iPad 4 (3,6 / A1460) still on iOS 7.1
#1
Hello,

I want to work on this device. Since it's still an old iOS the keys are available. However, the patch section on the page says that this device is not supported. I do have some assembly knowledge however. Would manual patching still be possible?

Thanks.
Reply
#2
(12-11-2016, 01:14 PM)mrQQ Wrote: Hello,

I want to work on this device. Since it's still an old iOS the keys are available. However, the patch section on the page says that this device is not supported. I do have some assembly knowledge however. Would manual patching still be possible?

Thanks.

If keys are available, then yes, you can find an XREF to the failed scenario and branching the instruction to the secondary scenario, the success case.

Quote:__text:00014204 loc_14204                               ; CODE XREF: sub_13AB4+61E�j
__text:00014204                                         ; sub_13AB4+73E�j
__text:00014204                 LDR     R3, =(off_235E8 - 0x1420A)
__text:00014206                 ADD     R3, PC
__text:00014208                 LDR     R3, [R3]
__text:0001420A                 LDR     R3, [R3]
__text:0001420C                 CMP     R3, #0
__text:0001420E                 BEQ     loc_1427A
__text:00014210                 LDR     R0, =(aImagePassedSig - 0x14216)
__text:00014212                 ADD     R0, PC          ; "Image passed signature verification"
__text:00014214                 BLX     _warnx
__text:00014218                 B       loc_1427A
__text:0001421A ; ---------------------------------------------------------------------------
__text:0001421A
__text:0001421A loc_1421A                               ; CODE XREF: sub_13AB4+622�j
__text:0001421A                                         ; sub_13AB4+628�j ...
__text:0001421A                 LDR.W   R0, =(aImageFailedSig - 0x14222)
__text:0001421E                 ADD     R0, PC          ; "Image failed signature verification"
__text:00014220                 BLX     _warnx
__text:00014224                 MOVS    R2, #0x50
__text:00014226                 B       loc_1426E
__text:00014228 ; ---------------------------------------------------------------------------
 
This is what you shall be looking for (Taken from The iPhone Wiki).
Reply
#3
Hi,

thanks for the reply. I will look at it, but so far, I'm still trying to understand how the flashing works. I looked at your videos about using idevicerestore, but for me it outputs an error TSS error 94.

Does that mean that I'm trying to use too old firmware and Apple does not allow that? In your video you're not doing anything specific, just trying to flash the result..
Reply
#4
(12-11-2016, 03:37 PM)mrQQ Wrote: Hi,

thanks for the reply. I will look at it, but so far, I'm still trying to understand how the flashing works. I looked at your videos about using idevicerestore, but for me it outputs an error TSS error 94.

Does that mean that I'm trying to use too old firmware and Apple does not allow that? In your video you're not doing anything specific, just trying to flash the result..

Yes, TSS error always means you are using a version that is no longer allowed by Apple. You can check the latest versions here: https://www.theiphonewiki.com/wiki/Firmware
Reply
#5
Ah, all makes sense now. So basically, the only version I can try to flash is the latest one. And since we don't have keys for it, then I can't even delete Setup.app... But in your latest videos you don't seem to be doing any dmg file decryption. You just replace setup.app with some custom folder... are you willing to share how you come up with this setup.app folder, so that I can recreate one for iPad 4?
Reply
#6
(12-11-2016, 04:12 PM)mrQQ Wrote: Ah, all makes sense now. So basically, the only version I can try to flash is the latest one. And since we don't have keys for it, then I can't even delete Setup.app... But in your latest videos you don't seem to be doing any dmg file decryption. You just replace setup.app with some custom folder... are you willing to share how you come up with this setup.app folder, so that I can recreate one for iPad 4?

Only iOS 9.x requires keys. iOs 10.x no longer requires any kind of keys for decryption.
Reply
#7
(12-11-2016, 05:43 PM)Geosn0w Wrote:
(12-11-2016, 04:12 PM)mrQQ Wrote: Ah, all makes sense now. So basically, the only version I can try to flash is the latest one. And since we don't have keys for it, then I can't even delete Setup.app... But in your latest videos you don't seem to be doing any dmg file decryption. You just replace setup.app with some custom folder... are you willing to share how you come up with this setup.app folder, so that I can recreate one for iPad 4?

Only iOS 9.x requires keys. iOs 10.x no longer requires any kind of keys for decryption.

ok... i'll try to download one of your patches and see what you've changed compared to the original firmware.
Reply
#8
(12-11-2016, 07:41 PM)mrQQ Wrote:
(12-11-2016, 05:43 PM)Geosn0w Wrote:
(12-11-2016, 04:12 PM)mrQQ Wrote: Ah, all makes sense now. So basically, the only version I can try to flash is the latest one. And since we don't have keys for it, then I can't even delete Setup.app... But in your latest videos you don't seem to be doing any dmg file decryption. You just replace setup.app with some custom folder... are you willing to share how you come up with this setup.app folder, so that I can recreate one for iPad 4?

Only iOS 9.x requires keys. iOs 10.x no longer requires any kind of keys for decryption.

ok... i'll try to download one of your patches and see what you've changed compared to the original firmware.

Drop me a note if you need help.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)

About Us
    Welcome to F.C.E. 365 Forum! This forum is a place where you can discuss technology at its finest. We provide you a place to ask questions or to read / watch various tech-related tutorials.