Here is an information paper we'd recommend you to read BEFORE trying the tutorials from F.C.E. 365 TV. Those rules / details ain't new, they are collected from various videos of mine, but I guess it is better to have them in a single place so that people knows better what is what. READ CAREFULLY BEFORE POSTING ANY COMMENTS.
Q: "Can you upload CFW for X.X.Y?"
A: Uploading CFWs is considered illegal, also my current internet plan is metered, which means if I upload 28 GB (total for 5 iPSWs) I will pay a lot.
Q: How does Lilo app behaves?
A: The app I built simply uses a modified PLIST that should be parsed at runtime. If the modified module is not parsed successfully this signals a bad bypass, if your receive a positive note, it's all right. You don't need to keep the app installed after checking.
Q: What about the videos?
A: The proofs in the videos have the role of PoC (Proof of Concept). Not all devices I've ever tested have passed, in fact only 4 devices out of 20 tested have pushed the file using the bug, it is very random and unfortunately not exploitable in a controlled manner without an iBOOT exploit.
Q: Can I downgrade using this method?
Q: What is error 3194 and Error 17?
A: you are using an OLD iOS version IPSW. Apple doesn't allow downgrades. you probably followed an older tutorial. Please make sure the iOS IPSW you try to restore is signed. iOS 10.2, iOS 10.2.1 and iOS 10.3 are not signed anymore.
Q: "Can I bypass 100% with carrier (SIM CARD)?"
A: No. On CFW the Network will NEVER work unless you can replicate the wildcard ticket via SSH (requires Jailbreak / EXPLOIT).
Q: How does Setup.App Works?
A: Please check this documentation about Setup.App
Q: "Does this work from the first time? Is guaranteed bypass? Money back? What is the price?"
- It is NOT PAID. IT IS FREE. No need to pay nothing.
- No it doesn't work from the first time. If you aren't lucky it might never work in fact. It is a project – not finished.
- It is a WORK IN PROGRESS that goes depending on what Apple changes inside the files.
For example, due to Apple leaving the iOS 10 ROOT FS DECRYPTED, we were able to create a CFW, for some might work for some not. Work in progress = Work in progress.
Q: "When you post video about bypassing X / Y model?"
A: I am not fortune teller. If I will ever find something at least interesting, I will let you know. If it doesn't exist on the channel, I didn't post it yet. Nothing falls from sky, we have to develop it first.
Q: Why does the service (SIM CARD) doesn't work after bypass on iPhone 4S and up?
A: Because the bypass consists in forcing the Setup.App not to start when the phone starts, therefore, the Activation screen is being skipped, but because lockdownd binary (LockDown Daemon) does not find a WildcardTicket.Plist file in the Activation Records, the phone has no idea if it is locked to a specific carrier, or if it is neverlock, hence, the Baseband gets a soft brick. This does not prevent the WiFi and the Bluetooth from working because only the SECZONE is corrupted. The cellular data can't be restored unless you somehow gain access to the ROOT File System to put your own Activation ticket and patched lockdownd file.
Q: What if I use Gevey SIM or R-SIM (or any other interposer).
A: Nor Gevey or R-SIM or any other interposer can fix the corrupted SECZONE, because the phone lacks the Wildcard Ticket (personalized to your IMEI and Serial). Don't spend your money on such interposers, for this scenario they won't work.
Q: Can I do this on 64 GB? 32? 128?
A: I never had success on 32 GB an up (didn't actually hold serious tests tho), but for the moment assume it is imposible on anything past 16 GB.
Q: Can I jailbreak after bypassing?
A: Depends. Pangu does not let you do that if the device is locked, but after bypass you might be able to bypass as the lockdownd file does not freeze the Speringboard.app
Q: Does it really need to be LibiMobileDevice for restore?
A: NO! Libimobiledevice does nothing special. We only use it because it offers a perspective on the restore progress (via Terminal log). Don't bother the guys from Github Libi with iCloud Bypass questions. It's not their domain and neither their point of interest.
You can use iTunes, iTools 3, Libi or any other tool that can restore IPSWs. The effect is similar because the process is similar. iTunes is expected to get patches from Apple against CFW (happened in the past), but iTools 3, libi and so on not.
Q: "Which devices are compatible / being researched?"
A: Mostly, x32 devices but x64 started to earn advantages now after iOS 10 killed an inherited issue, the lack of keys for decryption. Now you no longer need them keys, making x64 as easy to modify as x32.
Q: Is there anything I can do / buy to fix No Service issue on iPhone 5 or up bypassed?
A: No. At this moment, no there is nothing you can do. (Unless you buy a new motherboard of course, but pay attention, scammers tend to sell locked MOBOS!).
