由于此次漏洞最初并不支持4K设备 A7~A8,导致整个 5S系、6系全体设备支持情况欠佳。
随着顶层开发者对漏洞的完善,A7~A8 设备在iOS12 也能获取tfp0了。但由于工具开发者并未及时注意到此块用户,导致整体A7~A8一直都没有固定G值的工具出现。
这个情况于5天前被 Samg_is_a_ninja解决,Samg通过修改unc0ver文件,实现对老设备G值的固定。
简言之 在iOS12的老设备可以进行平刷,或者降级了(由于A7、A8设备SEP和iOS11.4.1相同,备份SHSH2的同学就能降级到iOS11实现稳定越狱)
另外:GeoFilza更新支持A7/8设备了。本消息推送时,iOS12全系设备均能使用文件管理器了。
工具下载:点击阅读原文前往。
使用教程:
1:拿到你之前备份的SHSH2文件,打开并复制G值
2:通过修改版unc0ver工具固定G值
填好后点JailBreak,即可写入Generator值
经过实际测试,仅支持12.1.1 12.1.2 12.1.1b3 其他12系统不支持
3:通过futurerestore 刷机
futurerestore过程很简单公式如下
./futurerestore -t blobs.shsh2 ipsw.ipsw –latest-baseband –latest-sep (Mac 版写法)
d:\futurerestore -t blobs.shsh2 ipsw.ipsw –latest-baseband –latest-sep (Win 版写法)
注意文版默认把工具放在d盘根目录下
仅虚修改红色部分即可
如果出错,按下面方法退出恢复模式即可
./futurerestore –exit-recovery
固定G值工具 点我下载
刷机工具futurerestore_229 点我下载
预祝大家恢复成功!
完整日志分享
MacBook-Pro:futurerestore haoer$ ./futurerestore -t blobs.shsh2 1.ipsw –latest-baseband –latest-sep -u
Version: b8af2bc72bcb54fe1e32084cad1644ef95aaaaa – 231
Libipatcher version: 61bd2d642245874aded5acb2df7cba3e815aaaaa – 61
Odysseus Support: yes
ERROR: normal_idevice_new: can’t open device with UDID 9720426f9b6efc3a79275be657634ac74a1aaaaa
[INFO] 64-bit device detected
futurerestore init done
reading ticket blobs.shsh2 done
Found device iPhone10,3 d22ap
user specified to use latest signed SEP (WARNING, THIS CAN CAUSE A NON-WORKING RESTORE)
[TSSC] opening firmware.json
[DOWN] downloading file https://api.ipsw.me/v2.1/firmwares.json/condensed
[TSSC] selecting latest iOS: 12.2
[TSSC] got firmware URL for iOS 12.2 build 16E227
[TSSC] o100 [===================================================================================================>100 [===================================================================================================>]
downloading SEP
100 [===================================================================================================>100 [===================================================================================================>]
[TSSC] opening /tmp/futurerestore/sepManifest.plist
[TSSR] User specified not to request a Baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1… response successfully received
user specified to use latest signed baseband (WARNING, THIS CAN CAUSE A NON-WORKING RESTORE)
downloading baseband
100 [===================================================================================================>100 [===================================================================================================>]
[TSSC] opening /tmp/futurerestore/basebandManifest.plist
[TSSR] User specified to request only a Baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1… response successfully received
Found device in Normal mode
Entering recovery mode…
INFO: device serial number is G0NW4EEPJCLF
Found device in Recovery mode
Identified device as d22ap, iPhone10,3
Extracting BuildManifest from IPSW
Product Version: 12.1.2
Product Build: 16C104 Major: 16
Device supports Image4: true
Got ApNonce from device: 27 32 5c 82 58 be 46 e6 9d 9e e5 7f a9 a8 fb c2 8b 87 3d f4 34 e5 e7 02 a8 b2 79 99 55 11 38 ae
checking APTicket to be valid for this restore…
Verified ECID in APTicket matches device ECID
checking APTicket to be valid for this restore…
Verified ECID in APTicket matches device ECID
Verified APTicket to be valid for this restore
Variant: Customer Upgrade Install (IPSW)
This restore will update your device without losing data.
