iCloud Freedom - Flash custom iOS firmware to bypass iCloud

Hi everyone. Many people asking me about flashing custom iOS firmware with patched Setup.app and I decided to make experiment and verify it. In theory you can flash modified firmware and unlock device using patched firmware. If you read instructions to modify firmware it sounds like it should works.

I got decryption keys and modified it by myself, and always got error 14 while trying to flash it to iPhone 5. First idea of problem is that it encrypted incorrectly or maybe used different file structure. I decided to make simple experiment that will makes understand is it even possible to flash not modified, but custom firmware.

I added 1 byte to the end of iOS firmware dmg file and verified that filesystem structure is easy to decrypt and unpack, so it not damaged after modification. So I was sure that iOS device will unpack it without errors and it 100% valid firmware. Finally I tried to flash it, but always get error 14 via iTunes, and also tried Pangu and other ways to flash firmware.

It makes understand that flashing firmware works this way:

iTunes or any app just uploading unpacked firmware files to iOS device.
iTunes send command to device “start flash”.
iOS device verify files itself and validate checksums.
If checksum is correct than firmware being flashed, if no, than failed.

In fact there is no difference between any software that flash iOS firmware. They are doing same thing, just upload it to device and send command “start flash”. It makes understand that modification of iTunes or other application that flash firmware will never helps.

It really hard to debug and find out how iOS make and verify hashsum because need access to device memory, but it should be protected by RSA key and not possible to generate own valid hash.

Result: flashing custom firmware using only filesystem decryption keys is not possible. So don’t spend time to flash custom firmware.

288 Comments

Khalid 2016-07-08 at 21:20

0671370083 ipad5 icluod iphones6
Icluod
Pete 2016-07-16 at 22:07

Please send me info when we can use our phone cause like everyone that’s interested in this I bought this phone when I got it home and went to turn I one it was locked and I have no clue who the original owner is thank you hope to hear from you shortly peace out I got scammed so please help me finish this out so I can say hay baby I told u it would work lol
- Dobby 2018-03-27 at 01:00
  
  Hey Pete, I found a mint iPhone 6 wrapped snug in its battered pvc wallet, on screen was a pic of the bird, contained bank cards with her complete name – (1 card of which wasn’t hers), obvious email I discovered & next of kin mobile number yet still after interrogation style research to try crack the iCloud still have no success can confidently tell you u have infinitely ziltch chance your best bet is to slap it in the post to me so both my friends little girls can have a real but not real iPhone each to play with! ???
Budi 2016-07-29 at 13:20

I have iPhone 5s…please help me remove Apple ID in my phone imei 352045061734058
Khai 2016-08-06 at 19:40

Hi Plse comment my iPhone open icloud
Marlvalous 2016-08-08 at 05:23

Hello sir. I have an iPad mini activation lock iOS 9.2. Is there any hope for me sir?? If not still thanks sir….. Very much.. ???
Masum 2016-08-11 at 20:59

Hi bro, my iPhone device imei number is 351987060683654. Anyone can help me plz?
Ricardo 2016-08-28 at 08:48

Quisiera desbloquear este iPhone 6s ya lo tengo como ocho meses mi patrón me lo vendió pero no tengo su numero me robaron mi otro cel
Fallenends 2016-09-01 at 19:25

is it possible to use Kali Linux to roster
Ricardo 2016-09-03 at 03:35

como contacto al dueño anterior de un iPad mi correo es [email protected]
Dipeh 2016-09-07 at 10:17

Help to unlock my iPhone it’s locked to iCloud Apple ID
airfin007 2016-09-08 at 15:04

I like this,thanx. My number whatsapp +6285649184979
Manju 2016-09-13 at 20:27

Hi igor i just removed the rom ic from iphone6 and soldered to the ic removed usb pen drive(same memory sized usb drive) , and connected to pc. deleted that setup.app file from my computer the reconnected rom ic to the iphone 6 motherboard just phone turned on directly to the menu
Sohaib 2016-09-19 at 12:20

Please unlock my iphone
Abdi ismail 2016-10-14 at 12:44

Please how to remove icloud
Abdi ismail 2016-10-14 at 12:48

How to work DNA bypass system
Abdi Ismail 2016-10-14 at 13:15

Please help me how to remove iCloud my iPhone
Abdi Ismail 2016-10-14 at 13:20

iPhone iOS 6
Bryan paden 2016-10-21 at 03:34

Pls help me… How to remove Apple I.d
Jas 2016-10-23 at 07:20

Hi can anyone here remove iCloud activation lock for me
- Jack 2017-11-15 at 22:21
  
  I used this two days ago on a locked. iPhone 7. And. Unlocked it. iOS 11.0.3 Trying. A 6s+ right now. But. Not as lucky. Yet
Adhitya 2016-10-24 at 11:45

Hey Ighor, based on your dns trick I thought of this : why not make server reply to always make our iPhone or any other unlinked and ready to be used? With that way we could have a chance to overwrite the Apple ID to our own and/or jailbreak it. I don’t know man, just an idea.