.RELEASE.img3 ...
Personalizing IMG3 component LLB ...
reconstructed size: 150042
Extracting iBoot.j1ap.RELEASE.img3 ...
Not personalizing component iBoot ...
Extracting DeviceTree.j1ap.img3 ...
Not personalizing component DeviceTree ...
Extracting [email protected] ...
Not personalizing component AppleLogo ...
Extracting [email protected] ...
Not personalizing component BatteryLow0 ...
Extracting [email protected] ...
Not personalizing component BatteryLow1 ...
Extracting [email protected] ...
Not personalizing component BatteryCharging ...
Extracting [email protected] ...
Not personalizing component BatteryCharging0 ...
Extracting [email protected] ...
Not personalizing component BatteryCharging1 ...
Extracting [email protected] ...
Not personalizing component BatteryPlugin ...
Extracting [email protected] ...
Not personalizing component BatteryFull ...
Extracting recoverymode@2x~ipad.s5l8945x.img3 ...
Not personalizing component RecoveryMode ...
Sending NORData now ...
Done sending nordata
Flashing firmware (18)
[==================================================] 100.0%
Updating gas gauge software (46)
Updating gas gauge software (46)
Creating system key bag (49)
Resizing system partition (51)
Unmounting filesystems (29)
Unmounting filesystems (29)
Got status message
Status: Restore Finished
Cleaning up ...
DONE
Done: restoring succeeded.
MacBook-Pro: ~ ALEX $ cd / Users / ALEX / Desktop / downgrade
MacBook-Pro: downgrade ALEX $ ls
3841110437193-ipad3,1-6.1.2.shsh iPad3,1_6.1.2_10B146_Restore.ipsw
futurerestore_macos
MacBook-Pro: downgrade ALEX $ chmod + x futurerestore_macos
MacBook-Pro: downgrade ALEX $ ./futurerestore_macos -t 3841110437193-ipad3,1-6.1.2.shsh --no-baseband --use-pwndfu iPad3,1_6.1.2_10B146_Restore.ipsw
Version: b99eb8140d8e6c23f34e950102bb79e61c72384d - 152
Libipatcher Version: f32e41d850f51448bd6c588ead9c7d6455733f3c - 44
Odysseus Support: yes
[INFO] 32bit device detected
futurerestore init done
reading ticket 3841110437193-ipad3,1-6.1.2.shsh done
WARNING: baseband. If the device needs a baseband!
you can press CTRL-C now to cancel
continuing restore in 5 4 3 2 1
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as j1ap, iPad3,1
Extracting BuildManifest from IPSW
Product Version: 6.1.2
Product Build: 10B146 Major: 10
Device supports Image4: false
checking APTicket to be valid for this restore ...
Verified ECID in APTicket matches device ECID
[WARNING] skipping ramdisk hash check, since device is in pwnDFU according to user
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Extracting iBSS.j1ap.RELEASE.dfu ...
iBoot32Patch: iBoot-1537 inputted.
patch_rsa_check: Entering ...
find_bl_verify_shsh_5_6_7: Entering ...
find_bl_verify_shsh_5_6_7: Found MOVW instruction at 0x65ee
find_bl_verify_shsh_5_6_7: Found BL verify_shsh at 0x697c
find_bl_verify_shsh_5_6_7: Leaving ...
patch_rsa_check: Patching BL verify_shsh at 0x697c ...
patch_rsa_check: Leaving ...
iBoot32Patch: Quitting ...
Extracting iBEC.j1ap.RELEASE.dfu ...
iBoot32Patch: iBoot-1537 inputted.
patch_ticket_check: Entering ...
patch_ticket_check: Found iBoot baseaddr 0xbff00000
patch_ticket_check: Found iboot_vers_str at 0x280
patch_ticket_check: Found str_pointer at 0x308
patch_ticket_check: Found iboot_str_3_xref at 0x2028c
patch_ticket_check: Found ldr_intruction at 0x201ee
patch_ticket_check: Found last_good_bl at 0x201f6 ...
patch_ticket_check: Found next_pop at 0x20280 ...
patch_ticket_check: Found next_pop at 0xbff20280 ...
patch_ticket_check: Detected prev_mov_r0_fail at 0x20268 ...
patch_ticket_check: Found last_branch at 0x20266 ...
patch_ticket_check: Patching in mov.w r0, # 0 at 0x201fa ...
patch_ticket_check: Patching in mov.w r1, # 0 at 0x201fe ...
patch_ticket_check: NOPing useless stuff at 0x20202 to 0x20268 ...
patch_ticket_check: Detected mov r0, # 0xffffffff at NOPstop
patch_ticket_check: Applying additional mov.w r0, # 0 patch at 0x20268 ...
patch_ticket_check: Leaving ...
patch_rsa_check: Entering ...
find_bl_verify_shsh_5_6_7: Entering ...
find_bl_verify_shsh_5_6_7: Found MOVW instruction at 0x1c2da
find_bl_verify_shsh_5_6_7: Found BL verify_shsh at 0x1c924
find_bl_verify_shsh_5_6_7: Leaving ...
patch_rsa_check: Patching BL verify_shsh at 0x1c924 ...
patch_rsa_check: Leaving ...
iBoot32Patch: Quitting ...