Using cached filesystem from ‘1/048-40042-062.dmg’
Extracting iBEC.d22.RELEASE.im4p…
Personalizing IMG4 component iBEC…
Sending iBEC (981816 bytes)…
waiting for device to reconnect…
Getting SepNonce in recovery mode… 5a 9f b0 4a 61 79 1c cf 5d 26 69 e1 22 b4 66 ab da aa aa 58
Getting ApNonce in recovery mode… 27 32 5c 82 58 be 46 e6 9d 9e e5 7f a9 a8 fb c2 8b 87 3d f4 34 e5 e7 02 a8 b2 79 99 55 aa aa ae
[WARNING] Setting bgcolor to green! If you don’t see a green screen, then your device didn’t boot iBEC correctly
Recovery Mode Environment:
iBoot build-version=iBoot-4513.230.10
iBoot build-style=RELEASE
Sending RestoreLogo…
Extracting applelogo@3x~iphone.im4p…
Personalizing IMG4 component RestoreLogo…
Sending RestoreLogo (19932 bytes)…
Extracting 048-40327-062.dmg.trustcache…
Personalizing IMG4 component RestoreTrustCache…
Sending RestoreTrustCache (10605 bytes)…
ramdisk-size=0x20000000
Extracting 048-40327-062.dmg…
Personalizing IMG4 component RestoreRamDisk…
Sending RestoreRamDisk (107872315 bytes)…
Extracting DeviceTree.d22ap.im4p…
Personalizing IMG4 component RestoreDeviceTree…
Sending RestoreDeviceTree (179777 bytes)…
Extracting kernelcache.release.iphone10b…
Personalizing IMG4 component RestoreKernelCache…
Sending RestoreKernelCache (17642671 bytes)…
Trying to fetch new signing tickets
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1… response successfully received
Received signing tickets
About to restore device…
Waiting for device…
Device ffffffffffffffffffffffffffffffff00000139 is now connected in restore mode…
Connecting now…
Connected to com.apple.mobile.restored, version 15
Device ffffffffffffffffffffffffffffffff00000139 has successfully entered restore mode
Hardware Information:
BoardID: 6
ChipID: 32789
UniqueChipID: 4826212613161006
ProductionMode: true
Starting FDR listener thread
About to send NORData…
Found firmware path Firmware/all_flash
Getting firmware manifest from build identity
Extracting LLB.d22.RELEASE.im4p…
Personalizing IMG4 component LLB…
Extracting applelogo@3x~iphone.im4p…
Personalizing IMG4 component AppleLogo…
Extracting batterycharging0@3x~iphone.im4p…
Personalizing IMG4 component BatteryCharging0…
Extracting batterycharging1@3x~iphone.im4p…
Personalizing IMG4 component BatteryCharging1…
Extracting batteryfull@3x~iphone.im4p…
Personalizing IMG4 component BatteryFull…
Extracting batterylow0@3x~iphone.im4p…
Personalizing IMG4 component BatteryLow0…
Extracting batterylow1@3x~iphone.im4p…
Personalizing IMG4 component BatteryLow1…
Extracting glyphplugin@2436~iphone-lightning.im4p…
Personalizing IMG4 component BatteryPlugin…
Extracting DeviceTree.d22ap.im4p…
Personalizing IMG4 component DeviceTree…
Extracting liquiddetect@2436~iphone-lightning.im4p…
Personalizing IMG4 component Liquid…
Extracting recoverymode@2436~iphone-lightning.im4p…
Personalizing IMG4 component RecoveryMode…
Extracting iBoot.d22.RELEASE.im4p…
Personalizing IMG4 component iBoot…
Personalizing IMG4 component RestoreSEP…
Personalizing IMG4 component SEP…
Sending NORData now…
Done sending NORData
About to send RootTicket…
Sending RootTicket now…
Done sending RootTicket
Waiting for NAND (28)
Updating S3E Firmware (58)
Checking filesystems (15)
Checking filesystems (15)
About to send FDR Trust data…
Sending FDR Trust data now…
Done sending FDR Trust Data
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Creating filesystem (12)
About to send filesystem…
Connected to ASR
Validating the filesystem
Filesystem validated
Sending filesystem now…
[==================================================] 100.0%
Done sending filesystem
Verifying restore (14)
[==================================================] 100.0%
Checking filesystems (15)
Checking filesystems (15)
Checking filesystems (15)
