futurerestore

From The iPhone Wiki
Revision as of 20:40, 19 June 2021 by Dabezt (talk | contribs) (Notes: Told users to look at options if they want to see how to manually specify)
Jump to: navigation, search

futurerestore is a tool to downgrade, upgrade, and/or restore to unsigned versions of iOS, iPadOS, and tvOS. Contrary to popular belief, futurerestore in itself is not a restoring tool, rather a wrapper for idevicerestore that allows manually specifying the SEP and Baseband firmwares for restoring.

Futurerestore
Original author(s) tihmstar
Developer(s) tihmstar, Cryptic, Adam (m1stadev)
Initial release 14 September 2016; 8 years ago
Stable release 194 (macOS, Windows, Linux) / 2 March 2021; 3 years ago
Development status Active
Operating system macOS / Windows / Linux
Available in English
Type Restoring

Methods

FutureRestore most commonly uses the Prometheus method, which utilises a replay attack in Apple's APTicket restore verification system. Any APTicket depends on the following conditions to be consistent with the device the ticket is being used to restore:

If any of the following conditions are not met, the replay attack will fail and the AP will refuse to flash the firmware onto the device.

Requirements

The following are requirements in order to use futurerestore:

  1. A valid APTicket for your device and firmware version you want to restore to.
  2. The IPSW of the target firmware that you want to restore to for your device
  3. A way to set your device's boot-nonce (see note below)
  4. A signed SEP and Baseband which is compatible with the target firmware for your device

Notes

  • If your device uses an Apple A11 or older, you can use ipwndfu and libirecovery to upload a pwned iBSS and set your boot nonce,
    but all newer devices using an Apple A12 or newer must use a jailbreak to set their boot nonce, as it is entangled with the UID Key.
  • The SEP and Baseband firmware MUST be compatible with the firmware version you are restoring to or the restore will fail.

Options

futurerestore has several options, these include:

  • -u/--update: This option keeps user data. It should generally not be used when downgrading as it may lead to various issues, including corrupted [/var] leading to a recovery mode loop.
  • --no-baseband: This option does not flash a baseband. It should only be used for iPods and WiFi-only iPads.
  • --exit-recovery: This option exits the device out of recovery mode.
  • -w/--wait: This option Keeps rebooting the device until the ApNonce matches the APTicket. It's meant for legacy devices on older iOS versions. You have a practically zero chance of hitting a collision on modern devices and iOS versions.
  • -s/--sep [PATH]: this option allows you to manually specify SEP. SEP files are usually named in this format: sep-firmware.(boardconfig).RELEASE.im4p and can usually be found in the /Firmware/all_flash/ directory of an IPSW. after typing -s /path/to/sep.im4p, you must also type -m /path/to/firmware/buildmanifest.plist
  • -b/--baseband: this option allows you to manually specify Baseband. baseband files usually begin with MAV/ICE and end in .bbfw. They're usually found in the /Firmware/ directory in IPSW files. After using -b /path/to/baseband.bbfw, you must also type -p /path/to/firmware/BuildManifest.plist

Restoring

There are two main ways to use futurerestore, CLI and GUI.

CLI

Download or Compile Futurerestore for your OS.

Newer test builds are available from the test branch. This may be needed for some A14 devices and Wi-Fi only iPads. In order to get the newer builds, open the test branch link, press on the newest workflow run, scroll down to "artifacts" and choose the one appropriate for your OS.

---Open a terminal or command prompt, then write in the following command:

/path/to/futurerestore -t /path/to/ticket.shsh2 --latest-sep --latest-baseband -d /path/to/firmware.ipsw


Notes

  • While -d is optional, it may be harder to troubleshoot without it, as it gives more information on what's happening.
  • Instead of --latest-sep and --latest-baseband, you can also specify the SEP and baseband you want to use, however it still needs to be signed, and you have to manually download the IPSW and extract it. This is rarely ever necessary, as iOS versions older than the latest are generally unsigned within a week nowadays. See the options section above to learn more about manually specifying SEP and BB

GUI

Download FutureRestore-GUI then select the IPSW and SHSH2 blobs. It's recommended to have "Extra logs" enabled so we can better help diagnose any issues. If you are upgrading or re-restoring, it's ok to turn on "Preserve Data", however make sure to restore rootfs before doing so.

Frgui screenshot.png

History

Version Date Changes
194 2 March 2021
  • Fix Windows compilation
  • Fix restoring for devices with multiple boardconfigs (A9 devices)
  • Fix --exit-recovery
193 1 March 2021
  • Fixed restoring devices without cellular capabilities (like iPods or wifi-only iPads).
189 13 February 2021
  • Update idevicerestore submodule to support iOS 14