Tethered downgrade 64-bit iDevices vulnerable to checkm8

Related tags

Miscellaneous ra1nstorm
Overview

ra1nstorm

Tethered downgrade 64-bit iDevices vulnerable to checkm8

Since the purpose of this tool is to tethered downgrade a device, after restoring please use one of the tools listed below to tethered boot it:

Usage

usage: ra1nstorm iPSW [-u]

ra1nstorm - Tethered downgrade 64-bit iDevices vulnerable to checkm8

positional arguments:
  iPSW          iPSW file used for restoring

optional arguments:
  -h, --help    show this help message and exit
  -u, --update  Keep data while restoring IPSW (Untested)

Supported version

All iOS versions from iOS 11 - iOS 14 are supported NOTE: Due to SEP limitation, you can only restore to an iOS version which its SEP firmware is still being signed

Success

Device From To
iPhone9,1 15.2.1 14.3

Requirements

  • A computer running macOS
  • 3 gigabytes free space on the computer
  • 64-bit iDevice (vulnerable to checkm8)
  • Binaries:
  1. futurerestore
  2. img4tool
  3. img4 (img4lib)
  4. kairos
  5. irecovery (irecovery version must be >= 1.0.1)
  6. Kernel64Patcher
  7. asr64_patcher
  8. tsschecker

After downloading the binaries above, you have to move them to PATH (e.g. /usr/local/bin)

  • Python3
  • Install ra1nstorm requirements: pip3 install -r requirements.txt

Issue

Feel free to open an issue if you need support/report a bug

Credits

Special thanks to m1stadev for wikiproxy and buildmanifest parser (ipsw.py and manifest.py files of ra1nstorm are copied from Inferius)

Comments
  • Latest version not working.

    Latest version not working.

    When using the tool after typing the command to start it. The following error appears despite that the fact that I have iRecovery-1.0.1 in the bin folder.

    ./ra1nstorm /Users/family/Documents/Documents/Andrew/iPhone_4.7_P3_14.1_18A8395_Restore.ipsw Checking dependencies... Checking hard disk free space... Verifying iPSW... Device info: CPID:8010 CPRV:11 CPFM:03 SCEP:01 BDID:0C ECID:001131E61A530026 IBFL:3C SRTG:[iBoot-2696.0.0.1.33] PWND:[checkm8] [ERROR] Unable to get device info, possibly irecovery version is old.

    When running irecovery -q in a seperate terminal window. irecovery successfully detects the device.

    opened by adog9712 10
  • dyld: Symbol not found

    dyld: Symbol not found

    hello. I compiled all dependence. But when I run script. I give error. I can't understand what need . cat@iMac-cat ~ % /Users/cat/Desktop/ra1nstorm-master\ 2/ra1nstorm /Users/cat/Desktop/ra1nstorm-master\ 2/iPhone_5.5_P3_15.4.1_19E258_Restore.ipsw -u -s /Users/cat/Desktop/ra1nstorm-master\ 2 -t /Users/cat/Blobs/3705114213417018_iPhone9,2_d11ap_15.4.1-19E258_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2

    Checking dependencies... dyld: Symbol not found: __ZN8tihmstar8img4tool20isIM4MSignatureValidERKNS0_14ASN1DERElementE Referenced from: /usr/local/bin/futurerestore Expected in: /usr/local/lib/libimg4tool.0.dylib in /usr/local/bin/futurerestore ra1nstorm failed with Ra1nstormException: [exception]: what=This futurerestore does not allow specifying custom bootchain file=dependencies.py cat@iMac-cat ~ %

    opened by D0lcegabbana 1
  • No module named 'm1n1Exception'

    No module named 'm1n1Exception'

    Hi,

    When I try to use ra1nstrom, I get this error message:

    sacha@mac ra1nstorm-master % ./ra1nstorm /Users/sachaDownloads/ipad.ipsw Traceback (most recent call last): File "./ra1nstorm", line 9, in from others.ipsw import IPSW File "/Users/sacha/Downloads/ra1nstorm-master/others/ipsw.py", line 9, in from m1n1Exception import * ModuleNotFoundError: No module named 'm1n1Exception'

    However I used the command pip3 install -r requirements.txt before launching.

