Tutorial Downgrade to 12.1.1b3( if you haven’t yet)

Glavar94 · March 17, 2019

Spoiler

Currently, 12.1.1 Beta 3 is open and has been closed and repeating the situation.

In this situation, the probability of successful restoration is very low.

ApTicket, the first entry process, succeeds in receiving server responses, but there are still baseband and SEP server requests.

These remaining steps require a successful server response to be restored.

But it takes a tremendous amount of timing and extraordinary luck, and if it fails, it will waste time.

So, this time, I try to post a way to make the recovery succeed by catching the timing when the signing was opened.

(It is based on Windows.)

Install Charles.

Run Charles

Run iTunes and try to switch to 12.1.1 Beta3 with Shift + Update. (The first attempt will naturally fail to restore, Shift+Restore can be impossible due to activation process.)

Verify that http://gs.apple.com/TSS/controller?action=2 addresses appear in Charles.

Right click on the server address list and activate BreakPoints and try to restore again.

Then, what window does Charles show up? From the Edit Request menu, copy it from the XML Text window and move it to Notepad. (Request value)

Click Execute, click Edit Response, and do not click Execute when STATUS = 94 appears in the HTML window.

Disable Breakpoints briefly and click the Session menu to view the server records that were previously sent. Click controller? Action = 2 and click the pen shape at the top.

This will allow you to modify the XML Text. Delete everything, paste it from Notepad, and click Execute.

Click the right mouse button to send the server request multiple times with the Repeat Advanced function.

I have another Session. When I look up the server record here, I see several cipher texts that look like base64 rather than STATUS = 94. Activate Breakpoints and copy and paste the sentence into Breakpoints that 10th solution. and click Execute. (Response value)

The restoration is then successful.

If the Breakpoints window appears again during the restore process, repeat the previous steps (from 6th solution)

I think it's similar to Replay Attack.

I do not know if it would be better to upload a video.

*p.s: I'm Korean and i have some difficulties to use english. Just translated some text by Google Translate. Sorry for the inconvenience.

Source Link; http://naver.me/xqxFlHwT

Thread Locked

iOS 12.1.1b3 is no longer signed. Do not try this at the moment.

Pradeep6868 · March 12, 2019

Go to night mode and look at your text

Joka · March 12, 2019

12 minutes ago, Pradeep6868 said:

Go to night mode and look at your text

ikr

Glavar94 · March 12, 2019

3 hours ago, Pradeep6868 said:

Go to night mode and look at your text

What u mean lol

Pradeep6868 · March 12, 2019

32 minutes ago, Glavar94 said:

What u mean lol

Turn on dark theme and you’ll see!

Glavar94 · March 12, 2019

52 minutes ago, Pradeep6868 said:

Turn on dark theme and you’ll see!

How to do that?

Pradeep6868 · March 12, 2019

Just now, Glavar94 said:

How to do that?

Scroll down all the way and look above Facebook there is a text that says ‘change theme, click on that and select dark. You’re welcome!

Glavar94 · March 12, 2019

1 minute ago, Pradeep6868 said:

Scroll down all the way and look above Facebook there is a text that says ‘change theme, click on that and select dark. You’re welcome!

Oh lol.. Now i see. i'll change it now lol