futurerestore

It is a hacked up idevicerestore wrapper, which allows manually specifying SEP and Baseband for restoring.

Latest compiled version can be found here.

Only use if you are sure what you're doing.

---

Features

• Supports the following downgrade methods:
  • Prometheus 64-bit devices (generator and ApNonce collision mode)
  • Odysseus for 32-bit & 64-bit (A7-A11) devices
  • Re-restoring 32-bit devices to iOS 9.x with alitek123's no-ApNonce method (alternative — idevicererestore).
• Allows restoring to non-matching firmware with custom SEP+baseband

Dependencies

• External libs

  Make sure these are installed

  • libzip;
  • libcurl;
  • openssl (or CommonCrypto on macOS/OS X);
  • libplist;
  • libusbmuxd;
  • libirecovery;
  • libimobiledevice;
  • img4tool;
  • liboffsetfinder64;
  • libipatcher

• Submodules

  Make sure these projects compile on your system (install it's dependencies):

  • jssy;
  • tsschecker;
  • idevicerestore

Report an issue

You can do it here.

Restoring on Windows 10

1. Try to restore the device, error -8 occurs;
2. Leave the device plugged in, it'll stay on the Recovery screen;
3. Head over to device manager under control panel in Windows;
4. Locate "Apple Recovery (iBoot) USB Composite Device" (at the bottom);
5. Right click and choose "Uninstall device". You may see a tick box that allows you to uninstall the driver software as well, tick that (all the three Apple mobile device entries under USB devices will disappear);
6. Unplug the device and re-plug it in;
7. Go back to futurerestore and send the restore command again (just press the up arrow to get it back, then enter). Error -8 is now fixed, but the process will fail again after the screen of your device has turned green;
8. Go back to device manager and repeat the driver uninstall process as described above (step 4 to 6);
9. Go back to futurerestore once again and repeat the restore process;
10. The device will reboot and error -10 will also be solved;
11. The restore will now proceed and succeed.

Some about cURL

• Linux: Follow this guide to use tsschecker on Ubuntu 18.04 (Bionic) as it requires libcurl3 which cannot coexist with libcurl4 on this OS.

Help

(might become outdated):

Usage: futurerestore [OPTIONS] iPSW

| option (short) | option (long) | description | |----------------|------------------------------------------|-----------------------------------------------------------------------------------| | -t | --apticket PATH | Signing tickets used for restoring | | -u | --update | Update instead of erase install (requires appropriate APTicket) | | | | DO NOT use this parameter, if you update from jailbroken firmware! | | -w | --wait | Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable) | | -d | --debug | Show all code, use to save a log for debug testing | | -e | --exit-recovery | Exit recovery mode and quit | | | --use-pwndfu | Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already | | | --just-boot "-v" | Tethered booting the device from pwned DFU mode. You can optionally set boot-args | | | --latest-sep | Use latest signed SEP instead of manually specifying one (may cause bad restore) | | -s | --sep PATH | SEP to be flashed | | -m | --sep-manifest PATH | BuildManifest for requesting SEP ticket | | | --latest-baseband | Use latest signed baseband instead of manually specifying one (may cause bad restore) | | -b | --baseband PATH | Baseband to be flashed | | -p | --baseband-manifest PATH | BuildManifest for requesting baseband ticket | | | --no-baseband | Skip checks and don't flash baseband | | | | Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads) |

---

0) What futurerestore can do

Downgrade/Upgrade/Re-restore same mobile firmware version. Whenever you read "downgrade" nowadays it means you can also upgrade and re-restore if you're on the same firmware version. Basically this allows restoring an firmware version and the installed firmware version doesn't matter.

---

1) Prometheus (64-bit device) - generator method

Requirements

• Jailbreak
• signing ticket files (.shsh, .shsh2, .plist) with a generator
• nonceEnabler patch enabled

Info

You can downgrade, if the destination firmware version is compatible with the latest signed SEP and baseband and if you have a signing tickets files with a generator for that firmware version.

How to use

1. Device must be jailbroken and nonceEnabler patch must be active
2. Open signing ticket file and look up the generator

• Looks like this: <key>generator</key><string>0xde3318d224cf14a1</string>

3. Write the generator to device's NVRAM

• Connect with SSH into the device and run nvram com.apple.System.boot-nonce=0xde3318d224cf14a1 to set the generator 0xde3318d224cf14a1
• verify it with nvram -p

4. Connect your device in normal mode to computer
5. On the computer run futurerestore -t ticket.shsh --latest-baseband --latest-sep ios.ipsw

Youtube

<a href="http://www.youtube.com/watch?feature=player_embedded&v=BIMx2Y13Ukc" target="_blank"><img src="http://img.youtube.com/vi/BIMx2Y13Ukc/0.jpg" alt="Prometheus" width="240" height="180"/></a> Prometheus

<a href="http://www.youtube.com/watch?feature=player_embedded&v=UXxpUH71-s4" target="_blank"><img src="http://img.youtube.com/vi/UXxpUH71-s4/0.jpg" alt="Prometheus" width="240" height="180"/></a> nonceEnabler

Recommended methods to activate nonceEnabler patch

Method 1: ios-kern-utils (iOS 7.x-10.x)

1. Install DEB-file of ios-kern-utils on device;
2. Run on the device nvpatch com.apple.System.boot-nonce.

Method 2: Using special applications

Use utilities for setting boot-nonce generator:

1. PhœnixNonce for iOS 9.x;
2. v0rtexnonce for iOS 10.x;
3. Nonceset1112 for iOS 11.0-11.1.2;
4. noncereboot1131UI for iOS 11.0-11.4b3;
5. NonceReboot12xx for iOS 12.0-12.1.2;
6. GeneratorAutoSetter for checkra1n jailbreak on iOS / iPadOS 13.x. Install it from Cydia's developer repo (https://halo-michael.github.io/repo/) on device.

Method 3: Using jailbreak tools

Use jailbreak tools for setting boot-nonce generator:

1. Meridian for iOS 10.x;
2. backr00m or greeng0blin for tvOS 10.2-11.1;
3. Electra and ElectraTV for iOS and tvOS 11.x;
4. unc0ver for iOS 11.0-12.2, 12.4.x;
5. Chimera and ChimeraTV for iOS 12.0-12.2, 12.4 and tvOS 12.0-12.2, 12.4.

Activate tfp0, if jailbreak doesn't allow it

Method 1 (if jailbroken on iOS 9.2-9.3.x)

• reboot;
• reactivate jailbreak with Luca Todesco's JailbreakMe;
• done.

Method 2 (if jailbroken on iOS 8.0-8.1 with Pangu8)

• install this untether DEB-file with included tfp0 patch

Method 3 (if jailbroken on iOS 7.x with Pangu7)

• install this untether DEB-file with included tfp0 patch

Method 4

• Use cl0ver for iOS 9.x.

---

2) Prometheus (64-bit device) - ApNonce collision method (Recovery mode)

Requirements

• Device with A7 chip on iOS 9.1 - 10.2 or iOS 10.3 beta 1;
• Jailbreak doesn't required;
• Signing ticket files (.shsh, .shsh2, .plist) with a customly chosen ApNonce;
• Signing ticket files needs to have one of the ApNonces, which the device generates a lot;

Info

You can downgrade if the destination firmware version, if it is compatible with the latest signed SEP and baseband. You also need to have special signing ticket files. If