    I also try to uninstall and reinstall m1n1Exception but it's not work

    opened by sacha38 0
  • what=This futurerestore does not allow specifying custom bootchain file=dependencies.py

    what=This futurerestore does not allow specifying custom bootchain file=dependencies.py

    What version of futurerestore do i have to use? Am I doing something wrong?

    what=This futurerestore does not allow specifying custom bootchain file=dependencies.py

    I have used this: https://github.com/futurerestore/futurerestore/releases/tag/194

    opened by jurrc 2
  • what=ERROR: Unable to place device into restore mode

    what=ERROR: Unable to place device into restore mode 

    Recovery Mode Environment:
iBoot build-version=iBoot-6723.62.3
iBoot build-style=RELEASE
Sending RestoreLogo...
Extracting applelogo@2x~iphone.im4p (Firmware/all_flash/applelogo@2x~iphone.im4p)...
Personalizing IMG4 component RestoreLogo...
Sending RestoreLogo (13544 bytes)...
ramdisk-size=0x20000000
1337 CUSTOM RAMDISK!
Personalizing IMG4 component RestoreRamDisk...
Sending RestoreRamDisk (104124299 bytes)...
Extracting 038-83284-083.dmg.trustcache (Firmware/038-83284-083.dmg.trustcache)...
Personalizing IMG4 component RestoreTrustCache...
Sending RestoreTrustCache (11837 bytes)...
Extracting DeviceTree.d101ap.im4p (Firmware/all_flash/DeviceTree.d101ap.im4p)...
Personalizing IMG4 component RestoreDeviceTree...
Sending RestoreDeviceTree (36558 bytes)...
Extracting sep-firmware.d101.RELEASE.im4p (Firmware/all_flash/sep-firmware.d101.RELEASE.im4p)...
Personalizing IMG4 component RestoreSEP...
Sending RestoreSEP (1353379 bytes)...
1337 CUSTOM KERNEL!
Personalizing IMG4 component RestoreKernelCache...
Sending RestoreKernelCache (14836683 bytes)...
ERROR: Failed to place device in restore mode
Cleaning up...
[exception]:
what=ERROR: Unable to place device into restore mode

code=87031825
line=1328
file=futurerestore.cpp
commit count=288
commit sha  =8936ddbed3a0c120330773aab03d4260b53527a9
Done: restoring failed!
futurerestore(872,0x1162c5e00) malloc: Incorrect checksum for freed object 0x7fcbf95c4670: probably modified after being freed.
Corrupt value: 0x5a7aecffecad80a3
futurerestore(872,0x1162c5e00) malloc: *** set a breakpoint in malloc_error_break to debug
ra1nstorm failed with Ra1nstormException:
[exception]:
what=Restore failed (-6)```
    opened by Brifff 7
Owner
mini_exploit
mini_exploit
GitHub
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss.

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.

null 197 Nov 14, 2022
log4shell pwner for vulnerable minecraft servers

Log4-hell name supposed to be Log4$hell but oh well log4shell pwner for vulnerable minecraft servers install all reqs python + a minecraft client for

null 1 Jan 5, 2022
a bit of my project :) and I use some of them for my school lesson or study for an exam! but some of them just for myself.

Handy Project a bit of my project :) and I use some of them for my school lesson or study for an exam! but some of them just for myself. the handy pro

amirkasra esmaeilian 13 Jul 5, 2021
Commodore 64 OS running on Atari 8-bit hardware

This is the Commodre 64 KERNAL, modified to run on the Atari 8-bit line of computers. They're practically the same machine; why didn't someone try this 30 years ago?

Nick Bensema 133 Nov 12, 2022
Generate your personal 8-bit avatars using Cellular Automata, a mathematical model that simulates life, survival, and extinction

Try the interactive demo here ✨ ✨ Sprites-as-a-Service is an open-source web application that allows you to generate custom 8-bit sprites using Cellul

Lj Miranda 265 Dec 26, 2022
Apache Superset out of box version(Windows 64-bit)

superset_app Apache Superset out of box version (Windows 64bit) prepare job download 3 files python-3.8.10-embed-amd64.zip get-pip.py python_geohash‑0

Steven Lee 9 Oct 2, 2022
Update your Nintendo Switch cheats with one click, or a bit more~

Interactive-ASM-Cheats-Updater This updater unlocks your ability of updating most of the ASM cheats for Nintendo Switch. Table of Contents Functions Q

zzpong 63 Dec 27, 2022
Python utility for discovering interesting CFPreferences values on iDevices

Description Simple utility to search for interesting preferences in iDevices. Installation python3 -m pip install -U --user cfprefsmon Example In this

null 12 Aug 19, 2022
HOWTO: Downgrade from nYNAB to YNAB4

HOWTO: Downgrade from nYNAB to YNAB4 This page explains how to move from nYNAB to YNAB4 while retaining as much information as possible. See Appendix

Tobias Kunze 10 Dec 29, 2022
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

null 44 Nov 15, 2022
framework providing automatic constructions of vulnerable infrastructures

中文 | English 1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy sim

rambolized 685 Dec 28, 2022
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss.

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.

null 197 Nov 14, 2022
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

null 136 Jan 2, 2023
Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

Dasith Vidanage 7 Mar 8, 2022
OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

Marco Simioni 13 Jul 13, 2022
Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Jordan Jay 43 Nov 9, 2022
OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

cckuailong 560 Dec 23, 2022
Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

Justakazh 6 Dec 28, 2022
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022