Sending iBSS (76056 bytes) ...
[==================================================] 100.0%
Sending iBEC (284952 bytes) ...
[==================================================] 100.0%
INFO: device serial number is DYVJ3LHADJ8T
Extracting filesystem from IPSW
[==================================================] 100.0%
Sending APTicket (2308 bytes)
Getting ApNonce in recovery mode ... c0 6c 2e d0 07 5f 6b 41 41 47 47 e5 33 22 62 fa b4 66 5c 82
[WARNING] Setting bgcolor to green! IBEC correctly if you don’t see a green screen
Sending APTicket (2308 bytes)
Recovery Mode Environment:
iBoot build-version = iBoot-1537.9.55
iBoot build-style = RELEASE
Sending RestoreLogo ...
Extracting [email protected] ...
Sending RestoreLogo (15008 bytes) ...
ramdisk-size = RELEASE
Extracting 048-0734-002.dmg ...
Sending RestoreRamDisk (9918644 bytes) ...
Extracting DeviceTree.j1ap.img3 ...
Sending RestoreDeviceTree (81832 bytes) ...
Extracting kernelcache.release.j1 ...
Sending RestoreKernelCache (7811796 bytes) ...
About to restore device ...
Waiting for device ...
Device 121a9fde2582a74ff4585ae1e562c61f741010c0 is now connected in restore mode ...
Connecting now ...
Connected to com.apple.mobile.restored, version 12
Device 121a9fde2582a74ff4585ae1e562c61f741010c0 has successfully entered restore mode
Hardware Information:
BoardID: 0
ChipID: 35141
UniqueChipID: 3841110437193
ProductionMode: true
Starting FDR listener thread
ERROR: Unable to connect to FDR client (-2)
ERROR: Failed to start FDR Ctrl channel
Waiting for NAND (28)
Creating partition map (11)
Creating filesystem (12)
Creating filesystem (12)
Checking filesystems (15)
Mounting filesystems (16)
Checking filesystems (15)
Mounting filesystems (16)
Resizing system partition (51)
Unmounting filesystems (29)
Unmounting filesystems (29)
About to send RootTicket ...
Sending RootTicket now ...
Done sending root ticket
About to send filesystem ...
Connected to ASR
Validating the filesystem
Filesystem validated
Sending filesystem now ...
[==================================================] 100.0%
Done sending filesystem
Verifying restore (14)
[==================================================] 100.0%
Checking filesystems (15)
Mounting filesystems (16)
Checking filesystems (15)
Mounting filesystems (16)
About to send KernelCache ...
Extracting kernelcache.release.j1 ...
Personalizing IMG3 component KernelCache ...
reconstructed size: 7812058
Sending KernelCache now ...
Done sending KernelCache
Installing kernelcache (27)
Fixing up / var (17)
Modifying persistent boot-args (25)
About to send NORData ...
Found firmware path Firmware / all_flash / all_flash.j1ap.production
Getting firmware manifest from Firmware / all_flash / all_flash.j1ap.production / manifest
Extracting LLB.j1ap.RELEASE.img3 ...
Personalizing IMG3 component LLB ...
reconstructed size: 150042
Extracting iBoot.j1ap.RELEASE.img3 ...
Not personalizing component iBoot ...
Extracting DeviceTree.j1ap.img3 ...
Not personalizing component DeviceTree ...
Extracting [email protected] ...
Not personalizing component AppleLogo ...
Extracting [email protected] ...
Not personalizing component BatteryLow0 ...
Extracting [email protected] ...
Not personalizing component BatteryLow1 ...
Extracting [email protected] ...
Not personalizing component BatteryCharging ...
Extracting [email protected] ...
Not personalizing component BatteryCharging0 ...
Extracting [email protected] ...
Not personalizing component BatteryCharging1 ...
Extracting [email protected] ...
Not personalizing component BatteryPlugin ...
Extracting [email protected] ...
Not personalizing component BatteryFull ...
Extracting recoverymode@2x~ipad.s5l8945x.img3 ...
Not personalizing component RecoveryMode ...
Sending NORData now ...
Done sending nordata
Flashing firmware (18)
[==================================================] 100.0%
Updating gas gauge software (46)
Updating gas gauge software (46)
Creating system key bag (49)
Resizing system partition (51)
Unmounting filesystems (29)
Unmounting filesystems (29)
Got status message
Status: Restore Finished
Cleaning up ...
DONE
Done: restoring succeeded.
