Custom 8.1.1 merged with 8.3 ipsw delete setup.app
Today i would like to share some developer info for a possible method to bypass icloud. Tested on an iPhone 5c.
This bypass is not complete yet : it needs final injection but read to understand all the progress.
1 I have download 8.1.1 ipsw for iPhone 5C 5,3. *As it is the only firmware with a decryption key. *
2 downloaded firmware 8.3 ipsw
3 use I decryptit and decrypt the main (largest) DMG file.
4 used transmac to open DMG delete applications/setup.app.
5 then open the 8.3 Ipsw deleted the main (largest) DMG file.
6 take the edited 8.1.1 DMG (deleted setup.app) rename the DMG as the deleted DMG from the 8.3 firmware and replace it with the 8.1.1 modded DMG.
7 used Pangu to restore the modified 8.3 ipsw.
Sometimes this hangs on the attempting to connect nor mode.
Sometimes it hangs on delivering payload. I’m sure somebody can figure out the rest of the steps fairly easy..
Also the unzipped ipsw after pangu restore will be in user/appdata/local/temp. For easier modding and rezipping.
Hopefully somebody can use these methods and bypass iPhone 5+ with decrypted root keys…
After renaming the 8.1.1 main DMG and editing the core services plist I had no problem getting iTunes and Pangu to accept the firmware as 8.3 but it still needs editing.
The apple TSS server accepts it with no problems but it is still on the icloud screen due to a hand on the “nor”part of flashing or the payload delivery.
with this method I have only very limited skills and have only spent a few hours on the method. Someone who understands the editing can probably finish the method.
And unlock icloud or downgrade with the same base method as used on the iPhone 4 4s and 5,1 5,2 models with root keys via setup.app method.
Not the best video but it may be helpful for someone to complete the bypass
I made another video with a different result. Maybe it is worth a look.
I follow your work and you are by far the most advanced and have made the only real progress.
Here is the link for the 8.1.1 merged with 8.3 ipsw I made and the results.
Maybe it will help.
Now I will do some more work and see what I can do now that I have access to my Mac and it will be easier to edit the plist and DMG.
I am also working with some of the other devs that you have posted on your page and site. Feel free to post either video
if you find it helpful for somebody else to correct my mistakes and get past the nor flashing stage.
Open idecryptit and load the 058-09570-016.dmg and use the key: ced3a7e8f9fd0617d5791e8c5e3293f6d1ef2541
http://theiphonewiki.com/wiki/OkemoZurs_12D508_(iPhone5,1)
http://theiphonewiki.com/wiki/Stowe_12F70_(iPhone5,1)
used software : idecryptit, transmac, plistedit pro, pangu 8, recboot, reiboot
