Skip to content

Instantly share code, notes, and snippets.

@Orangera1n
Last active September 28, 2024 06:09
Show Gist options
  • Save Orangera1n/fa3ca03d6aa9f5be963fd3b72c3f4225 to your computer and use it in GitHub Desktop.
Save Orangera1n/fa3ca03d6aa9f5be963fd3b72c3f4225 to your computer and use it in GitHub Desktop.
How to activate a device on iOS 15 that was futurerestored on 16 sep

whatisthisthisthisthisthisthis?

This is a guide on how to activate ur idevice on ios 15 (maybe ios 14 idk) when its futurerestored on 16 sep.

DISCLAIMER: I am very aware people might use this to bypass icloud, but I am NOT encouraging you to bypass icloud.

ALSO: THIS IS RECOMMENDED FOR ADVANCED USERS ONLY, i am not responsable for ur device being broken (tho idk how it becomes broken via this)

also, i've only tested this on macOS, might work on linux tho if u replace darwin with linux and shit.

if you need halp, joion this: https://discord.gg/BNXR8EjETH

You will need

You will need this file: https://cdn.discordapp.com/attachments/1020892312756293695/1102082543253205012/mobileactivationd

You will need the latest version of palera1n for ur platform (only tested on macOS)

You will also need to run this command: git clone -b NormalRamdisk --recursive --depth=1 --shallow-submodules https://github.com/Orangera1n/ramdisk.git

Important info

I am NOT (yet) aware of this working on iOS 14 but it prob will cause ios 14 suffers from the same issue, but the solution is diffirent.

this ONLY works on checkm8 devices, meaning iPhone XS/XR and up, iPad mini 5 and up, iPad air 3 and up, iPad pro 2018 and up, and iPad 8th gen and up are NOT supported. This will NOT work on the iPhone X due to 16 sep breaking restores on it for 15/14.

also, don't use this for bypassing icloud, thanks

Part 1: Preparing.

1st step, unless ur using a tethered downgrade, if ur already on ios 14/15, DUMP BLOBS via ./sshrd.sh dump-blobs, if you already have blobs, copy em.

Restore ur idevice to 16.4.1 or whatever the latest version of 16 is, because we will need to activate the device to get records.

Then activate device, as we are legimately activiting to grab a few files.

Part 2: grabbing files

after cloning my sshrd_script fork and cding into the direcrtory, run

./sshrd.sh 16.0

./sshrd.sh boot

./sshrd.sh ssh

You will then need to run: mount_filesystems

You will need to run: mkdir ~/Desktop/Actiation

You will also need FileZilla and put these settings: Screenshot 2023-04-27 at 4 09 09 PM

Password is alpine

You need to go to /mnt2/containers/Data/System and enter each folder, then the library folder, until you see the folders called "activation_records" and "internal", and download the files inside both folders to the Activation folder on ur desktop.

You also need to go to /mnt2/mobile/Library/Fairplay and download the whole folder.

You also need to go to /mnt2/wireless/Library/Preferences/ and download the com.apple.commcenter.device_specific_nobackup.plist file to the folder.

Prep done, now we do the actual activation.

Part 3: Activating

First futurerestore to whatever 14/15 ver u have, i don't feel like explaining how lol.

Next step, run sudo chmod -R 755 [drag n drop activation folder from desktop] and enter ur password

Then u run palera1n -c -f to create fakefs, then run palera1n -f to jailbreak

Now rerun these commands: ./sshrd.sh 14/15 fw

./sshrd.sh boot

./sshrd.sh ssh

mount_filesystems

And run mount to see the latest /dev/disk0s1s* number, if its 7, run mount_apfs /dev/disk0s1s8 /mnt8, if not, run mount_apfs /dev/disk0s1s7 /mnt8

Then run:

ldid -e /mnt8/usr/libexec/mobileactivationd > ents.xml

mv /mnt8/usr/libexec/mobileactivationd /mnt8/usr/libexec/mobileactivationd_backup

Now use filezilla via the previous instructions to upload the mobileactivationd in the guide to /mnt8/usr/libxeec on the device, then run:

chmod 755 /mnt8/usr/libexec/mobileactivationd

ldid -Sents.xml /mnt8/usr/libexec/mobileactivationd

reboot

Then Complete setup as normal, and use the palera1n loader to install Sileo, then open Sileo and install openssh.