Post has been editedmodelrc - 14.11.17, 21:03
And if apticket.der from 8.4.0 is saved with ipad 2 gsm via jail and converted via img4tool? Check the cert is not possible, but will it be valid? If not, is it possible to convert with something that the x32 device supports the apticket file in shsh?
Simply, the confusion turns out a certain.
Simply, the confusion turns out a certain.
HeaDekBatHblu<<, I doubt
The certificate must be pulled using odysseus'a, then there will be an opportunity to roll back
HeaDekBatHblu<< @ 15.11.17, 00:13
And if apticket.der from 8.4.0 is saved with ipad 2 gsm via jail and converted via img4tool?
Try, futurerestore will verify the certificate itself.
Post has been editedT0ugh - 15.11.17, 00:24
In general, I don’t know if iOS Downgrade Tool support is being conducted here (Odysseus, the theme is closed), but despite the absence of errors in the log and the inscription "Done!" at the end - when ipad 2.2 is turned on, it gives me an old apple logo and ... lace. Tuna, on the other hand, offers to forcefully update to the latest version, which I don’t want, a reboot with a combination does not give any effect.
What to do?
How to get 6.1.3 or at least 8.4 back (apticker is)?
What to do?
How to get 6.1.3 or at least 8.4 back (apticker is)?
HeaDekBatHblu<<, Read the header and convert and ->Rollback using futurerestore (Odysseus) (Post T0ugh # 67057120)
T0ugh Dear T0ugh, will it not hurt you to look at the 47th post?
With the correct input, I get the wrong result, I broke my whole head ...
I rolled back the iPad 3.3 to 6.1.3 from 9.3.5 according to the instructions from the header - the tablet came to life! Works super smoothly and clearly!
But there is a problem that is very serious for me - Hearthstone: wacko does not start:
I will try to put 6.1.2
MrRomezzz,
Tell me, how did you get shsh and what is the other method?
But there is a problem that is very serious for me - Hearthstone: wacko does not start:
I will try to put 6.1.2
MrRomezzz, Tell me, how did you get shsh and what is the other method?
In general, I noticed an interesting feature when you try to get shsh on a stub 4c, then before 22:30 it always gives this error:
[TSSC] manually specified ecid to use, parsed "2AE601A3D4F" to dec: 2947959897423 hex: 2ae601a3d4f
[TSSC] opening ota.json
[JSON] counting elements
[JSON] parsing elements
[WARNING] [TSSC] error parsing cached ota.json. Trying to redownload
[TSSC] opening ota.json
[DOWN] downloading filehttps://api.ipsw.me/v2.1/ota.json/condensed
[Error] failed to download file from =https://api.ipsw.me/v2.1/ota.json/condensedto = / tmp / ota.json CURLcode = 28
[JSON] counting elements
[JSON] parsing elements
[Error] [TSSC] parsing ota.json failed
But as soon as it is 22:30, all the commands that you entered all day work fine and shsh is saved =)
[TSSC] manually specified ecid to use, parsed "2AE601A3D4F" to dec: 2947959897423 hex: 2ae601a3d4f
[TSSC] opening ota.json
[JSON] counting elements
[JSON] parsing elements
[WARNING] [TSSC] error parsing cached ota.json. Trying to redownload
[TSSC] opening ota.json
[DOWN] downloading filehttps://api.ipsw.me/v2.1/ota.json/condensed
[Error] failed to download file from =https://api.ipsw.me/v2.1/ota.json/condensedto = / tmp / ota.json CURLcode = 28
[JSON] counting elements
[JSON] parsing elements
[Error] [TSSC] parsing ota.json failed
But as soon as it is 22:30, all the commands that you entered all day work fine and shsh is saved =)
I rolled back 4s from 9.3.5 immediately to 8.4.1 bypassing 6.3.1 the flight is normal. Thank you all for the information.
Terrk, another method isOdysseusOTA
During the rollback process, SHSHs are created there, but my method failed. I tried several times until I realized that now I can use the method from this branch. It turned out from the 1st time.
Who has the device ->iPhone (5, 5C), iPad 4, when you roll back from iOS 10, you will encounter the inability to activate the device.
There are no solutions at the moment, be careful.
There are no solutions at the moment, be careful.
Besides
https://github.com/TvC…-patch/FirmwareBundles
https://github.com/Oot…-patch/FirmwareBundles
Are there any bandles somewhere else?
Interested ipad 2.4 7.1.2
https://github.com/TvC…-patch/FirmwareBundles
https://github.com/Oot…-patch/FirmwareBundles
Are there any bandles somewhere else?
Interested ipad 2.4 7.1.2
Good evening to everyone, tell iPad 3 and if there is shsh from 6.1.2, can it be dropped on this firmware, now 8.4.1.
©savagemessiahzine.com2005-2020 All rights reserved.
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement