Unable to get into recovery after setting nonce

[antonioag95]

After several attempts I can correctly set the nonce on iPhone 7+ GSM on iOS 10.3.1 (iPhone 9,4 but another user reports the same with iPhone 9,3) but this seems to break the ability of the device to get into recovery mode. Futurerestore won't work because it can't get into recovery and ReiBoot won't work for the same reason. If I reboot the device and if I DON'T set the nonce, ReiBoot will successfully place the iPhone into recovery mode so I guess it must be a problem with v0rtexNonce.

[arx8x]

If the value displayed on the app after you hit enter matches the one you input, it wrote the value to nvram successfully. Don't directly go into recovery. Power-down, boot up and then go into recovery.

Also, after reiboot or futurerestore fails, if you run the app again, does the generator remain or does it reset back to 'unavailable'?

[antonioag95]

A question for you: if I power down and boot up again my iPhone, will the nonce be still set? Isn't the nonce "cleaned" every time the device reboots?

EDIT: I rebooted the phone and if I open your app the nonce set is the same. Can I try now to use futurerestore?

EDIT 2: If after setting the nonce and rebooting I try to open the app and there is no error it will show me the nonce I had already set, if an error saying to reboot appears then the nonce will be "unavailable"

[ghost]

I experience the same problem as antonioag95, the app tells that it set the nonce succesfully, but it wont go directly to recovery mode, after doing it manually it says the apticket does not match the nonce.

It looks like the nonce resets after rebooting/ going to recovery mode.

EDIT: I have set 3 times nonceset, manually powered off and powered on. V0rtexnonce still says current generator -unavailable-

[HuFVdk]

Same here (iPhone SE 10.3.2 N69AP)

[yamensati]

Same problem here on iphone 7 plus (gsm) ios 10.3.1, phone wont go on recovery with futurerestore

[arx8x]

@antonioag95 The whole idea of NVram is to be the Non-Volatile RAM, where the value doesn't get reset between reboots/shut-downs.

You can restore. But check with -w and -t params first before attempting a restore.

The app has to read the generator from NVRAM. And for that, it needs to escape sandbox(sandboxed apps are very limited on iOS9+). So, if the exploit fails, it can't read generator. That's why it says 'unavailable'. If the exploit runs successfully, it can read the generator and display it in the app, as you have seen.

[arx8x]

@forzabatur

refer to the last few replies in #22

[yamensati]

Once reset, the nonce will reset and will go back to unavailable..

[arx8x]

@yamensati Please follow what @uarx replied in #22

[antonioag95]

@arx8x Thank you for your support, I successfully upgraded the iPhone now. I confirm that after rebooting the device, the nonce is still set and this can be confirmed by opening your app again. So, rebooting is necessary for it to work on my iPhone.

To be extra sure of the nonce set, I added "-w" to the command and this time the iPhone was correctly placed into recovery mode and has been upgraded to iOS 11.1.2.