Then boot back into the ramdisk via: ./sshrd.sh boot

./sshrd.sh ssh

and run mount_apfs /dev/disk0s1s8 /mnt8 or if u have no baseband partition, run mount_apfs /dev/disk0s1s7 /mnt8

then run mv /mnt8/usr/libexec/mobileactivationd_backup /mnt8/usr/libexec/mobileactivationd

then run reboot

then run palera1n -f

and run <code./sshrd.sh ssh

then run cd /var/containers/Data/System and find /private/var/containers/Data/System -name internal

then run rm -rf BOTH of the container numbers (EXcluding internal)

then reboot again and try to activate

then run palera1n -f

then run Darwin/iproxy 2222 22, EITHER RESULT IS FINE BTW

then download this script: https://cdn.discordapp.com/attachments/1020892312756293695/1102081527900274688/activate.sh

then cd into the Darwin directory and copy it there

then run chmod +x activate.sh

then run ./activate.sh

Then reboot

@kjutzn
Copy link

kjutzn commented Mar 16, 2024

I don't have mobileactivationd archived but you don't need it you can just use sshrd (https://github.com/kjutzn/Cry-Ptex1)

Here is the activate.sh file:
`
./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 rm -rf /var/mobile/Media/Downloads/1

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 rm -rf /var/mobile/Media/1

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mkdir /var/mobile/Media/Downloads/1

./sshpass -p alpine scp -rP 2222 -o StrictHostKeyChecking=no ~/Desktop/Activation root@localhost:/var/mobile/Media/Downloads/1

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mv -f /var/mobile/Media/Downloads/1 /var/mobile/Media

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chown -R mobile:mobile /var/mobile/Media/1

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod -R 755 /var/mobile/Media/1

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 644 /var/mobile/Media/1/Activation/activation_record.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 644 /var/mobile/Media/1/Activation/data_ark.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 644 /var/mobile/Media/1/Activation/com.apple.commcenter.device_specific_nobackup.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 killall backboardd sleep 12

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mv -f /var/mobile/Media/1/Activation/FairPlay /var/mobile/Library/FairPlay

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 755 /var/mobile/Library/FairPlay

ACT1=$(./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 find /private/var/containers/Data/System -name internal)

ACT2=$(./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 find /private/var/containers/Data/System -name activation_records)

echo $ACT1

ACT2=${ACT1%?????????????????}

echo $ACT2 ACT3=$ACT2/Library/internal/data_ark.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chflags nouchg $ACT3

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mv -f /var/mobile/Media/1/Activation/data_ark.plist $ACT3

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 755 $ACT3

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chflags uchg $ACT3

ACT4=$ACT2/Library/activation_records

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mkdir $ACT4

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mv -f /var/mobile/Media/1/Activation/activation_record.plist $ACT4/activation_record.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 755 $ACT4/activation_record.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chflags uchg $ACT4/activation_record.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chflags nouchg /var/wireless/Library/Preferences/com.apple.commcenter.device_specific_nobackup.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 mv -f /var/mobile/Media/1/Activation/com.apple.commcenter.device_specific_nobackup.plist /var/wireless/Library/Preferences/com.apple.commcenter.device_specific_nobackup.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chown root:mobile /var/wireless/Library/Preferences/com.apple.commcenter.device_specific_nobackup.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chmod 755 /var/wireless/Library/Preferences/com.apple.commcenter.device_specific_nobackup.plist ./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 chflags uchg /var/wireless/Library/Preferences/com.apple.commcenter.device_specific_nobackup.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 launchctl unload /System/Library/LaunchDaemons/com.apple.mobileactivationd.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 launchctl load /System/Library/LaunchDaemons/com.apple.mobileactivationd.plist

./sshpass -p alpine ssh -o StrictHostKeyChecking=no root@localhost -p 2222 ldrestart
`

@frankpanduh
Copy link

Cry-Ptex1 didn’t work for me. It relies on SSHRD but SSHRD fails in the last steps. With both cry-ptex1 and SSHRD.

Found the USB handle. main: Starting... iOS 16 iBoot detected! getting get_sigcheck_patch() patch main: Error doing patch_rsa_check()! [-] An error occurred

then it tried to edit my known_hosts even though it failed to build RAM disk.

@AppleVegas
Copy link

I was successful downgrading iPad 5 from iPadOS 16.7.7 to 15.7 using this method and SSHRD. Cellular and iCloud both work fine if you're setting up file permissions/owners correctly. But I am having troubles with Touch ID since it resets every reboot. It works if I set it up, but after a reboot it's as if I never set it up in the first place.
Also the iCloud keychain and adding VPN configurations seem to be affected by this, they both don't work.

@hiylx
Copy link

hiylx commented Sep 28, 2024

You can use https://github.com/hiylx/icera1n/ to do this even on linux

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment