SRD | iPhone11 | iPhone12 | Restore | Status | Sample | Testing | Tatsu Signing Server | TSS

[xsscx]

Reference URL https://github.com/apple/security-research-device/issues/70 with Subject: Downgrades broken again dated 8/28/2022

Downgrade Notes for SRD Models iPhone 11 + 12

HOST

Tue Oct 25 09:03:41 EDT 2022
kern.version: Darwin Kernel Version 22.1.0: Sun Oct  9 20:14:54 PDT 2022; root:xnu-8792.41.9~2/RELEASE_X86_64
kern.osversion: 22A380
kern.iossupportversion: 16.1
kern.osproductversioncompat: 10.16
kern.osproductversion: 13.0
kern.osproductversioncompat: 10.16
/Applications/Xcode-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk
udid                           name       build      BORD       CHIP       ECID
Apple clang version 14.0.0 (clang-1400.0.29.201)
Target: x86_64-apple-darwin22.1.0
Thread model: posix
InstalledDir: /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Darwin Cryptex Management Interface Version 2.0.0: Wed Jun 29 00:19:41 PDT 2022; root:libcryptex_executables-170.100.24~552/cryptexctl/WEN_ETA_X86_64
machdep.cpu.brand_string: Intel(R) Core(TM) i7-8700B CPU @ 3.20GHz
machdep.cpu.brand: 0
System Integrity Protection status: disabled.
cryptexctl: flags = [none]
cryptexctl: will re-exec: /usr/local/bin/cryptexctl.research
cryptexctl.research: path = /usr/local/bin/cryptexctl.research
MobileDevice version = 1497.41.2

iPhone 12 SRD - Downgrade Notes

When using iOS 16 - latest beta OR retail restore ipsw

• iOS 15.7 - Downgrade - PASS for Finder

Log

2022-10-25 08:51:57.000 AMPDevicesAgent[851:103]: AMPDevicesAgent: Software payload version: 19H12 (option key)

Downgrade Results for Finder:

• iOS 15.7 -> 15.6.1 - Hang
• iOS 15.7 -> 15.6 - Hang
• iOS 15.7 -> 15.5 - Hang
• iOS 15.7 -> 15.4 - Hang
• iOS 15.7 -> 15.3 - Hang
• iOS 15.7 -> 15.2 - Hang

Log

Can't send dump_console command since device is not in recovery mode
State is now set to error: AMRestorePerformRestoreModeRestoreWithError failed with error: 1

iPhone 11 SRD - Downgrade Notes

When using iOS 16 - latest beta OR retail restore ipsw

• iOS 15.4 - Downgrade - PASS for Finder

Log

2022-10-25 08:08:27.000 AMPDevicesAgent[851:103]: AMPDevicesAgent: Software payload version: 19E241 (option key)

• iOS 15.0 - Downgrade - PASS for Finder

Log

2022-10-25 08:22:42.000 AMPDevicesAgent[851:103]: AMPDevicesAgent: Software payload version: 19A344 (option key)

• iOS 14.7 - Downgrade - PASS for srdutil + Finder

Repro

(1)  srdutil restore -v -s -D -e .... -i /path.part/iPhone11,8,iPhone12,1_14.7.1_18G82_Restore.ipsw
(2)  Finder | Software payload version: 19A344 (option key)

Log

2022-10-25 08:37:29.000 AMPDevicesAgent[851:103]: AMPDevicesAgent: Apple Mobile Device version: 1497.41.2
2022-10-25 08:37:29.000 AMPDevicesAgent[851:103]: AMPDevicesAgent: Software payload version: 18G69 (option key)

• Further downgrades for the SRD iPhone 11 Model are left as an exercise to the Reader.

Comments

• No additional testing was performed with macOS12.x or macOS 13.x Beta which may yield different Results
• iPhone 11 SRD Users may find that further testing with srdutil can Result with a larger IPSW restore window

[xsscx]

TSS for SRD is a transitory service, that ebbs and flows like the tide. Like the weather, wait a bit, and things will change.

TSS back to normal