Fix unexpected error 94 "This device isn't eligible for the requested build." on iOS 15.0 build 19A346 with iPhones X and XR

[yjugl]

Hello,

When using tsschecker to fetch SHSH blobs for iOS 15.0 build 19A346 for my iPhones X and XR, I encountered error 94 This device isn't eligible for the requested build. However, the devices are eligible, and macOS Finder is able to restore them to that version of iOS. After comparing macOS Finder's TSS request to that of tsschecker, I was able to fix the problem by patching tsschecker/tss.c.

While tsschecker currently copies the full Manifest information for the build it selects, it turns out that some entries are removed by macOS Finder. For iPhone10,3 model with iOS 15.0 build 19A346, the keys that were present in tsschecker's request but absent from macOS Finder's were SE,UpdatePayload and numerous keys of the form Savage,{B0,B2,BA,BE,BF}-{Dev,Prod}-Patch{,VT}. In particular, BE and BF keys were not present in the Manifest for iOS 14.8 build 18H17 for which tsschecker does not encounter error 94. Spotting this difference in the requests led me to try the linked patch, which worked for both iPhone10,3 and iPhone11,8 models.

I would not recommend a simpler patch that would just remove keys with a comma in the name because key Ap,SystemVolumeCanonicalMetadata is an example of a key that macOS Finder does not remove from the Manifest. Apart from observing macOS Finder's behavior, I have no global idea regarding which keys should be kept and which should be removed.

For the moment this patch allowed me to save SHSH blobs for my devices, but I was not yet able to restore them to iOS 15.0 build 19A346 with those blobs. Indeed futurerestore depends on tsschecker, so using the available binary releases of futurerestore from m1stadev results in the same error 94 when the tool fetches a ticket for the latest SEP firmware. I do believe though that recompiling m1stadev's fork of the futurerestore tool with the fix for tsschecker would allow one to restore with the saved blobs. I will confirm this when I have the time to recompile futurerestore.

I would like to thank all people who worked on tsschecker and futurerestore, and my employer Quarkslab who let me perform this investigation as R&D time.

[yjugl]

After recompiling futurerestore, I can confirm that for the moment this patch in tsschecker actually breaks futurerestore behavior for the same devices. The patch can be used now to start save SHSH blobs with tsschecker before iOS 15.0 build 19A346 becomes unsigned, however performing successful restores with futurerestore on those devices will require more work.

[yjugl]

The proper fix for this problem is actually to update tss.c by integrating idevicerestore upstream changes. Hence I'm closing this PR and will propose a new one to replace it.