Today we will learn how to set NVRAM to your specific generator or nonce. This will allow you to easily upgrade/downgrade with tihmstar’s Prometheus utility. Do it just in case you get stuck in a bootloop or things go haywire.
Using Prometheus is very complicated due to collisions. Here’s the complete definition of collision.
Table of Contents
What is nonce collision?
- When you deploy a firmware on your device, it generates a random value knows as nonce. It then sends that value to Apple along with a hash of the firmware. Apple then combines and signs these values if it is currently signing that firmware version. Your device then tests the signature before proceeding with the set up.
- This is an aggressive security measure deployed by Apple. This is the you cannot simply use saved SHSH blobs. While you attempt to use them, your device generates a random nonce which has by no means been generated earlier. It is totally random and Apple will not sign it.
- However, some iOS devices generate one or a few nonces frequently. Nonce collision just means a device generates a similar nonce more than once.
- If you get Apple to sign one of the generated nonces through a signing window, it’s certain that your device will generate the same nonce again. This will allow you to reuse the old signature.
In short, loading your generator simplifies the upgrade/downgrade process significantly. If you set your nonce correctly, the whole process can be over in minutes instead of hours.
Generator can take a long time to get a collision. This will allow you to get a 100% collision on your very first attempt.
You need to use just one SHSH2 blob and make sure you remember it. If you have verified SHSH2 blobs, give this a go.
Note – This tutorial will not work for iPhone 7 and iPhone 7 plus and mach portal+Yalu beta 3.
Requirements
- A jailbroken iOS device with tfp=0 (iOS 9.1/10.0.1/10.1.1/10.2 b7)
- SHSH2 blobs (Check if they are valid here)
- Filza file manager
- MTerminal from Cydia
How to Load your generator/nonce [Method #1]
Step 1 Find your nonce. Find it from your .SHSH2 file in the noapnonce folder and it will there on the bottom right corner. You can open that file with any text editor.
Step 2 Open Filza to root directory and create new file.
Step 3 Change its permission to 755 by tapping the i icon.
Step 4 Copy the commands given below.
nvram com.apple.System.boot-nonce=[ENTER YOUR NONCE HERE]
nvram -p
Step 5 Open the file you created in step 1 with a text editor.
Step 6 Paste the above commands along with your nonce.
Step 7 Fire up MTerminal. Type su and your root password, which should be alpine.
Step 8 Type this command –
cd /
Step 9 Now type
./nonce
Step 10 Make sure get your nonce after com.apple.System.boot-nonce. This means it has been loaded into the NVRAM successfully.
How to Load your generator/nonce [Method #2]
Step 1 Transfer your SHSH2 blobs to your PC/Mac.
Step 2 Open your blob with a text editor. If you are using Mac, change the .shsh2 extension to .plist.
Step 3 Scroll to the bottom and find your generator.
Step 4 Open MTerminal, enter su, press enter and then type your password. Default password is alpine.
Step 5 Enter the following command –
nvram com.apple.System.boot-nonce=[ENTER YOUR NONCE HER]
Step 6 Now enter the following command –
nvram -p
You’re all set now. Keep the following things in mind –
- If you restart your iOS device, execute the following command nvram -p in MTerminal.
- Make sure the same nonce is present in there.
- If it is not present, repeat steps 7, 8 and 9.
Use SetNonce Tool on iOS 10.2 [Method #3]
Jailbreak developer if0xxx has released a tool called SetNonce 0.0.5-3. It automatically sets your generator into NVRAM. As of now, it supports only iOS 10.2.
If you are on iOS 10.2 firmware, use this method as it’s really simple and automatic. It takes care of everything and nothing has to be done manually. Here’s how to do it.
- Add if0xxx’s repository (http://if0x.github.io/) to Cydia.
- Install SetNonce.
- Open MTerminal, enter su. Press enter and then type your password (default password is alpine).
- Enter this command – setnonce_setup.
- Enter your Generator present in ota_blob/noapnonce folder.
- Your generator will now be loaded into NVRAM.
To check whether you have completed the process successfully –
- Reboot your iOS device.
- Re-jailbreak using Yalu. Follow this tutorial if you don’t know how to re-jailbreak.
- Enter the following command in MTerminal – nvram -p.
Your SHSH2 generator (nonce) will be automatically set after every re-jailbreak with Yalu. Developer if0xxx will add support for other iOS 10 firmware versions soon.
It is very important to reset nonce after each reboot. Some services such as OTAUpdate can request nonces and this will lead to generation of a new nonce. So to be on the safe side, this must be done after each reboot. Hope this clears the confusion.
It takes hours to write these tutorials so don’t forget to like us on Facebook and Twitter.
Does this mean my nonce is set?
backlight-level 1532
boot-args
com.System.boot-nonce 0xc1b531d4bd7b2a17
obliteration handle_message: Obliteration Complete
auto-boot true
oblit-begins OblitType: ObliterateDataPartition. No reason given.
Yes.
nvram: Error setting variable – ‘com.apple.System.boot-nonce’: (iokit/common) general error
on iPhone 4s iOS 9.3.5 (13G36) jailbroken with Phoenix.
I believe it’s not working with your device/firmware combination.
when i type the ./nonnce, it returns command not found
You are typing it incorrectly.