tihmstar/tsschecker tihmstar/tsschecker

  • Stars
    star
    718
  • Rank 63,070 (Top 2 %)
  • Language
    C++
  • License
    GNU Lesser Genera...
  • Created over 8 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
tihmstar/tsschecker
github

tihmstar

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

a powerfull tool to check tss signing status of various devices and firmwares

tsschecker

tsschecker is a powerful tool to check TSS signing status of various devices and iOS/iPadOS/tvOS/watchOS versions.

Features

  • Allows you to get lists of all devices as well as all Firmwares and OTA versions for a specific device.
  • Can check signing status for any firmware version (by specifying a BuildManifest.plist).
  • Works without specifying any device relevant values to check signing status, but can be used to save blobs when given an ECID and the option --print-tss-response (although there are better tools to do this).

tsschecker is not only meant to be used to check firmware signing status, but also to explore Apple's TSS servers. By using all of its customization possibilities, you might discover a combination of devices and iOS versions that is now getting signed but wasn't getting signed before.

About nonces:

recommended generators for saving tickets:

  • 0xbd34a880be0b53f3 // used on Electra & Chimera jailbreaks
  • 0x1111111111111111 // used on unc0ver jailbreak

Nonce Entangling (Apple A12 and newer)

Newer devices, like the iPhone XR or the Apple Watch Series 4 have nonce-entangling enabled.

this means the nonces generated by your device is now also UID derived, and consequently device-specific.
to save usable tickets for a newer device, you need to get the nonce that your device actually generates from your generator.

for information on how to get your actual boot nonce, see this post on r/jailbreak.

Nonce Collisions:

the Nonce Collision method only works on a few firmwares and devices, and isn't reliable.
it's better to save a ticket with a generator and use the checkm8 bootrom exploit.

Recovery Nonce Collisions only occur on a few iOS versions, like iOS 9.3.3 and iOS 10.1-10.2 on the iPhone 5s
and is not reliable as once you update, nonces will either generate differently or not collide anymore.

DFU Nonce Collisions commonly occur on any device using A7 and A8 chipsets, regardless of iOS version.
and is much more reliable than using recovery collisions.

Dependencies

More Repositories

1

futurerestore

A hacked up idevicerestore wrapper, which allows specifying SEP and Baseband for restoring
C++
818
star
2

doubleH3lix

Jailbreak for iOS 10.x 64bit devices without KTRR
Objective-C
225
star
3

img4tool

A tool for manipulating IMG4, IM4M and IM4P files
C++
206
star
4

jelbrekTime

An developer jailbreak for Apple watch S3 watchOS 4.1
Objective-C
201
star
5

usbmuxd2

A socket daemon written in C++ to multiplex connections from and to iOS devices over USB and WIFI
C++
189
star
6

jbinit

iOS booter ramdisk creator for checkm8 based jailbreaks
C
168
star
7

ra1nsn0w

A tethered booter for 64bit iOS devices vulnerable to checkm8
C++
162
star
8

libtakeover

call functions in a remote process using Mach API
C++
98
star
9

iBoot64Patcher

A reboot of the popular iBoot32Patcher but with twice the amount of bits
C++
90
star
10

partialZipBrowser

a tool for browsing and downloading files from zip files on remote webserver
C++
81
star
11

libpatchfinder

A 64bit offsetfinder. It finds offsets, patches, parses Mach-O and even supports IMG4
C++
77
star
12

v1ntex

getf tfp0 on iOS 11.2 - 11.4.1
Objective-C
68
star
13

desc_race-fun_public

C
67
star
14

v3ntex

getf tfp0 on iOS 12.0 - 12.1.2
Objective-C
64
star
15

libfragmentzip

A library allowing to download single files from a remote zip archive
C
53
star
16

treadm1ll

You don't need to be as fast as lightspeed, but a run on a treadm1ll surely doesn't hurt.
C
50
star
17

noncestatistics

a simple tool to get a bunch of ApNonces from iOS devices
C
50
star
18

igetnonce

C
37
star
19

uido_public

C
33
star
20

libgeneral

general stuff for projects
C++
28
star
21

otachecker

quick and dirty tool to check what ota blobs are being signed by apple
Objective-C
25
star
22

libipatcher

a convinient wrapper for iBoot32Patcher/iBoot64Patcher
C++
23
star
23

gido_public

C++
23
star
24

stool

A tool for parsing/analyzing/extracting with nintendo switch binaries
C
21
star
25

fwkeydb

20
star
26

kDFUApp

C
18
star
27

kdp.py

crappy "debugger"-like memory reader, to inspect 32bit ios kernel after it paniced
Python
16
star
28

cydia-repo.tihmstar.org

Shell
14
star
29

exVasi0n

proof of concept using evasi0n security issue
C
12
star
30

Breakout

Breakout is a free, completely open-source iOS 7 jailbreak.
C
12
star
31

jssy

Tiny json parser written in C
C
11
star
32

libgrabkernel

just a kernelgrabber, for those who can't reach out of sandbox
Makefile
11
star
33

vacuumstreamer

C
10
star
34

prelecta1212

get ready for 1212 jb hax
Objective-C
10
star
35

homepodstuff

Shell
10
star
36

libinsn

C++
9
star
37

uido2hashcat

C++
8
star
38

deadPengu1n

deadPengu1n - Pangu untether bug
Objective-C
8
star
39

webkitcacher

Cache directory with web files (html/js...) to ApplicationCache.db file
C++
7
star
40

micSpy

Objective-C++
7
star
41

ps4-linux-git

Shell
6
star
42

Fuzzyparrot

A Semi-automated remote fuzzing tool for mov files on iOS devices
PHP
6
star
43

kfd_JBKit

C++
6
star
44

dyld-print-to-file-exploit

exploits DYLD_PRINT_TO_FILE, modifys sudoers, cleans up and spawns root shell
C
5
star
45

simpleShellEmu

simple shell Emulator, which runs on Linux
C
4
star
46

fwkeydb_tools

Python
4
star
47

JBKit

C
4
star
48

headsUpDisplay

Logos
3
star
49

libdcsdled

A wrapper library for controlling leds on DCSD cable
C++
3
star
50

mkinitcpio-ps4

Shell
3
star
51

rootpipe2_exploit

rootpipe exploited again on 10.10.3
Objective-C
2
star
52

developerexcuses-App

Little App which grabs the funny jokes from http://www.developerexcuses.com/
Objective-C
2
star
53

rb3converter

C++
2
star
54

slides

1
star
55

freePW_tc7200Eploit

Technicolor TC7200 - Credentials Disclosure CVE : CVE-2014-1677
Objective-C
1
star
56

img2tool

A tool for manipulating IMG2 files
C++
1
star
57

GamecubeControllerAnalyzer

C++
1
star
58

img1tool

A tool for manipulating IMG1 (8900) files
C++
1
star