SkillAgentSearch skills...

X8A4

An all-in-one tool for firmware nonces, seeds, and downgrade support

GenerateConvertImprove

Install / Use

/learn @Cryptiiiic/X8A4
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

x8A4

About

An all-in-one tool for firmware nonces, seeds, and downgrade support <br> Get apnonce and generator, cryptex seed and cryptex nonce, dump nonce entanglement keys, set nonces and seeds for the purpose of restoring with saved blobs.

Supported devices

  • Full jailbreak REQUIRED!
    • x8A4 depends on full kernel read/write which is provided to the libkrw library by the jailbreak as a plugin
  • iOS/iPadOS 15.0-18.4
  • RUN AS ROOT!

Credits

| User | Repo | Description | |----------|----------------------|----------------------------------------------------------------------------------| | 0x7FF | dimentio | Thanks 0x7FF for making the original project x8A4 is based off of | | stek29 | nvram | Thanks to stek29 for figuring out the modern nvram unlock method | | stek29 | nonce entanglement | Thanks to stek29 for figuring out how apnonce works on a12+ (nonce entanglement) |

Demo

<div><img src="Resources/x8A4_1.png" width="388" alt="x8A4_1" /><img src="Resources/x8A4_2.png" width="388" alt="x8A4_3" /></div> <div><img src="Resources/x8A4_3.png" width="1388" alt="x8A4_3" /></div>

Research

Original research <br> iOS 16 Downgrading

Usage

| option (short) | option (long) | description | |------------------|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------| | Options: | | -h | --help | Shows this help message | | -v | --verbose | Enables this tool's verbose mode | | -v | --verbose | Enables this tool's verbose mode | | -a | --print-all | Dumps and prints everything :) | | Cryptex Options: | | -x | --get-cryptex-seed | Gets the current Cryptex1 boot seed from nvram | | -t | --get-cryptex-nonce | Calculates the current Cryptex1 boot nonce | | APNonce Options: | | -g | --get-apnonce-generator | Gets the current APNonce generator from nvram | | -n | --get-apnonce | Calculates the current APNonce | | -s | --set-apnonce-generator | Set a specified APNonce generator in nvram | | -c | --clear-apnonce-generator | Clears the current APNonce generator from nvram | | Encryption Key Options: | | -k | --get-accel-key | Gets a specified IOAESAccelerator encryption key from kernel via its ID | | -l | --get-accel-keys | Dumps all of the IOAESAccelerator encryption keys from kernel | | Seed Options: | | -d | --get-nonce-seeds | Dumps all of the nonce seeds domains/nonce slots from nvram | | Secret Menu Options: | | -z | --set-cryptex-nonce | Sets a specified Cryptex1 boot seed in nvram(DANGEROUS: BOOTLOOP!) |

Cryptiiiic

View profile

View on GitHub
GitHub Stars131
CategoryCustomer
Updated3d ago
Forks15
Cryptiiiic/x8A4

Languages

C

Security Score

95/100

Audited on Mar 28, 2026

No findings