stackoom
  简体   繁体   中英

How can I install an unsigned iOS version on an iPhone?

 原文  2020-12-03 10:05:55       ios/ iphone/ jailbreak

Question

I'm using several devices using older iOS versions to test my apps on actual hardware during development (some features that use the camera or certain Core Image APIs don't work on the simulator). My last app will drop support for iOS 11 soon, and so I'd like to upgrade an iPhone SE that runs iOS 11 to iOS 13.

The IPSW files can be downloaded from websites like ipsw.me , but apparently there is no official way to install such an upgrade, as Apple no longer signs these firmwares. Is there a way to bypass this limitation?

2 answers

solution1
 8 ACCPTED  2020-12-03 21:33:06

In practice, you can't.

In theory, there are three ways:

  1. Become an Apple employee.
  2. Break RSA.
  3. Find a vulnerability in Apple's boot chain.

Assuming number 1 and 2 are not feasible for you, let's look at the third option. All iPhones up to and including the iPhone 8 and X do actually have a known BootROM vulnerability - the one for A5-A11 chips is called checkm8 . There's a couple of issues with that though:

  • The bug is in the DFU portion of the BootROM, so in order to use it, you have to put your device into DFU on each boot. You can't just "install" an OS and be done with it.
  • The bug only affects the Application Processor, not the Secure Enclave. So you'd have to patch the system to either update the code that is responsible for talking to the SEP so that it works with a currently signed firmware, or to not talk to the SEP at all.

Now there is another vulnerability called blackbird - this time in SEPROM. It's limited to A8-A10 chips (which would include your iPhone SE), and allow two potential solutions:

  • Apple's firmware signatures tie a particular version to a particular device. If you had previously saved such a signature while Apple was handing them out, you could use these two bugs to downgrade to such a version, and then continue to use it without a jailbreak.
  • If you had not saved such a signature for your device, you could still load an unsigned SEPOS firmware via DFU, so you could at least boot old versions tethered.

And now for a self-plug: I'm on the development team of the checkra1n jailbreak and we do plan to implement a reasonable interface for the aforementioned procedures - but we're still quite a way off, and not our top priority.

So for the time being: you can't install unsigned versions.

solution2
 0  2021-08-13 14:40:47

There are 3 main requirements:

  1. have shsh2 blobs for the version you're going to restore to
  2. the SEP and Baseband of the version you're going to restore to is compatible with a signed version
  3. have a jailbreak to set nonce.

to answer some questions you may have: if you havent saved shsh2 blobs for an unsigned version, you can't get one.

you can see what versions SEP and Baseband are compatible with the latest here make sure you are reading the readme of the test branch, not the master branch

for any more questions, you can ask in the r/jailrbeak discord, people will happily answer you

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I install my unity IOS game to my iphone Can I use iPhone 5 (version 10.3.4) for flutter iOS debugging? How do I install a specific iPhone simulator SDK version in XCode? How do I get the p12 key for iOS so i can install my app on my Iphone to test it? iOS - Install unsigned .ipa on device How to install an old version of TestFlight on an iPhone 6 How can I build/install/run a server program to communicate with the iPhone? How can I install a Flutter app on iPhone in Windows? How can I install an iOS app in iOS device without Macbook? How can I find the version number of an iPhone app from the IPA?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM