ApNonce from device doesn't match IM4M nonce after applying ApNonce hax. Aborting! about downr1n HOT 10 CLOSED

Hi, when I do ./downr1n --downgrade 14.3. It gets past all everything but when the futurestore stage is starting it gives me the error "ApNonce from device doesn't match IM4M nonce after applying ApNonce hax. Aborting!" after sending the iBEC.

I am running this on MacOS 10.5.7

This is the console log:

`Checking if SEP is being signed... Sending TSS request attempt 1... response successfully received SEP is being signed!

WARNING: user specified is not to flash a baseband. This can make the restore fail if the device needs a baseband!

If you added this flag by mistake, you can press CTRL-C now to cancel Continuing restore in 10 9 8 7 6 5 4 3 2 1 Downloading the latest firmware components... Finished downloading the latest firmware components! Found device in DFU mode requesting to get into pwnRecovery later Found device in DFU mode Identified device as j96ap, iPad5,1 Extracting BuildManifest from iPSW Product version: 14.3 Product build: 18C66 Major: 18 Device supports Image4: true checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID checking if the APTicket is valid for this restore... Verified ECID in APTicket matches the device's ECID [IMG4TOOL] checking buildidentity 0: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 1: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 2: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197 commit sha =aca6cf005c94caf135023263cbb5c61a0081804f [IMG4TOOL] checking buildidentity 3: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 4: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 5: [IMG4TOOL] checking buildidentity matches board ... NO [IMG4TOOL] checking buildidentity 6: [IMG4TOOL] checking buildidentity matches board ... YES [IMG4TOOL] checking buildidentity has all required hashes: [IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "AppleLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryCharging1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryFull" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow0" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryLow1" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "BatteryPlugin" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "DeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "KernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "LLB" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "OS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RecoveryMode" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreDeviceTree" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreKernelCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreLogo" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreRamDisk" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreSEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "RestoreTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SEP" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "StaticTrustCache" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "SystemVolume" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "iBEC" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBSS" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "iBoot" BAD! (hash not found in im4m) [IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest) [IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)

failed verification with error: [exception]: what=verification failed! code=84279308 line=1286 file=img4tool.cpp commit count=197 commit sha =aca6cf005c94caf135023263cbb5c61a0081804f [IMG4TOOL] checking buildidentity 7: [IMG4TOOL] checking buildidentity matches board ... NO [WARNING] NOT VALIDATING SHSH BLOBS IM4M! [Error] BuildIdentity selected for restore does not match APTicket

BuildIdentity selected for restore: BuildNumber : 18C66 BuildTrain : AzulC DeviceClass : j96ap FDRSupport : YES MobileDeviceMinVersion : 1253 RestoreBehavior : Erase Variant : Customer Erase Install (IPSW)

BuildIdentity is valid for the APTicket: IM4M is not valid for any restore within the Buildmanifest This APTicket can't be used for restoring this firmware [WARNING] NOT VALIDATING SHSH BLOBS! Variant: Customer Erase Install (IPSW) This restore will erase all device data. Device found in DFU Mode. Getting firmware keys for: j96ap Patching iBSS Extracting iBSS.ipad5.RELEASE.im4p (Firmware/dfu/iBSS.ipad5.RELEASE.im4p)... payload decrypted iBoot64Patch: Staring iBoot64Patch! iOS 14 iBoot detected! iBoot64Patch: Inited ibootpatchfinder64! iBoot64Patch: Added sigpatches! iBoot64Patch: Added unlock nvram patch! iBoot64Patch: Added freshnonce patch! iBoot64Patch: has_kernel_load is false! iBoot64Patch: Applying patch=0x18038dfa4 : 000080d2 iBoot64Patch: Applying patch=0x18038dffc : 000080d2 iBoot64Patch: Patches applied! Patching iBEC Extracting iBEC.ipad5.RELEASE.im4p (Firmware/dfu/iBEC.ipad5.RELEASE.im4p)... payload decrypted iBoot64Patch: Staring iBoot64Patch! iOS 14 iBoot detected! iBoot64Patch: Inited ibootpatchfinder64! iBoot64Patch: Added sigpatches! iBoot64Patch: Added unlock nvram patch! iBoot64Patch: Added freshnonce patch! iBoot64Patch: has_kernel_load is true! iBoot64Patch: Added debugenabled patch! iBoot64Patch: Added bootarg patch! iBoot64Patch: Applying patch=0x87000f068 : 000080d2 iBoot64Patch: Applying patch=0x87000f0b4 : 000080d2 iBoot64Patch: Applying patch=0x870003094 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x870003600 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x87002df14 : 000080d2c0035fd6 iBoot64Patch: Applying patch=0x870014500 : 1f2003d5 iBoot64Patch: Applying patch=0x8700109e4 : 200080d2 iBoot64Patch: Applying patch=0x870011fd8 : 69cf2110 iBoot64Patch: Applying patch=0x8700559c4 : 72643d6d6430206e616e642d656e61626c652d7265666f726d61743d307831202d76202d726573746f72652064656275673d30783230313465206b65657073796d733d30783120616d66693d3078666620616d66695f616c6c6f775f616e795f7369676e61747572653d30783120616d66695f6765745f6f75745f6f665f6d795f7761793d3078312063735f656e666f7263656d656e745f64697361626c653d30783100 iBoot64Patch: Applying patch=0x870011fe4 : fa0309aa iBoot64Patch: Applying patch=0x870012000 : 3ace2110 iBoot64Patch: Patches applied! Repacking patched iBSS as IMG4 Repacking patched iBEC as IMG4 Sending iBSS (201198 bytes)... [==================================================] 100.0% Booting iBSS, waiting for device to disconnect... Booting iBSS, waiting for device to reconnect... Sending iBEC (776686 bytes)... [==================================================] 100.0% Booting iBEC, waiting for device to disconnect... Booting iBEC, waiting for device to reconnect... INFO: device serial number is F9FQC69YGHK9 ApNonce pre-hax: Getting ApNonce in recovery mode... 3f 6f 44 a9 42 1c 83 70 6f 5e 8c 11 f8 ad c5 8f 2c 32 bc f1 ApNonce from device doesn't match IM4M nonce, applying hax... Writing generator=0xaa9b8f3c282761da to nvram! Sending iBEC (776686 bytes)... [==================================================] 100.0% Booting iBEC, waiting for device to disconnect... Booting iBEC, waiting for device to reconnect... APnonce post-hax: Getting ApNonce in recovery mode... 2d 4b d5 cf 45 2f 35 cf 6a 3d 58 1c 30 88 8f fe 8b be b7 ea Cleaning up... [exception]: what=ApNonce from device doesn't match IM4M nonce after applying ApNonce hax. Aborting! code=54198340 line=827 file=/Users/runner/work/futurerestore/futurerestore/src/futurerestore.cpp commit count=308 commit sha =9554c0068dc50e141872ced5da2bd95baa595805 Done: restoring failed! if you are on linux please try above command if futurerestore failed if futurerestore didn't finish succesfully please try to run (with sudo or without) this command: /Users/fin/downr1n/binaries/Darwin/futurerestore -t blobs/iPad5,1-14.3.shsh2 --use-pwndfu --skip-blob --rdsk work/rdsk.im4p --rkrn work/krnl.im4p --latest-sep --no-baseband ipsw//iPad_64bit_TouchID_14.3_18C66_Restore.ipsw if futurerestore restore sucess, you can boot using --boot`

