iCloud Freedom - Flash custom iOS firmware to bypass iCloud

Hi everyone. Many people asking me about flashing custom iOS firmware with patched Setup.app and I decided to make experiment and verify it. In theory you can flash modified firmware and unlock device using patched firmware. If you read instructions to modify firmware it sounds like it should works.

I got decryption keys and modified it by myself, and always got error 14 while trying to flash it to iPhone 5. First idea of problem is that it encrypted incorrectly or maybe used different file structure. I decided to make simple experiment that will makes understand is it even possible to flash not modified, but custom firmware.

I added 1 byte to the end of iOS firmware dmg file and verified that filesystem structure is easy to decrypt and unpack, so it not damaged after modification. So I was sure that iOS device will unpack it without errors and it 100% valid firmware. Finally I tried to flash it, but always get error 14 via iTunes, and also tried Pangu and other ways to flash firmware.

It makes understand that flashing firmware works this way:

iTunes or any app just uploading unpacked firmware files to iOS device.
iTunes send command to device “start flash”.
iOS device verify files itself and validate checksums.
If checksum is correct than firmware being flashed, if no, than failed.

In fact there is no difference between any software that flash iOS firmware. They are doing same thing, just upload it to device and send command “start flash”. It makes understand that modification of iTunes or other application that flash firmware will never helps.

It really hard to debug and find out how iOS make and verify hashsum because need access to device memory, but it should be protected by RSA key and not possible to generate own valid hash.

Result: flashing custom firmware using only filesystem decryption keys is not possible. So don’t spend time to flash custom firmware.

May 25th, 2015|Categories: News|288 Comments

288 Comments

Iranian 2015-09-12 at 10:56

I have ip 6 with iOS 8.4, after I upgrade via ITunes my IPhone lock iCloud with Apple ID before. And I don’t know this pass..
This situations make me crazy.
Any solution for me ??
Kixx 2015-09-23 at 04:29

Yea you can flash Custom firmware! You need a few tools and don’t flash with the worst thing ever(iTunes). You can make your Custom Firmware using the keys from wiki and use idecrypt to decrypt them, then use transmac to change the name of the Setup.app to putes.app don’t delete Setup.app just rename it. Then dump the dmg file back into the Ipsw file that was changed to .rar to get the dmg file from in the first place and rename it back to .ipsw then use Kali Linux to restore the custom Firmware easy and with no errors at all, or use CMD on windows but it’s got to have iDevicerestore installed on windows, or you can use pangu v1.2.1 …. Rest my case… And yes you can’t flash with shitty iTunes? Who uses iTunes anyways so old school back in the day…
- adrian 2016-04-25 at 19:49
  
  Where can i find the rootfile system key for iphone 6 ios8.3 to decrypt.
  Iphonewiki doesn’t have anything for iphone 6
Florin 2015-10-01 at 13:29

Hi!If you want to flash a custom firmware you have to use libimobiledevice(windows) or purple restore(mac).This allows to pass erorr 14.Acces forum.fce365.info or search on youtube for more details about libimobiledevice.
tripple K 2015-10-04 at 20:51

IGHOR you have a point
Farrah 2015-10-13 at 06:32

iam just unlock my iPhone 5c 9.0.2 using xampp+icleaner+copy activation key Chains+copy deactivation file from another 5c mobile…this will remove old owner
- Brian 2016-01-03 at 16:36
  
  Hi..pls help me Farragut how using xmpp I’m have a locked iPhone 6 iOS 9.0.2.
Ted 2015-10-13 at 22:11

What IGHOR is saying is correct and accurate, you will never bypass iCloud with that method, the guy at fce is just a fake and a scam, even hit tool was removed from theiphonewiki because of that.

You cannot restore custom ipsw this way, without pwned dfu, you will never, no matter what restore tool you use.

Custom IPSW = Pwned DFU, simple to understand, once and for all.
- nate306 2016-11-09 at 07:38
  
  i know this is an old post, but his tool is still on the iphonewiki, i just downloaded the newest version an hour ago. and i’m also confused as to how he’s a fake and a scam? All of his tools are free to download, so he couldn’t have scammed you that way. and unlike thousands of other people on youtube who swap out phones off screen or have someone logged into their and remove the phone so it looks like its bypassed for the camera, he actually goes thru a step by step of what he’s doing and doesn’t claim that it is going to workfor everyone or in the first 50 times you try. he also makes it clear that even if it does work, all its doing is crashing the setup app which runs over top of springboard, you won’t have cell service because the baseband is still bricked and itunes will still say your device needs to be restored amd not connect to it.again he explains that in all of his videos, and he’s uploaded plenty of videos that he wasn’t able to bypass it aswell as some he has. and i do understamd the point you make about uploading firmware instead of instructions Ighor, but at the same time if he did how many people do you think would donate something to him for putting in the work on the patches and compiling it compared to the number of people that would be hounding him for certain versions, constant messages saying that it didn’t work or people not paying attention to it not returning cell signal and saying that he’s a fake and a scam evem when it did work.if you look at the youtubr coments i’m sure he deals with alot of that as it is. plus he doesn’t do itfor criminals to make stolen phones workable again, its more for people that got ripped off and want to get a bit of functionality out of it without havkmg to use a public server. and from my personal experiemce with tryimg it, it does work, but definitely far from every try or even every 100 tries. and its only worked for me on one device higher than the 4s.
Adnan 2015-10-22 at 21:04

Bro plz help me.i got a locked 5s device.please help me to unlock it
Erik 2015-10-27 at 16:33

