albyvar
commented
7 years ago @tihmstar Please help
Open albyvar opened 7 years ago
albyvar
commented
7 years ago @tihmstar Please help
da1996
commented
7 years ago Same here: iMac-di-Daniele:futurerestore-latest(1) daniele$ ./futurerestore_macos -t /Users/daniele/Desktop/**_6.1.3-10B329_cydia.shsh /Users/daniele/Desktop/iPad3\,1_6.1.3_10B329_Restore.ipsw --no-baseband Version: d8b69365ecb78414d8a6bf024d449133f581b6d4 - 106 [INFO] 32bit device detected futurerestore init done reading ticket /Users/daniele/Desktop/**_6.1.3-10B329_cydia.shsh done INFO: device serial number is ***
WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband! if you added this flag by mistake you can press CTRL-C now to cancel continuing restore in 5 4 3 2 1 Found device in Recovery mode Device already in Recovery mode Found device in Recovery mode Identified device as j1ap, iPad3,1 Extracting BuildManifest from IPSW Product Version: 6.1.3 Product Build: 10B329 Major: 10 Device supports Image4: false checking APTicket to be valid for this restore... Verified ECID in APTicket matches device ECID [WARNING] skipping buildIdentity check for 32bit devices! If the APTicket doesn't match the selected buildidentity, restore WILL NOT WORK!!!!!!! continuing in 5 seconds ... Variant: Customer Erase Install (IPSW) This restore will erase your device data. Using cached filesystem from '/Users/daniele/Desktop/iPad3,1_6.1.3_10B329_Restore/048-2734-005.dmg' Sending APTicket (2742 bytes) Extracting iBEC.j1ap.RELEASE.dfu... Not personalizing component iBEC... Sending iBEC (285156 bytes)... waiting for device to reconnect... Getting ApNonce in recovery mode... a0 95 b0 5c b2 f3 53 20 07 5e 4b 98 99 6f c2 9e 88 cf c0 46 [WARNING] Setting bgcolor to green! If you don't see a green screen, then your device didn't boot iBEC correctly Sending APTicket (2742 bytes) Recovery Mode Environment: iBoot build-version=iBoot-1537.9.55 iBoot build-style=RELEASE Sending RestoreLogo... Extracting applelogo@2x.s5l8945x.img3... Not personalizing component RestoreLogo... Sending RestoreLogo (15204 bytes)... ramdisk-size=RELEASE Extracting 048-2557-005.dmg... Personalizing IMG3 component RestoreRamDisk... reconstructed size: 9955738 Sending RestoreRamDisk (9955738 bytes)... Extracting DeviceTree.j1ap.img3... Not personalizing component RestoreDeviceTree... Sending RestoreDeviceTree (82020 bytes)... Extracting kernelcache.release.j1... Personalizing IMG3 component RestoreKernelCache... reconstructed size: 7813082 Sending RestoreKernelCache (7813082 bytes)... About to restore device... Waiting for device...
ghost
commented
7 years ago Repost my log here, add failcode. Valid apticket saved from ifaith (no nonce from apticketnoncechecker.py). Device will boot after exit recovery.
Version: 1f0cda0d0625cdc5b86b8a82071627ec038361d6 - 108 [INFO] 32bit device detected futurerestore init done reading ticket /Users/Lucas/Desktop/1.plist done INFO: device serial number is
WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband! if you added this flag by mistake you can press CTRL-C now to cancel continuing restore in 5 4 3 2 1 Found device in Recovery mode Device already in Recovery mode Found device in Recovery mode Identified device as n78ap, iPod5,1 Extracting BuildManifest from IPSW Product Version: 7.1.2 Product Build: 11D257 Major: 11 Device supports Image4: false checking APTicket to be valid for this restore... Verified ECID in APTicket matches device ECID [WARNING] skipping buildIdentity check for 32bit devices! If the APTicket doesn't match the selected buildidentity, restore WILL NOT WORK!!!!!!! continuing in 5 seconds ... Variant: Customer Erase Install (IPSW) This restore will erase your device data. Using cached filesystem from '/Users/Lucas/Desktop/iPod5,1_7.1.2_11D257_Restore/058-4385-009.dmg' Sending APTicket (2719 bytes) Extracting iBEC.n78ap.RELEASE.dfu... Not personalizing component iBEC... Sending iBEC (278924 bytes)... waiting for device to reconnect... Getting ApNonce in recovery mode... 50 6d 7c e0 e6 ba f6 13 01 05 75 5c bd 16 f5 f5 2b f5 32 b6 [WARNING] Setting bgcolor to green! If you don't see a green screen, then your device didn't boot iBEC correctly Sending APTicket (2719 bytes) Recovery Mode Environment: iBoot build-version=iBoot-1940.10.58 iBoot build-style=RELEASE Sending RestoreLogo... Extracting applelogo@2x~iphone.s5l8942x.img3... Not personalizing component RestoreLogo... Sending RestoreLogo (6796 bytes)... ramdisk-size=0x4000000 Extracting 058-4322-012.dmg... Not personalizing component RestoreRamDisk... Sending RestoreRamDisk (8892684 bytes)... Extracting DeviceTree.n78ap.img3... Not personalizing component RestoreDeviceTree... Sending RestoreDeviceTree (76044 bytes)... Extracting kernelcache.release.n78... Not personalizing component RestoreKernelCache... Sending RestoreKernelCache (8496396 bytes)... About to restore device... Waiting for device... ERROR: Unable to connect to device in restore mode ERROR: Unable to open device in restore mode [Error] ERROR: Unable to restore device Done: restoring failed. Failed with errorcode=-11
albyvar
commented
7 years ago The problem is that the device loads ibec, loads restoreramdisk and restorekernelcache, but does not enter in restore mode (when the progress bar is shown)
albyvar
commented
7 years ago found 8.3 shsh and got the same result
da1996
commented
7 years ago ok but what can we do ? i got the same result with 8.3 , 6.1, 6.1.3, 5.1.1 .... Are you sure that futurerestore works with iOS 8 or lower ? Or it only supports iOS 9.X blobs ? @tihmstar could you help we ?
