Giter VIP home page Giter VIP logo

tsschecker's Introduction

tsschecker

tsschecker is a powerful tool to check TSS signing status on combinations of
various devices and iOS/iPadOS/tvOS/watchOS/macOS firmware versions.

Features

  • Allows you to get lists of all devices as well as all Firmwares and OTA versions for a specific device.
  • Can check signing status for any firmware version (by specifying a BuildManifest.plist).
  • Works without specifying any device relevant values to check signing status, but can be used to save blobs when given an ECID and the option --print-tss-response (although there are better tools to do this).

tsschecker is not only meant to be used to check firmware signing status, but also to explore Apple's TSS servers. By using all of its customization possibilities, you might discover a combination of devices and firmware versions that is getting signed but wasn't getting signed before.

About nonces:

recommended generators for saving tickets:

  • 0xbd34a880be0b53f3 // used on Electra & Chimera jailbreaks
  • 0x1111111111111111 // used on unc0ver jailbreak

Nonce Entangling (Apple A12/S4 and newer)

Newer devices, like the iPhone XR or the Apple Watch Series 4 have nonce-entangling enabled.

this means the boot nonces generated by your device are now also UID derived, and consequently device-specific.
to save usable tickets for a newer device, you need to get the boot nonce that your device actually generates from your generator.

for information on how to get your actual boot nonce, see this post on r/jailbreak.

Nonce Collisions:

the Nonce Collision method only works on a few firmwares and devices, and isn't reliable.
it's better to save a ticket with a generator and use the checkm8 bootrom exploit.

Recovery Nonce Collisions only occur on a few iOS versions, like iOS 9.3.3 and iOS 10.1-10.2 on the iPhone 5s
and is not reliable as once you update, your device will either generate different nonce or not collide nonces anymore.

DFU Nonce Collisions commonly occur on any device using A7 and A8 chipsets, regardless of iOS version.
and is much more reliable than using recovery collisions.

Build

Install dependencies

To compile, run:

./autogen.sh
make
sudo make install

Help

Usage: tsschecker [OPTIONS]

Example: tsschecker -d iPhone10,1 -B D20AP -e [ECID] -i 13.4.1 --generator 0x1111111111111111 -s

option (short) option (long) description
-h --help prints usage information
-d --device MODEL specify device by its model (eg. iPhone8,1)
-i --ios VERSION specify firmware version (eg. 13.4.1)
-Z --buildid BUILD specific buildid instead of firmware version (eg. 17E255)
-B --boardconfig BOARD specific boardconfig instead of device model (eg. n71ap)
-o --ota check OTA signing status, instead of normal restore
-b --no-baseband don't check baseband signing status. Request tickets without baseband
-m --build-manifest manually specify a BuildManifest (can be used with -d)
-s --save save fetched shsh blobs (mostly makes sense with -e)
-u --update-install request update tickets instead of erase
-l --latest use the latest public firmware version instead of manually specifying one
especially useful with -s and -e for saving signing tickets
-e --ecid ECID manually specify ECID to be used for fetching blobs, instead of using random ones.
ECID must be either DEC or HEX eg. 5482657301265 or ab46efcbf71
-g --generator GEN manually specify generator in format 0x%%16llx
--apnonce NONCE manually specify ApNonce instead of using random ones
(required for saving blobs for A12/S4 and newer devices with generator)
--sepnonce NONCE manually specify SepNonce instead of using random ones (not required for saving signing tickets)
--bbsnum SNUM manually specify BbSNUM in HEX to save valid BBTickets (not required for saving blobs)
--save-path PATH specify path for saving shsh blobs
--beta request ticket for a beta instead of normal release (use with -o)
--list-devices list all known devices
--list-ios list all known firmware versions
--nocache ignore caches and re-download required files
--print-tss-request print the TSS request that will be sent to Apple
--print-tss-response print the TSS response that comes from Apple
--raw send raw file to Apple's TSS server (useful for debugging)

tsschecker's People

Contributors

0x15f avatar 0x9fff00 avatar 1conan avatar airsquared avatar alvarofe avatar arx8x avatar bryansuero avatar danthemann15 avatar doggy avatar encounter avatar kasiimh1 avatar malt3 avatar matteyeux avatar nikias avatar oothecapickle avatar paz avatar pythech avatar reloxx13 avatar s0uthwest avatar siguza avatar tihmstar avatar urherenow avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.