It is definitely possible to bypass. I have to work out a few things first with the 5, 5c & 5s but I’m writing this on a 4s that I was able to not so much bypass but clear the iCloud account completely and set it under my own. And have done it on a 4 also. Both on the newest firmware. I’m sure Apple monitors sites and forums like these so I’m not going to say how I did it. If anyone has any ideas on how to discreetly let people know what I was able to do, I’m open to suggestions. What would be a reasonable payment amount to do it also? I’m not going to try to screw anyone over but if you knew how much time I’ve put into finding a way of doing this, you’d want to be compensated also. I tried to get in touch with you, Mr I July, about this a while ago but never heard anything back from you….
- Dillon 2016-01-08 at 02:54
  
  He can you email me please and we Mateos be Abel ti discursos how to celar the account completely. My phone broke so i bought an ipod 5th gen for cheap until i could get a new screen and it was iCloud locked
- Samsonx 2016-01-09 at 15:31
  
  hey erik,
  have you managed to do this on ios9.2? reply back to me and we can talk on how to get this out discreetly.
  cheers.
  S.
- Kevin Williams 2016-01-15 at 13:26
  
  please contacted on this matter. You say you have a way. I have the people that can make it happen for you and make a lot of money for it. If interested emailed back
  Thanks
- Michael 2016-05-14 at 21:11
  
  Hey, just read ur post and was wondering if u could send me an email with instructions on how u did it please? Muchly appreciated Michael
- Robert 2017-02-09 at 15:30
  
  I’d like to try this, I have a
  icloud locked iphone 4 but I’m not sending money for an untried method if it works I’ll paypal you. thanks
- Yusuf H C 2017-04-15 at 02:29
  
  Erik please email me with the solution I am in desperate need to unlock my phone from the iCloud activation lock
  Email: [email protected]
  Thanks,
- Cody 2017-12-04 at 04:54
  
  I would like to know how u did it I have been spending a serious amount of time working on this and no luck… willing to compensate send me an email [email protected] thank you
GelPasague 2015-10-31 at 18:35

Thank you IGHOR for the DNSbypass system, i was a victim of buy and sell scammer and i couldn’t refund my cash or eitherway return this iphone5s with icloud account. but with your DNSbypass my son can use the phone for watching Disneys,Cartoons,Educational videos, etc on Youtube. he can even plays some mini games for children.
my lock iphone5S is running on 8.4.1 ios. im sorry i can’t donate money since we’re just poor family here in Philippines, but tell me if you’re going to visit especially here on Angeles City,Clarkfield. i have a Tricyle and i will have you a free ride as long as you’re here! hehehe =)
thank you and god bless you! ‘=)
hossein 2015-11-06 at 00:13

Hi everyone,

Any luck for bypassing icloud activation on 4S? please mail me at [email protected] and get reword
minmin 2015-11-06 at 07:58

iphone 4s iclould removel tool my need
Steve 2015-11-10 at 21:58

I have spent nearly 3 hours reading many posts, but no result.

Can you help to untether an iCloud lock or not.

It’s great being on your Server, but I would really like to properly use this iPhone 5s. Bought in good faith now the seller is asking for another £100 to supply the password. PayPal say I’m out of time for a dispute.
Anderson 2015-11-10 at 23:25

اريد ان افتحى ا ايكاود
Parthio 2015-11-12 at 13:22

i found a iPhone but it is iCloud lock.. Plz unlock my iPhone… Could you help me please
Sandro 2015-11-15 at 10:57

Desbloquear o iPad porfavor
Mr.M 2015-11-17 at 19:10

Why dont you try fake icloud account to custom firmware ? if you cannot remove, Fake it.
Nas 2015-11-21 at 16:06

Uhmmm Hi Ighor I can’t seem to do anything besides the bypass thing,
Anyway was wondering if I changed the board or replace the board, it will take off the iCloud account? please reply…….Thanks
Igorroots 2015-11-21 at 19:59

Olá boa trd, tenho um 5s no IOS 8.3 com iCloud e nao consigo fzr o downgrade para 7.1…
pode me ajudar por favor…
Pepe 2015-11-28 at 00:14

I saw a video that uses a vulnerability with the a5 cpu but that works just on iPhone 4 and making a custom ipws is not reliable yet, for 5s at least I have see 5c and 5 keys for iOS 9.0 but not for 9.1 yet. Cheers and Igor you’re amazing. With this you have removed the scammers… Thank you!
me 2015-11-30 at 18:05

you can do it ,download your restore file from the iphonewiki.com change ipsw to .zip ,open your ipdw in winzip ad decrypt the biggest dmg file with idecrypit,(take note of your rootkey in iphonewiki u need to enter it in idecrypt it,) put modified file back into zip file, delete the old one, change zip file back to ipsw, . open your ipsw with transmac, search for setup.app dont delete it, change name of it to anything, …. , save it, use libimobiledevice to restore, put your modified ipsw to same folder u installed libimobiledevice, .name it libi…..find ur udid number off your fone, open cmd prompt as admin , then example ;- C;/libi idevicerestore.exe -u 23456775434567865467 -c iphone5,1_8.2_11d154_restore.ipsw
- Ercik 2016-07-07 at 18:45
  
  Se puede para iphone 6?
- Paul 2016-07-20 at 15:10
  
  Hey mate this sounds logical. How many different firmware versions have you tested this on?
- John 2016-07-29 at 03:30
  
  Is thuis werking and where dan i find beter instructions.