albyvar
commented
7 years ago Maybe only 9.x blobs :(
aofathy
commented
7 years ago Trying that with 6.1.3 shsh on iPad3,1 gives me the exact same error too.
tihmstar
commented
7 years ago Are you using ota blobs? That's the buildidentity check which isn't implemented for 32bit :/ I should add that though.
Basically you cannot use ota blobs, because the ramdisk is different, thus the restore ramdisk will not boot with ota blobs
da1996
commented
7 years ago @tihmstar but my shshs are erase.. π π
tihmstar
commented
7 years ago Can you check with version 111 ?
da1996
commented
7 years ago Not at the moment :/
ghost
commented
7 years ago Seems it does not fix for me :/ log is here Lucas-MacAir:futurerestore Lucas$ futurerestore -t /Users/Lucas/Desktop/1.plist --no-baseband /Users/Lucas/Desktop/iPod5\,1_7.1.2_11D257_Restore.ipsw
Version: eeefc9ef410c8563eda6ac7e51ecc8f23f2abb1f - 111
ERROR: Device is in an invalid state
[INFO] 32bit device detected
futurerestore init done
reading ticket /Users/Lucas/Desktop/1.plist done
INFO: device serial number is
WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband!
if you added this flag by mistake you can press CTRL-C now to cancel
continuing restore in 5 4 3 2 1
Found device in Recovery mode
Device already in Recovery mode
Found device in Recovery mode
Identified device as n78ap, iPod5,1
Extracting BuildManifest from IPSW
Product Version: 7.1.2
Product Build: 11D257 Major: 11
Device supports Image4: false
checking APTicket to be valid for this restore...
Verified ECID in APTicket matches device ECID
[WARNING] full buildidentity check is not implemented, only comparing ramdisk hash.
Verified APTicket to be valid for this restore
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Using cached filesystem from '/Users/Lucas/Desktop/iPod5,1_7.1.2_11D257_Restore/058-4385-009.dmg'
Sending APTicket (2719 bytes)
Extracting iBEC.n78ap.RELEASE.dfu...
Not personalizing component iBEC...
Sending iBEC (278924 bytes)...
waiting for device to reconnect...
Getting ApNonce in recovery mode... 30 26 db d2 db bb b7 0d a1 6f 30 19 9b 65 ae b2 4a 96 50 cb
[WARNING] Setting bgcolor to green! If you don't see a green screen, then your device didn't boot iBEC correctly
Sending APTicket (2719 bytes)
Recovery Mode Environment:
iBoot build-version=iBoot-1940.10.58
iBoot build-style=RELEASE
Sending RestoreLogo...
Extracting applelogo@2x~iphone.s5l8942x.img3...
Not personalizing component RestoreLogo...
Sending RestoreLogo (6796 bytes)...
ramdisk-size=0x4000000
Extracting 058-4322-012.dmg...
Not personalizing component RestoreRamDisk...
Sending RestoreRamDisk (8892684 bytes)...
Extracting DeviceTree.n78ap.img3...
Not personalizing component RestoreDeviceTree...
Sending RestoreDeviceTree (76044 bytes)...
Extracting kernelcache.release.n78...
Not personalizing component RestoreKernelCache...
Sending RestoreKernelCache (8496396 bytes)...
About to restore device...
