I am on macOS Monterey btw. I did everything perfectly, I think. The only issue I had was using ipwndfu but I just used gaster and it worked. However when I enter the restore command this is what happens.
christos@Christoss-Mac-Mini sunst0rm % python3 sunstorm.py -i /Users/christos/sunst0rm/iPhone_4.0_64bit_11.3_15E216_Restore.ipsw -t /Users/christos/Blobs/6656995878968_iPhone6\,2_n53ap_12.5.6-16H71_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 -r -d N53AP --kpp
sunst0rm
Made by mineek
Some code by m1n1exploit
[] Extracting IPSW
[] Extracting RamDisk
rdsk
[] Mounting RamDisk
/dev/disk3 /Users/christos/sunst0rm/work/ramdisk
[] Patching ASR in the RamDisk
getting get_asr_patch()
[] Image failed signature verification 0x7f94080397fe
[] Image passed signature verification 0x7f94080397da
[] Assembling arm64 branch
[] Writing out patched file to work/patched_asr
[] Extracting ASR Ents
[] Resigning ASR
[] Chmoding ASR
[] Copying Patched ASR back to the RamDisk
[] Patching Restored External
file size: 614624
getting get_skip_sealing_patch()
patch not found!
[] Extracting Restored External Ents
[] Resigning Restored External
ldid.cpp(3332): _assert(): errno=2
[] Chmoding Restored External
chmod: work/restored_external_patched: No such file or directory
[] Copying Patched Restored External back to the RamDisk
cp: work/restored_external_patched: No such file or directory
[] Detaching RamDisk
"disk3" ejected.
[] Creating RamDisk
Reading work/ramdisk.dmg...
IM4P outputted to: work/ramdisk.im4p
[] Extracting Kernel
Reading work/kernelcache.release.iphone6...
[NOTE] Image4 payload data is LZSS compressed, decompressing...
Extracted extra Image4 payload data: to work/kpp.bin.
Extracted Image4 payload data to: work/kcache.raw
[] Patching Kernel
main: Starting...
Kernel: Adding AppleFirmwareUpdate img4 signature check patch...
get_AppleFirmwareUpdate_img4_signature_check: Entering ...
get_AppleFirmwareUpdate_img4_signature_check: Could not find "%s::%s() Performing img4 validation outside of workloop" string
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-4570 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x669643
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xa57874
get_amfi_out_of_my_way_patch: Patching AMFI at 0xa5634c
main: Writing out patched file to work/krnl.patched...
main: Quitting...
[] Rebuilding Kernel
Reading work/krnl.patched...
Reading extra: work/kpp.bin...
Compressing payload using LZSS...
IM4P outputted to: work/krnl.im4p
[] Done!
[?] Do you want to restore the device? (y/n)
y
[?] Are you in pwndfu with sigchecks removed? (y/n)
n
[!] You need to enter pwndfu
[!] You can restore the device later using futurestore like this: futurerestore -t blob --use-pwndfu --skip-blob --rdsk work/ramdisk.im4p --rkrn work/krnl.im4p --latest-sep --latest-baseband ipsw.ipsw
christos@Christoss-Mac-Mini sunst0rm % python3 sunstorm.py -i /Users/christos/sunst0rm/iPhone_4.0_64bit_11.3_15E216_Restore.ipsw -t /Users/christos/Blobs/6656995878968_iPhone6\,2_n53ap_12.5.6-16H71_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 -r -d N53AP --kpp
sunst0rm
Made by mineek
Some code by m1n1exploit
[] Extracting IPSW
[] Extracting RamDisk
rdsk
[] Mounting RamDisk
/dev/disk3 /Users/christos/sunst0rm/work/ramdisk
[] Patching ASR in the RamDisk
getting get_asr_patch()
[] Image failed signature verification 0x7fb2b00397fe
[] Image passed signature verification 0x7fb2b00397da
[] Assembling arm64 branch
[] Writing out patched file to work/patched_asr
[] Extracting ASR Ents
[] Resigning ASR
[] Chmoding ASR
[] Copying Patched ASR back to the RamDisk
[] Patching Restored External
file size: 614624
getting get_skip_sealing_patch()
patch not found!
[] Extracting Restored External Ents
[] Resigning Restored External
ldid.cpp(3332): _assert(): errno=2
[] Chmoding Restored External
chmod: work/restored_external_patched: No such file or directory
[] Copying Patched Restored External back to the RamDisk
cp: work/restored_external_patched: No such file or directory
[] Detaching RamDisk
"disk3" ejected.
[] Creating RamDisk
Reading work/ramdisk.dmg...
IM4P outputted to: work/ramdisk.im4p
[] Extracting Kernel
Reading work/kernelcache.release.iphone6...
[NOTE] Image4 payload data is LZSS compressed, decompressing...
Extracted extra Image4 payload data: to work/kpp.bin.
Extracted Image4 payload data to: work/kcache.raw
[] Patching Kernel
main: Starting...
