/Applications/Setup.app

From The iPhone Wiki
Revision as of 20:16, 7 June 2016 by GeoSn0w (talk | contribs) (Added Crash behavior on this app.)
Jump to: navigation, search
Setup.app running on an iPhone 5

This application uses Framework 7 style and starts automatically after a restore or if lockdownd detects the device to be Unactivated (e.g. by deleting content of activation_records within Lockdown folder, you can trigger this effect).

The file comes as a standard Apple Pre-installed .app file and it draws it's form as a pop up window. While this app is running, the /System/Library/CoreServices/SpringBoard.app app freeze. Apple implemented this to prevent crashes by flooding Setup.app with Emoji keys or by overloading it's browser components with Javascript loops.

As Setup.app is running it's window over /System/Library/CoreServices/SpringBoard.app, crashing this app will leave the /System/Library/CoreServices/SpringBoard.app opened and let the phone be usable as a normal one even if it is not activated (but it has no service)(see Baseband Brickstate).

Crashing this app unlocks /System/Library/CoreServices/SpringBoard.app processes as the crash will entirely close the Setup.

This app is started automatically by lockdownd file, and it's configuration files consists in Com.apple.purplebuddy.plist file that contains Setup.app progress. When setup is finished, this configuration file prevents Setup.app from showing up using these tags:

<key>SetupDone</key>
<true/>
<key>SetupFinishedAllSteps</key>
<true/>

Setting it to false might not trigger the Setup.app as lockdownd finds the activation ticket inside lockdown folder.

Crashing the Setup.app

Ever since Apple introduced it, it was a kind of problem as this app prevents you from activating the device if you buy it from a foreign country and you don't have the foreign SIM CARD, therefore, a lost of methods to overcome this app were created during its life.

[*] The Emoji Keys: Originally posted on YouTube, consists in flooding DNS / WiFi name fields with literally thousands of emojis. The Setup.app will crash rebooting the phone or going to /System/Library/CoreServices/SpringBoard.app. Apple has patched that method in iOS 9.2 [*] Button stressing: Consists in stressing out the Next> and <Back buttons in the same time until the app crashes. This behavior has been fixed in iOS 9.0 [*] Removing the app entirely: On A4 devices, due to their compatibility to limera1n (therefore the compatibility with @msftguy's SSH RD TOOL), you can SSH in DFU Mode to have access to the File System. Removing the app from /mnt1/Applications folder will redirect to /System/Library/CoreServices/SpringBoard.app. [*] Creating Custom-made firmware (CFW) with patched Setup.app: If you patch the application or anyway invalidate it, AMFI will not open it anymore thus redirecting to the Home Screen (/System/Library/CoreServices/SpringBoard.app). There are multiple ways you can patch the Mach-O app. This method still works.