Waiting for device... ERROR: Unable to connect to device in restore mode ERROR: Unable to open device in restore mode [Error] ERROR: Unable to restore device Done: restoring failed. Failed with errorcode=-11
ghost
commented
7 years ago @tihmstar How to identify ota blobs? Actually I used ota blobs, but they do not work since they have nonces (future restore will fail directly saying device nonce not matched).
albyvar
commented
7 years ago @tihmstar I think my shsh are erase, anyway to be sure, with what tool can i check?
tihmstar
commented
7 years ago Oh i think i got the problem. So after the screen flashes green do you see the apple logo or is it black? If it's black then you successfully booted the iBEC, but you can't boot any other components (like apple logo, ramdisk etc). This is likely because your shsh files don't have a nonce and you're using the iOS 9 re-restore bug. The issue is while iOS 9 skips the check, iOS 7/8/10 whatever, do not. So after booting the iOS 7 iBEC the check works and it realizes the nonce doesn't match.
I'll add checks later to make sure those blobs only restore to iOS9.
albyvar
commented
7 years ago The screen is black for me. But i have another question at this point. MIkkDA blobs do not work. But is there a reason for this? Because only iOS 9 shsh i saved was for 9.3.4 but unfortunately is MikkDA
da1996
commented
7 years ago @tihmstar black screen after ibec load
aofathy
commented
7 years ago @tihmstar Using v114 on (macOS 10.10.5) with 6.1.3 blobs still stuck on Waiting for device and black screen on device.
./futurerestore_macos -t XXXXXXXX_6.1.3-10B329_cydia.shsh --no-baseband iPad3,1_6.1.3_10B329_Restore.ipsw
Version: 7152d931c90adac8c66c1b5189231d586951d3f2 - 114
ERROR: Device is in an invalid state
[INFO] 32bit device detected
futurerestore init done
reading ticket XXXXXXXX_6.1.3-10B329_cydia.shsh done
WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband!
if you added this flag by mistake you can press CTRL-C now to cancel
continuing restore in 5 4 3 2 1
Found device in Normal mode
Entering recovery mode...
INFO: device serial number is XXXXXXXX
Found device in Recovery mode
Identified device as j1ap, iPad3,1
Extracting BuildManifest from IPSW
Product Version: 6.1.3
Product Build: 10B329 Major: 10
Device supports Image4: false
checking APTicket to be valid for this restore...
Verified ECID in APTicket matches device ECID
[WARNING] full buildidentity check is not implemented, only comparing ramdisk hash.
Verified APTicket to be valid for this restore
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Using cached filesystem from 'iPad3,1_6.1.3_10B329_Restore/048-2734-005.dmg'
Sending APTicket (2742 bytes)
Extracting iBEC.j1ap.RELEASE.dfu...
Not personalizing component iBEC...
Sending iBEC (285156 bytes)...
waiting for device to reconnect...
Getting ApNonce in recovery mode... a8 bf b8 65 b5 47 79 44 28 88 92 41 cc c8 96 04 0a d4 78 82
[WARNING] Setting bgcolor to green! If you don't see a green screen, then your device didn't boot iBEC correctly
Sending APTicket (2742 bytes)
Recovery Mode Environment:
iBoot build-version=iBoot-1537.9.55
iBoot build-style=RELEASE
Sending RestoreLogo...
Extracting applelogo@2x.s5l8945x.img3...
Not personalizing component RestoreLogo...
Sending RestoreLogo (15204 bytes)...
ramdisk-size=RELEASE
Extracting 048-2557-005.dmg...
Personalizing IMG3 component RestoreRamDisk...
reconstructed size: 9955738
Sending RestoreRamDisk (9955738 bytes)...
Extracting DeviceTree.j1ap.img3...
Not personalizing component RestoreDeviceTree...
Sending RestoreDeviceTree (82020 bytes)...
Extracting kernelcache.release.j1...
Personalizing IMG3 component RestoreKernelCache...
reconstructed size: 7813082
Sending RestoreKernelCache (7813082 bytes)...
About to restore device...
Waiting for device...@tihmstar I don't know if this is possible, but could you add an option to skip the nonce of the shsh file, so MIkkqDA blobs would work?
