I finally brought a new iPhone, so the old 7p suddenly become useless. I’d like to make old gem shine again, after some research I found it actually can upgrade to 14.8 (Currently newest is 15.8), thanks to checkm8 and jailbreak.
Note: You must have blob(shsh) before doing this! You probably can find your shsh files from here or here.
0x1 Preparation
- shsh file for corresponding iOS version
- check if you iOS SEP compatible to newest SEP
- download the corresponding iOS firmware from here.
- Your device must be jailbroken or checkm8 compatible!
- download newest futurestore from here.
0x2 Setting generator
I’m just copying guide from Internet to here
- Open your package manager on your jailbroken iDevice
- Add repo.1conan.com to your sources
- Download and install dimentio
- Download and install NewTerm2
Now you have dimentio ready to set the generator of shsh file.
Open your shsh file and search for generator, copy the value (like 0xcfbba51669dedf6b from example below).
<key>generator</key>
<string>0xcfbba51669dedf6b</string>
<key>updateInstall</key>
Now open newterm2, and type following command (Remember to replace the generator to your value!):
sudo dimentio 0xcfbba51669dedf6b
And you’ll see a wall of text, at the very bottom you’ll find a line like
Set nonce to 0xcfbba51669dedf6b
And you’re good to go next.
Note: You can let futurestore set this automatically if your device is checkm8 compatible.
0x3 Futurestore
You will need a beta version of futurestore, the download button in GUI is broken for all system(I tried ubuntu/mac osx/windows)
Windows user:
- Download futurestore from here
- I do not recommend using windows for this task, it fails mysteriously while my phone in recovery mode
Linux user:
- Download futurestore from here
- Unzip it
Mac OSX user:
- Download futurestore from here
- Unzip it
Now open futurestore-gui you downloaded from step 1, select the futurestore binary to the binary you just downloaded.
0x4 Let’s GO?
I’ll copy some steps from Internet but what if you don’t have a mac osx or ubuntu machine?
- Click the
Select Blob File...
button and select your blob .shsh2 file - Click the
Select Target iPSW File...
and select your .ipsw file - Then click the Next button to navigate to the Options menu, make sure
Extra Logs
is enabled - If you are not downgrading, then it is safe to enable
Preserve Data
in the options menu in order to keep data. However, using it while downgrading may be dangerous - Do not enable
AP Nonce Collision
on any modern devices - Enable
No RSEP
- Click Next to navigate to the controls menu
- Click
Start Futurerestore
The basic process looks like above, but the problem is , what if you only have windows machine and futurestore keeps saying something like “Cannot find firmware url” blah blah?
Because that actually happen to me!
There is no way my Internet connection is broken or something, I can download the firmwares.json file correctly in temp folder from this url.
I found the log says something like Cannot find “IPhone 9,2” from device list… WTF, the string “iPhone 9,2” definitely in the json file downloaded above, I double checked that file from temp folder.
Also I try to debug the furturestore.exe with same arguments, but it works fine while debugging with IDA, it actually found the “iPhone 9,2” while debugging, doesn’t work while executing directly.
Since the IDA reports couples of memory errors and it just terminates the process, I cannot restore it with IDA debugged.
So what next? I don’t have a Ubuntu or Mac OSX machine.
0x5 Ubuntu bootable in usb?
I believe you probably would try something like “let’s burn a ubuntu bootable usb and try ubuntu“
Does it work? Yes but no.
It will work if you actually install the ubuntu into your current system drive and boot ubuntu from your system drive not usb.
Why?
Because the ipsw file is too large for ubuntu demo mode lmao.
Futurestore will try to unzip the ipsw file during restore process, and the default disk size for ubuntu demo mode is only 8GB!
The disk isn’t large enough for unzipping a 5GB ipsw file lol.
So even the futurestore doesn’t complain about the missing url thing and found the “iPhone 9,2” correctly, it will stop at “error decompress the firmware ipsw” or something like that.
Now the dilemma leaves you two options:
- Install the ubuntu or other linux directly in your machine, so you’ll have large enough disk space to decompress the ipsw
- Try a virtual machine
Since I don’t want to install ubuntu directly in my machine, I go the option 2
0x6 VMware to the rescue
Talking about virtual machine, you have two options:
- Ubuntu virtual machine
- Mac OSX virtual machine
I have both of them installed correctly in my windows host, but the ubuntu vm cannot recognize my 7p in recovery mode even it was connected correctly inside vm, idk why, probably some driver issue.
NOTE: Set USB preference in VMWare to “Connect the device to the foreground Virtual Machine”
Since I have a Mac OSX vm, I’m just gonna try that.
Download the furturestore for mac vm and repeat the step 4.
Finally it works!