Checking filesystems (15)
Checking filesystems (15)
Mounting filesystems (16)
Mounting filesystems (16)
Mounting filesystems (16)
Mounting filesystems (16)
About to send KernelCache…
Extracting kernelcache.release.iphone10b…
Personalizing IMG4 component KernelCache…
Sending KernelCache now…
Done sending KernelCache
Installing kernelcache (27)
About to send DeviceTree…
Extracting DeviceTree.d22ap.im4p…
Personalizing IMG4 component DeviceTree…
Sending DeviceTree now…
Done sending DeviceTree
Certifying Savage (61)
Flashing firmware (18)
[==================================================] 100.0%
Unknown operation (36)
About to send FUD data…
Found FUD component ‘AOP’
Extracting aopfw-iphone10baop.im4p…
Personalizing IMG4 component AOP…
Found FUD component ‘AudioCodecFirmware’
Extracting D22_CallanFirmware.im4p…
Personalizing IMG4 component AudioCodecFirmware…
Found FUD component ‘Multitouch’
Extracting D22_Multitouch.im4p…
Personalizing IMG4 component Multitouch…
Found FUD component ‘RestoreTrustCache’
Extracting 048-40327-062.dmg.trustcache…
Personalizing IMG4 component RestoreTrustCache…
Found FUD component ‘StaticTrustCache’
Extracting 048-40042-062.dmg.trustcache…
Personalizing IMG4 component StaticTrustCache…
Sending FUD data now…
Done sending FUD data
Updating gas gauge software (47)
Updating gas gauge software (47)
Updating Stockholm (55)
Unknown operation (36)
About to send FUD data…
Found FUD component ‘AOP’
Extracting aopfw-iphone10baop.im4p…
Personalizing IMG4 component AOP…
Found FUD component ‘AudioCodecFirmware’
Extracting D22_CallanFirmware.im4p…
Personalizing IMG4 component AudioCodecFirmware…
Found FUD component ‘Multitouch’
Extracting D22_Multitouch.im4p…
Personalizing IMG4 component Multitouch…
Found FUD component ‘RestoreTrustCache’
Extracting 048-40327-062.dmg.trustcache…
Personalizing IMG4 component RestoreTrustCache…
Found FUD component ‘StaticTrustCache’
Extracting 048-40042-062.dmg.trustcache…
Personalizing IMG4 component StaticTrustCache…
Sending FUD data now…
Done sending FUD data
Updating baseband (19)
About to send BasebandData…
Sending Baseband TSS request…
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1… response successfully received
Received Baseband SHSH blobs
Sending BasebandData now…
Done sending BasebandData
Updating Baseband in progress…
About to send BasebandData…
Sending BasebandData now…
Done sending BasebandData
Updating Baseband completed.
Updating SE Firmware (59)
Extracting Stockholm4.RELEASE.sefw…
Sending SE TSS request…
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1… response successfully received
Received SE ticket
Sending FirmwareResponse data now…
Done sending FirmwareUpdater data
Updating Savage (60)
Sending Savage TSS request…
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1… response successfully received
Received Savage ticket
Extracting Savage.B2-Prod.fw…
Sending FirmwareResponse data now…
Done sending FirmwareUpdater data
Fixing up /var (17)
Modifying persistent boot-args (25)
Updating Savage (60)
Updating Savage (60)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Got status message
Status: Restore Finished
Cleaning up…
DONE
Done: restoring succeeded.
更多精彩 评论 与 互动
欢迎搜索/扫码关注 雷锋源公众微信号 “雷锋源中文网”
如需需要正品配件、原装电池、精品手机壳 贴膜 欢迎前往 雷锋便民小卖部
小卖部直通车:点我前往
未经允许不得转载:雷锋源中文网 » iOS12 A7/A8 固定Generator值 图文教程
苹果6可以越狱了吗
要看系统
请问,怎么刷机啊?把固件放在D盘?还是futurerestore的哪个文件夹里面?
d:\futurerestore -t blobs.shsh2 ipsw.ipsw –latest-baseband –latest-sep (Win 版写法)
这里的blobs是要改成什么?自己的固定值吗?
后面的ipsw是要改成固件文件的名字吗?
A9处理器可以降级吗
来个具体教程啊,老铁
为什么出现unable to send ibec
我的7P,目前是12.01已越狱,那个越狱软件设置中G值是0x1111111111111111。然后刚从雷锋源中装了备份shsh2工具,备份出的12.11bete里G值也是 0x111111111111,是不是就不用改了?从iOS8以后就没接触越狱了,谢谢指导。另外,我在爱思助手里备份的shsh2有12.01的
请问,iOS12.1.3有办法降级回iOS10或者11吗?这个方式可以吗