Donnerstag, 8. September 2016

prometheus downgrade and nonce collision

Hello everybody,
as some of you might have heared already i've been working on something called prometheus.
Prometheus is much like odysseus a technique for downgrading.
With prometheus it is possible for the first time to downgrade 64bit devices!
A lot of people asked if this is 64bit only and if it's only for iPhone5s.
No it's not, but as this is the first tool to downgrade 64bit devices i'm focusing on that first.
32bit devices are supported by this technique and also are all 64bit devices.
The second question people asked is whether a jailbreak is required for downgrading.
The answer is: for some devices a jailbreak is neccessary, for some it's not.

The problem is i have no idea when a jailbreak is definetly required and when you can also downgrade without jailbreak.
Downgrade with jailbreak is always more likely to be possible than without, that means if you can't downgrade without a jailbreak, there is a chance you still can with a jailbreak.
My iPhone5s does not need a jailbreak, but all my other devices do need one.
I tried an iPhone5s from a friend and his iPhone can't be downgraded without a jailbreak.

I have no idea what is causing this, this is why i need your help!
So the basic idea of this tool is to run a replay attack of your saved APTicket much like in the good old days with iOS 4. Since iOS5 when APTicket were introduced there is a nonce stopping you from "simply replaying the APTicket".
So to be able to replay the APTicket we have to make the device to regenerate the same nonce.
There are two ways (i know of) to make the device regenearet the same nonce.
One requires a jailbreak and one if simply bad randomness.

So for reasons i don't know, my iPhone5s generates a few nonces over and over again so i can simply request a ticket for that nonce as long as it's signed and then keep rebooting it until i get the same nonce. Then i can just replay that APTicket and start the downgrade.
Of course there is more to downgrading than just replaying the APTicket with the nonce, for example there is still SEP and the Baseband. Just don't worry about that i got a plan for this.

Let's focus on the ApNonce for a now.
I need you help to figure out more about this bad randomness.
There is a tool i coded which is called "noncestatistics".
You can download it here: (OSX) https://github.com/tihmstar/noncestatistics/releases/tag/0.2
SHA1 (a1c0f78ad8b3c49bd10ea62006e551080cff5f81)
Sourcecode: https://github.com/tihmstar/noncestatistics

That tool will put your device in recovery mode, read out the ApNonce and write it to a file. Then it will reboot, read the nonce again and again write it to a file. This will continue until you stop it with Ctrl-C. Then it will reboot your device into normal mode and you can use it as if nothing happened. This is completely save. You can use -h for help.
 (in case something doesn't work you can set -a parameter to only set auto-boot to true)
If you want to help me, get this tool, connect your devices let it generate like 1000 or more nonces and email them to me (tihmstar@gmail.com). Make sure to write in the mail what device you're using and what iOS version is installed.
Maybe with this info we can figure out how we can use this for future downgrades.
Also you can do "noncestatistics -s FILE" to figure out what nonce is the one generated the most often (if there is any) and always request and APTicket for that nonce with tsschecker.

That's about it for this post,
stay tuned for more information

greets
tihmstar