Hello everybody,
thank you very much for everyone who sent me nonces!
I wanted to research these collisions a bit and now i want to share what i found out so far.
Here are all collisions inside the files i got: https://ghostbin.com/paste/6k62b
It is also interesting that there are collisions between different devices of the same model, with different iOS versions.
You can see thoses stats here: https://ghostbin.com/paste/p74ng
This means that we can use an iPhone5s to generate nonces and find out which nonces are generated the most often with given iOS version. Then other people with iPhone5s can request APTickets with that nonce and hope that they will eventually get that nonce.
You don't need to send me any more nonces.
But you should still take your device, run it for a few hours and check what nonce is generated the most often. In case you're lucky and there is a nonce which repeats every now and then, you should definetly grab tsschecker and grab tickets for that specific apnonce (you can do that with --apnonce parameter), because that means you'll likely be able to downgrade without jailbreak!
Warning: i noticed that nonces change when updating to iOS 10, which means there are different nonces which repeat on my device.
In order to downgrade you need to have the device generate the same nonce you got the APTicket for.
In case your device does not generate collisions you should request some tickets with these nonces:
603be133ff0bdfa0f83f21e74191cf6770ea43bb
352dfad1713834f4f94c5ff3c3e5e99477347b95
42c88f5a7b75bc944c288a7215391dc9c73b6e9f
0dc448240696866b0cc1b2ac3eca4ce22af11cb3
9804d99e85bbafd4bb1135a1044773b4df9f1ba3
this will allow you (unless apple does significant changes to their bootloaders) to downgrade with a jailbreak.
Make sure to request tickets with these nonces even if your device does generate collisions. It doesn't hurt ;)
Stay tuned for more updates
greets tihmstar
