Flash custom firmware

Hi everyone. Many people asking me about flashing custom iOS firmware with patched Setup.app and I decided to make experiment and verify it. In theory you can flash modified firmware and unlock device using patched firmware. If you read instructions to modify firmware it sounds like it should works.

I got decryption keys and modified it by myself, and always got error 14 while trying to flash it to iPhone 5. First idea of problem is that it encrypted incorrectly or maybe used different file structure. I decided to make simple experiment that will makes understand is it even possible to flash not modified, but custom firmware.

I added 1 byte to the end of iOS firmware dmg file and verified that filesystem structure is easy to decrypt and unpack, so it not damaged after modification. So I was sure that iOS device will unpack it without errors and it 100% valid firmware. Finally I tried to flash it, but always get error 14 via iTunes, and also tried Pangu and other ways to flash firmware.

• iTunes or any app just uploading unpacked firmware files to iOS device.
• iTunes send command to device “start flash”.
• iOS device verify files itself and validate checksums.
• If checksum is correct than firmware being flashed, if no, than failed.

In fact there is no difference between any software that flash iOS firmware. They are doing same thing, just upload it to device and send command “start flash”. It makes understand that modification of iTunes or other application that flash firmware will never helps.

It really hard to debug and find out how iOS make and verify hashsum because need access to device memory, but it should be protected by RSA key and not possible to generate own valid hash.

Result: flashing custom firmware using only filesystem decryption keys is not possible. So don’t spend time to flash custom firmware.