Donnerstag, 22. Dezember 2016

Are my shsh2/shsh files valid?

Note: i'm only refering to 64bit devices/shsh2/shsh files in this post.

Hello everyone,
last week we had a lot of news about jailbreaking.
The main things where the iOS 10.1.1 exploits by Ian Beer, the upcoming iOS 10.1.1 jailbreak by @qwertyoruiop and of course a bunch of updates about prometheus.
Prometheus not only allows downgrading, but also upgrading your device to a version which is not signed by apple anymore.
Since many people were jailbroken on iOS 9 already and didn't want to upgrade to iOS 10.1.1 and not be jailbroken for an unknown time, they were looking into using prometheus for updating to 10.1.1 once jailbreak is stable.
To prepare for the upgrade using prometheus shsh2 files needed to be saved while 10.1.1 was still signed. (Right now 10.1.1 is not signed anymore)
A lot of tools and wrappers around tsschecker where released which where meant to make saving shsh2 files easy for everyone. I'm totally fine with that, i don't mind if anyone makes a fancy gui around tsschecker, which makes saving shsh2 files for non-tech people easy. Though you should keep in mind that if a dev messes up anything there is a chance you can't use these shsh2 files. I can't and won't give support for anything but tsschecker, please don't ask me what error X means in tool Y and whether it worked or not.
That being said, let me try to answer most common questions:

Q: I get this error in tsschecker, does that mean saving blobs failed?

[Error] [TSSC] ERROR: device "iPhone8,2" is not in bbgcid.json, which means it's BasebandGoldCertID isn't documented yet.
If you own such a device please consider contacting @tihmstar ( to get instructions how to contribute to this project.
[TSSR] WARNING: there was an error getting BasebandGoldCertID, continuing without requesting Baseband ticket
A: No everything is fine. This error tells you that your BasebandGoldCertID is not documented. This means tsschecker can't save a baseband ticket. When i started tsschecker i wanted to make a tool to actually check signing status, as well as sending customizable requests to the tss server, to see what it responds. Later in time i figured that saving the ticket is a handy feature so i implemented that too. A baseband ticket can not be used for anything useful at the moment. It is not needed for prometheus, so if you care about using these blobs for prometheus, you can savely ignore this.

Q: I saved a bunch of shsh2 files using some scripts which gave me a bunch of folders, do i need all of them or can i delete all but one?
A: You should never delete blobs you got! I didn't look at all those script and i don't know what exactly they are saving, but better you saved some blobs more than you need, than regreting having deleted the only blob you really need.

Q: I saved shsh files with savethemblobs, or some other tool. Are they valid? Can i still use them for prometheus?
A: I'll explain in a sec how to check if shsh are valid.
Can they be used with prometheus?
Short: No
Long:  Well it depends. Prometheus needs to make your phone somehow regenerate the nonce inside the apticket (shsh file) to be able to accept it. There are two ways of doing this:
1. write the generator for that nonce to nvram using a jailbreak+nonceEnabler
2. reboot your phone until it regenerates that nonce. Only works if you picked one of the nonces which are generated really really often and requested a ticket for that purposely. If you don't know what that means you probably didn't do it and can't use this method. Also tsschecker is the only tool i know of where you can manually specify a APNonce you want a ticket for.
For the first method you need to know the generator for the nonce. It is not possible to calculate a generator from a nonce, you can only calculate a nonce based on a generator. What tsschecker does is choose a random generator, derive a nonce from that and request a ticket. Then both is saved inside the shsh2 file. This is also the reason why generator is not saved when you manually specify an APNonce to get a ticket for.

Q: What's the difference between shsh2 and shsh files?
A: As seen in the answer of the previous question, shsh2 additionally saves generator (if possible), whereas shsh does not. Beside of that, the files are identical.

Are my shsh files valid? Can they be used for prometheus?
The first answer i gave to this question was "yes". I was thinking that the only thing someone could mess up is either something with the ECID or APNONCE. In case the user entered the wrong ecid the device would simply not accept the ticket. In that case you could still exit recovery and boot up normal (and wouldn't loose jailbreak in case you're jailbroken). If the user messed up something with the generator or the APNonce, the device also would reject the ticket. Again you'd still be able to exit recovery and wouldn't loose jailbreak.

Now this all does apply to iOS 9 and below, but iOS 10 is a bit different.
With iOS 10 Apple being a dick, changed stuff in APTickets. A new element called "OS" was introduced and included inside the tssrequest.

It's the hash of the filesystem being restored (or something like this), which is now also included in the APTicket.
The problem here is that even if the tss request does not include the "OS" tag, the server would return a APTicket without including the OS hash.
You get an APTicket response and think you're fine right? Nope!
When trying to restore with that APTicket the device tries to validate the filesystem hash inside the APTicket, but fails because it can't find any. Unfortunately this happens after the disk has been wiped and formatted, so if the restore fails at that point you end up with no filesystem. This means there is nothing to boot except recovery, which means you need to perform a clean restore (updating to the latest signed version).

I remember tsschecker had a bug where it would get you a ticket without OS tag, but that has been fixed long time ago with tsschecker 1.0.4. You can take a look at the changes here
Also 1.0.5 fixed a bug where generator wasn't saved so you're fine if you used tsschecker 1.0.5 or later.
If you recently saved your shsh2 files with tsschecker you're pobably fine, if you look closely tsschecker 1.0.5 was released on 29 Sep. That's the story with tsschecker, but i don't know if the other tools were also updated to include OS in their requets.

But how do i know if the OS tag was included in my APTicket or not?
Well, img4tool comes to the rescue!
But until i fully implemented the --verify option (nonexisting at the time of writing), to check everything i want to be checked, you need to verify manually.

Let's take a look at an iOS 10.2 ticket with "img4tool -a -s my_10.2_ticket.shsh2"
(Note: use -a to see all entries of the manifest inside the ticket)

When using -a you get a bunch of these lines. I checked my tickets and those which were requested with OS to have the "rosi" tag whereas those which were requested without OS don't have that tag.

So do i simply check for that tag to be inside my shsh2 file?
I guess yes.
If you can't find that tag inside your shsh2 file, your files are invalid and a restore will probably fail.
If you see that tag inside your shsh2 file then your files are probably fine.
I can't gurantee that your restore won't fail, but this is the best i can come up with.

I would recommend to everyone who is planning to use prometheus:
Don't rush the restore and wait for someone to verify it's working. I know there are a lot of people who can't wait and want to be beta tester, but if you're not one of those people you should wait a few days and see how the beta tester are going. It is not likely that the restore will fail if your APTicket is valid, it worked for me several times, but it's also not impossible that there is some bug.
In case there are any bugs in prometheus i can try to fix them and if you don't rush restoring all at once then it's more likely that possible bugs are found before you attempt to restore.

I hope this post cleared up a bit more confusion, than it caused
if you have questions, send me a tweet or ask in /r/jailbreak