Kernel: Adding AppleFirmwareUpdate img4 signature check patch...
get_AppleFirmwareUpdate_img4_signature_check: Entering ...
get_AppleFirmwareUpdate_img4_signature_check: Could not find "%s::%s() Performing img4 validation outside of workloop" string
Kernel: Adding AMFI_get_out_of_my_way patch...
get_amfi_out_of_my_way_patch: Entering ...
get_amfi_out_of_my_way_patch: Kernel-4570 inputted
get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x669643
get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xa57874
get_amfi_out_of_my_way_patch: Patching AMFI at 0xa5634c
main: Writing out patched file to work/krnl.patched...
main: Quitting...
[] Rebuilding Kernel
Reading work/krnl.patched...
Reading extra: work/kpp.bin...
Compressing payload using LZSS...
IM4P outputted to: work/krnl.im4p
[] Done!
[?] Do you want to restore the device? (y/n)
y
[?] Are you in pwndfu with sigchecks removed? (y/n)
y
[*] Restoring Device
Version: 0ab9df3209ee599f581532d05d331e6abe0f53f3 - 194
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f
libipatcher version: 0.82-0b2f79ff0917ef9b8a92475d93d9466b23fc2322
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
futurerestore: unrecognized option `--skip-blob'
Usage: futurerestore [OPTIONS] iPSW
Allows restoring to non-matching firmware with custom SEP+baseband
General options:
-t, --apticket PATH Signing tickets used for restoring
-u, --update Update instead of erase install (requires appropriate APTicket)
DO NOT use this parameter, if you update from jailbroken firmware!
-w, --wait Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable)
-d, --debug Show all code, use to save a log for debug testing
-e, --exit-recovery Exit recovery mode and quit
Options for downgrading with Odysseus:
--use-pwndfu Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already
--just-boot="-v" Tethered booting the device from pwned DFU mode. You can optionally set boot-args
Options for SEP:
--latest-sep Use latest signed SEP instead of manually specifying one (may cause bad restore)
-s, --sep PATH SEP to be flashed
-m, --sep-manifest PATH BuildManifest for requesting SEP ticket
Options for baseband:
--latest-baseband Use latest signed baseband instead of manually specifying one (may cause bad restore)
-b, --baseband PATH Baseband to be flashed
-p, --baseband-manifest PATH BuildManifest for requesting baseband ticket
--no-baseband Skip checks and don't flash baseband
Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads)
I am on macOS Monterey btw. I did everything perfectly, I think. The only issue I had was using ipwndfu but I just used gaster and it worked. However when I enter the restore command this is what happens.
christos@Christoss-Mac-Mini sunst0rm % python3 sunstorm.py -i /Users/christos/sunst0rm/iPhone_4.0_64bit_11.3_15E216_Restore.ipsw -t /Users/christos/Blobs/6656995878968_iPhone6\,2_n53ap_12.5.6-16H71_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 -r -d N53AP --kpp sunst0rm Made by mineek Some code by m1n1exploit [] Extracting IPSW [] Extracting RamDisk rdsk [] Mounting RamDisk /dev/disk3 /Users/christos/sunst0rm/work/ramdisk [] Patching ASR in the RamDisk getting get_asr_patch() [] Image failed signature verification 0x7f94080397fe [] Image passed signature verification 0x7f94080397da [] Assembling arm64 branch [] Writing out patched file to work/patched_asr [] Extracting ASR Ents [] Resigning ASR [] Chmoding ASR [] Copying Patched ASR back to the RamDisk [] Patching Restored External file size: 614624 getting get_skip_sealing_patch() patch not found! [] Extracting Restored External Ents [] Resigning Restored External ldid.cpp(3332): _assert(): errno=2 [] Chmoding Restored External chmod: work/restored_external_patched: No such file or directory [] Copying Patched Restored External back to the RamDisk cp: work/restored_external_patched: No such file or directory [] Detaching RamDisk "disk3" ejected. [] Creating RamDisk Reading work/ramdisk.dmg... IM4P outputted to: work/ramdisk.im4p [] Extracting Kernel Reading work/kernelcache.release.iphone6... [NOTE] Image4 payload data is LZSS compressed, decompressing... Extracted extra Image4 payload data: to work/kpp.bin. Extracted Image4 payload data to: work/kcache.raw [] Patching Kernel main: Starting... Kernel: Adding AppleFirmwareUpdate img4 signature check patch... get_AppleFirmwareUpdate_img4_signature_check: Entering ... get_AppleFirmwareUpdate_img4_signature_check: Could not find "%s::%s() Performing img4 validation outside of workloop" string Kernel: Adding AMFI_get_out_of_my_way patch... get_amfi_out_of_my_way_patch: Entering ... get_amfi_out_of_my_way_patch: Kernel-4570 inputted get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x669643 get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xa57874 