restore it (using iTunes or another one) and try again

from downr1n.

I fixed that issue and now downgraded but when i try to boot it gets stuck..

Terminal log:

[*] Command ran: sudo ./downr1n.sh --boot
[17:32:06.837][3] usbmuxd v1.1.1 starting up
[17:32:06.837][3] Using libusb 1.0.25
[17:32:06.839][3] Initialization complete
downr1n | Version 3.0
Created by edwin, thanks palera1, and all people creator of path file boot

[] Waiting for devices
[] Detected DFU mode device
[] Waiting for devices
[] Detected DFU mode device
[] Getting device info...
Detected cpid, your cpid is 0x7000
Detected model, your model is j96ap
Detected deviceid, your deviceid is iPad5,1
[] Pwning device
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SETUP
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SPRAY
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: PATCH
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
[] Resetting DFU state
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
[] Booting device
[==================================================] 100.0%
[================================== ] 67.5%Attempting to connect...
opening device 05ac:1227...
Setting to configuration 1
Setting to interface 0:0
Connected to iPad5,1, model j96ap, cpid 0x7000, bdid 0x08
[==================================================] 100.0%Command completed successfully

[== ] 2.8

from downr1n.

+1. Tried reinstalling latest iOS before retrying and still not working.

from downr1n.

I fixed that issue and now downgraded but when i try to boot it gets stuck..

Terminal log:

[*] Command ran: sudo ./downr1n.sh --boot [17:32:06.837][3] usbmuxd v1.1.1 starting up [17:32:06.837][3] Using libusb 1.0.25 [17:32:06.839][3] Initialization complete downr1n | Version 3.0 Created by edwin, thanks palera1, and all people creator of path file boot

[] Waiting for devices [] Detected DFU mode device [] Waiting for devices [] Detected DFU mode device [] Getting device info... Detected cpid, your cpid is 0x7000 Detected model, your model is j96ap Detected deviceid, your deviceid is iPad5,1 [] Pwning device usb_timeout: 5 usb_abort_timeout_min: 0 [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID: 0x7000 Found the USB handle. Stage: RESET ret: true [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID: 0x7000 Found the USB handle. Stage: SETUP ret: true [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID: 0x7000 Found the USB handle. Stage: SPRAY ret: true [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID: 0x7000 Found the USB handle. Stage: PATCH ret: true [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 CPID: 0x7000 Found the USB handle. Now you can boot untrusted images. [] Resetting DFU state usb_timeout: 5 usb_abort_timeout_min: 0 [libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227 Found the USB handle. [] Booting device [==================================================] 100.0% [================================== ] 67.5%Attempting to connect... opening device 05ac:1227... Setting to configuration 1 Setting to interface 0:0 Connected to iPad5,1, model j96ap, cpid 0x7000, bdid 0x08 [==================================================] 100.0%Command completed successfully

[== ] 2.8

restore with iTunes and try again

from downr1n.

I fixed that issue and now downgraded but when i try to boot it gets stuck..

@fpandroid how did you fix the ApNonce issue? I still haven't resolved this problem.

from downr1n.

@edwin170 do you know why this might be? I restored with iTunes many times and it never worked.

from downr1n.

@edwin170 do you know why this might be? I restored with iTunes many times and it never worked.

what device ? what iOS is it on? tell me the arguments that you used

from downr1n.

@edwin170 do you know why this might be? I restored with iTunes many times and it never worked.

what device ? what iOS is it on? tell me the arguments that you used

I had run downr1n --downgrade 14.8, it's an iPad mini 4, I got it on iOS 14.2, this error occurred there and after restoring to 15.8 with iTunes.

from downr1n.

@edwin170 do you know why this might be? I restored with iTunes many times and it never worked.

what device ? what iOS is it on? tell me the arguments that you used

I had run downr1n --downgrade 14.8, it's an iPad mini 4, I got it on iOS 14.2, this error occurred there and after restoring to 15.8 with iTunes.

Have you fixed this issue? I occurred the same problem on my ipad mini 4

from downr1n.

a8 and a8X users should use dualra1n

from downr1n.