Running dimentio without argument silently overwrites generator on iOS 14

[greybaron]

Running dimentio without setting a new generator should only get data like the entangled nonce. However when doing this on iOS 14, with the generator set by unc0ver, dimentio resets the generator to a seemingly random value and reads back the new nonce. This new nonce is accurate and persists rebooting, however since dimentio does not report the new generator, one would assume the reported nonce matches the generator set by unc0ver, which it does not. This would cause saving invalid blobs when relying on the new nonce.

This was tested on an iPad8,1 A12X iOS 14.3

[0x7ff]

Hey greybaron, Dimentio should report the current nonce if you ran without arguments. The issue happens on unc0ver 6+ as it sets the nonce without using the AppleMobileApNonce's generateNonce method as iOS 14 introduced com.apple.security.iokit-user-client-class entitlement. They set the nonce earlier than bypassing codesigning, so they chose not to use generateNonce, but they probably renamed the variable "com.apple.System.boot-nonce". Dimentio may use that method in the future.

[greybaron]

Hello, thank you for your reply. How about in that case adding a warning text in the mean time, that the info does not match the known generator if set by unc0ver 6? I assume it may be possible to detect if running on iOS 14+unc0ver.

[0x7ff]

Should be fixed with the latest commit. Thanks for reporting.