get_amfi_out_of_my_way_patch: Patching AMFI at 0xa5634c main: Writing out patched file to work/krnl.patched... main: Quitting... [] Rebuilding Kernel Reading work/krnl.patched... Reading extra: work/kpp.bin... Compressing payload using LZSS... IM4P outputted to: work/krnl.im4p [] Done! [?] Do you want to restore the device? (y/n) y [?] Are you in pwndfu with sigchecks removed? (y/n) n [!] You need to enter pwndfu [!] You can restore the device later using futurestore like this: futurerestore -t blob --use-pwndfu --skip-blob --rdsk work/ramdisk.im4p --rkrn work/krnl.im4p --latest-sep --latest-baseband ipsw.ipsw christos@Christoss-Mac-Mini sunst0rm % python3 sunstorm.py -i /Users/christos/sunst0rm/iPhone_4.0_64bit_11.3_15E216_Restore.ipsw -t /Users/christos/Blobs/6656995878968_iPhone6\,2_n53ap_12.5.6-16H71_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 -r -d N53AP --kpp sunst0rm Made by mineek Some code by m1n1exploit [] Extracting IPSW [] Extracting RamDisk rdsk [] Mounting RamDisk /dev/disk3 /Users/christos/sunst0rm/work/ramdisk [] Patching ASR in the RamDisk getting get_asr_patch() [] Image failed signature verification 0x7fb2b00397fe [] Image passed signature verification 0x7fb2b00397da [] Assembling arm64 branch [] Writing out patched file to work/patched_asr [] Extracting ASR Ents [] Resigning ASR [] Chmoding ASR [] Copying Patched ASR back to the RamDisk [] Patching Restored External file size: 614624 getting get_skip_sealing_patch() patch not found! [] Extracting Restored External Ents [] Resigning Restored External ldid.cpp(3332): _assert(): errno=2 [] Chmoding Restored External chmod: work/restored_external_patched: No such file or directory [] Copying Patched Restored External back to the RamDisk cp: work/restored_external_patched: No such file or directory [] Detaching RamDisk "disk3" ejected. [] Creating RamDisk Reading work/ramdisk.dmg... IM4P outputted to: work/ramdisk.im4p [] Extracting Kernel Reading work/kernelcache.release.iphone6... [NOTE] Image4 payload data is LZSS compressed, decompressing... Extracted extra Image4 payload data: to work/kpp.bin. Extracted Image4 payload data to: work/kcache.raw [] Patching Kernel main: Starting... Kernel: Adding AppleFirmwareUpdate img4 signature check patch... get_AppleFirmwareUpdate_img4_signature_check: Entering ... get_AppleFirmwareUpdate_img4_signature_check: Could not find "%s::%s() Performing img4 validation outside of workloop" string Kernel: Adding AMFI_get_out_of_my_way patch... get_amfi_out_of_my_way_patch: Entering ... get_amfi_out_of_my_way_patch: Kernel-4570 inputted get_amfi_out_of_my_way_patch: Found entitlements too small str loc at 0x669643 get_amfi_out_of_my_way_patch: Found entitlements too small str ref at 0xa57874 get_amfi_out_of_my_way_patch: Patching AMFI at 0xa5634c main: Writing out patched file to work/krnl.patched... main: Quitting... [] Rebuilding Kernel Reading work/krnl.patched... Reading extra: work/kpp.bin... Compressing payload using LZSS... IM4P outputted to: work/krnl.im4p [] Done! [?] Do you want to restore the device? (y/n) y [?] Are you in pwndfu with sigchecks removed? (y/n) y [*] Restoring Device Version: 0ab9df3209ee599f581532d05d331e6abe0f53f3 - 194 img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f libipatcher version: 0.82-0b2f79ff0917ef9b8a92475d93d9466b23fc2322 Odysseus for 32-bit support: yes Odysseus for 64-bit support: yes futurerestore: unrecognized option `--skip-blob' Usage: futurerestore [OPTIONS] iPSW Allows restoring to non-matching firmware with custom SEP+baseband
General options: -t, --apticket PATH Signing tickets used for restoring -u, --update Update instead of erase install (requires appropriate APTicket) DO NOT use this parameter, if you update from jailbroken firmware! -w, --wait Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable) -d, --debug Show all code, use to save a log for debug testing -e, --exit-recovery Exit recovery mode and quit
Options for downgrading with Odysseus: --use-pwndfu Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already --just-boot="-v" Tethered booting the device from pwned DFU mode. You can optionally set boot-args
Options for SEP: --latest-sep Use latest signed SEP instead of manually specifying one (may cause bad restore) -s, --sep PATH SEP to be flashed -m, --sep-manifest PATH BuildManifest for requesting SEP ticket
Options for baseband: --latest-baseband Use latest signed baseband instead of manually specifying one (may cause bad restore) -b, --baseband PATH Baseband to be flashed -p, --baseband-manifest PATH BuildManifest for requesting baseband ticket --no-baseband Skip checks and don't flash baseband Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads)
[] Done! [] Cleaning [*] Done!
can anyone help?