da1996
commented
7 years ago @tihmstar futurerestore will support shsh for iOS 8 or lower ? v117 iMac-di-Daniele:futurerestore-latest(3) daniele$ ./futurerestore_macos -t /Users/daniele/Desktop/iPad\ 3/SHSH\ iPad\ 3/****_6.1.3-10B329_cydia.shsh --no-baseband /Users/daniele/Desktop/iPad\ 3/iPad3\,1_6.1.3_10B329_Restore.ipsw Version: e2d0d263e560103a064866c2953cb744080b2142 - 117 [INFO] 32bit device detected futurerestore init done reading ticket /Users/daniele/Desktop/iPad 3/SHSH iPad 3/**_6.1.3-10B329_cydia.shsh done
WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband! if you added this flag by mistake you can press CTRL-C now to cancel continuing restore in 5 4 3 2 1 Found device in Normal mode Entering recovery mode... INFO: device serial number is **** Found device in Recovery mode Identified device as j1ap, iPad3,1 Extracting BuildManifest from IPSW Product Version: 6.1.3 Product Build: 10B329 Major: 10 Device supports Image4: false Got APNonce from device: fa f8 5c 32 5c 6c ac c6 0f 6a 48 ee 69 0b f9 c1 d4 d7 fd 96 [Error] Devicenonce does not match APTicket nonce [Error] maybe you forgot -w ? Done: restoring failed. Failed with errorcode=-20
Computershik
commented
7 years ago @tihmstar Me and my friend have the same problem. I have iPhone 5S Global (64 bit) with iOS 10.3.1 and try to go back to iOS 10.1.1 via Idevicerestore on Windows 7. My friend has an iPhone 5 Global (32 bit) with iOS 10.2.1 and he tries to go back to iOS 10.2 on Mac Sierra. We both get stuck at "waiting for device" via Recovery and on "sending IBEC" via DFU. The iPhone should boot into restore mode, but it doesn't. We even changed "setenv auto-boot true", but it didn't help. Could you help us, please?)
albyvar
commented
7 years ago Check if your shsh2 is good
Yanbanan123
commented
7 years ago this is what i got :
NOTE: using cached version data Found device in DFU mode Identified device as iPad2,4 Extracting BuildManifest from IPSW Product Version: 6.1.3 Product Build: 10B329 Major: 10 Device supports Image4: false Variant: Customer Erase Install (IPSW) This restore will erase your device data. Found ECID 2659507875116 Getting ApNonce in dfu mode... e7 81 64 af 45 e5 e6 ed Trying to fetch new SHSH blob Getting SepNonce in dfu mode... WARNING: Unable to find BbChipID node WARNING: Unable to find BbSkeyId node Request URL set to https://gs.apple.com/TSS/controller?action=2 Sending TSS request attempt 1... TSS server returned: STATUS=94&MESSAGE=This device isn't eligible for the requested build. ERROR: TSS request failed (status=94, message=This device isn't eligible for the requested build.) ERROR: Unable to send TSS request ERROR: Unable to get SHSH blobs for this device
if any answers please help
NOTE: THE SCREEN BECOME GREEN WHEN LOADING IBEC. So i don't think is a problem related to shsh blobs.
iMac-di-alby:futurerestore-latest alby$ ./futurerestore -t cydia.shsh --no-baseband ota.ipsw Version: d8b69365ecb78414d8a6bf024d449133f581b6d4 - 106 [INFO] 32bit device detected futurerestore init done reading ticket cydia.shsh done INFO: device serial number is xxxxxxxxx
WARNING: user specified not to flash a baseband. This can make the restore fail if the device needs a baseband! if you added this flag by mistake you can press CTRL-C now to cancel continuing restore in 5 ^[[A4 3 2 1 Found device in Recovery mode Device already in Recovery mode Found device in Recovery mode Identified device as p105ap, iPad2,5 Extracting BuildManifest from IPSW Product Version: 8.4.1 Product Build: 12H321 Major: 12 Device supports Image4: false checking APTicket to be valid for this restore... Verified ECID in APTicket matches device ECID [WARNING] skipping buildIdentity check for 32bit devices! If the APTicket doesn't match the selected buildidentity, restore WILL NOT WORK!!!!!!! continuing in 5 seconds ... Variant: Customer Erase Install (IPSW) This restore will erase your device data. Using cached filesystem from 'ota/058-24036-023.dmg' Sending APTicket (2716 bytes) Extracting iBEC.p105.RELEASE.dfu... Not personalizing component iBEC... Sending iBEC (283020 bytes)... waiting for device to reconnect... Getting ApNonce in recovery mode... bd 8d b0 85 ab 85 55 39 b5 4a 23 63 32 26 8e 21 1f 6b ce 4d [WARNING] Setting bgcolor to green! If you don't see a green screen, then your device didn't boot iBEC correctly Sending APTicket (2716 bytes) Recovery Mode Environment: iBoot build-version=iBoot-2261.30.37 iBoot build-style=RELEASE Sending RestoreLogo... Extracting applelogo.s5l8942x.img3... Not personalizing component RestoreLogo... Sending RestoreLogo (5388 bytes)... ramdisk-size=0x4000000 Extracting 058-23992-023.dmg... Not personalizing component RestoreRamDisk... Sending RestoreRamDisk (16621836 bytes)... Extracting DeviceTree.p105ap.img3... Not personalizing component RestoreDeviceTree... Sending RestoreDeviceTree (79500 bytes)... Extracting kernelcache.release.p105... Not personalizing component RestoreKernelCache... Sending RestoreKernelCache (9295564 bytes)... About to restore device... Waiting for device...