Q: During the restore, I get Error 53 in iTunes. How to fix it?
A: This means you used an aftermarket Touch ID Sensor / Screen. Put your phone in DFU Mode and restore it with freshly downloaded iPSW, this will fix the issue but your Touch ID won't work if it is not the original.
Q: Do you accept donations?
A: No. You are NOT allowed to donate. You can still send files from jailbroken devices for development.
Q: Is there any full method I can use right now that is not in work in progress?
A: No. Unless you change the hardware parts (chip or MOBO).
Q: "What is Error 14 on CFW iOS 10?"
1) The CFW method is based on a very unstable BUG in the restore process. Not all device variants trigger the bug and pass the CFWs, if you try 10 times with no luck, then your device WILL REQUIRE EXPLOIT to push the CFW. Unless you find one, there is no point into trying the CFW anymore.
This is normal. Usually, this method would require you to patch ASR, iBEC, IBSS and LLB to get a smooth restore (see iPhone 4 example). But there are no public exploits right now. We're working in the background on developing / finding exploits but for the moment, if your device isn't weak enough to pass the CFW after multiple attempts, you must wait for an exploit.
Exploits are always found but remain unpublished by devs. See, Jailbreaking uses 10-12 exploits per tool to make the Jailbreaking process possible. Every new Jailbreak means a lot of new exploits.
If you wanna test the validity of the CFW method, and you don't hold an exploit for newer devices, tests can be done on iPhone 4 to create a PoC. On iPhone 4 and lower, there is Limera1n. A very powerful BOOTROM Exploit (there is a difference between iBOOT and BOOTROM). When an exploit will be publicly released, all devices supported by it will be able to restore CFW from the first attempt without any error. Until then, we either try various methods: forcing CFW, DNS Bypass, Setup.App Crashing via Emojis and so on, or wait. You can also consider hardware unlock. It is not that cheap and require soldering / electronics experience. You can seriously damage your device if you solder the chips wrongly or if you melt transistors near the chip during the process. Leave that only for experts…
3) Apple said that it might be an error with USB Connection HERE
By USB error it doesn't mean the cable is faulty, it can be the iTunes that stops the restore or disconnects the USB phone due to the CFW being incompatible. Usually CFWs have significantly greater success rate if the device is PWNED (PDFU), but even in this situation it can easily fail.
4) There is no easy fix for this as there are verifications in place which require an exploit to be patched.
Q: "I got ASR Error (80) / (110) what Can I do??"
A: Well, we're working on a general fix, but without a public exploit is not possible to fix that. Some devices work from 3rd, 4th 5th attempt to circumvent this issue, some fail with ASR even if you try 300 times. That's simply the way different devices act to this custom IPSW. THE FIX EXISTS. There are the ASR.PATCH files meant to patch the Apple System Restore (ASR) from giving any error, but that requires you to use ASR, iBEC and IBSS Patches which in term, require an exploit!
Patching ASR is simple, you need to disassemble the ASR application located on ramdisk/usr/sbin folder, and to patch the second instruction, "Image failed signature verification" to redirect to the first scenario, which is the "Image failed signature verification". This will prevent ASR from giving HASH-related errors.
This is the ASR Verify part that you need to patch (use IDA Pro or Hopper):
__text:00014204 loc_14204 ; CODE XREF: sub_13AB4+61E�j __text:00014204 ; sub_13AB4+73E�j __text:00014204 LDR R3, =(off_235E8 - 0x1420A) __text:00014206 ADD R3, PC __text:00014208 LDR R3, [R3] __text:0001420A LDR R3, [R3] __text:0001420C CMP R3, #0 __text:0001420E BEQ loc_1427A __text:00014210 LDR R0, =(aImagePassedSig - 0x14216) __text:00014212 ADD R0, PC ; "Image passed signature verification" __text:00014214 BLX _warnx __text:00014218 B loc_1427A __text:0001421A ; --------------------------------------------------------------------------- __text:0001421A __text:0001421A loc_1421A ; CODE XREF: sub_13AB4+622�j __text:0001421A ; sub_13AB4+628�j ... __text:0001421A LDR.W R0, =(aImageFailedSig - 0x14222) __text:0001421E ADD R0, PC ; "Image failed signature verification" __text:00014220 BLX _warnx __text:00014224 MOVS R2, #0x50 __text:00014226 B loc_1426E __text:00014228 ; ---------------------------------------------------------------------------
Source: The iPhone Wiki
The iPhone Wiki has a very clear instruction on patching using the XREF method. ASSEMBLY KNOWLEDGE REQUIRED! (Who said iCloud Bypass is easy?)
ASR can be patched by finding a xref to a string "Image failed signature verification" and patching the first instruction at the preceding label to branch to the previous label, which is the success case "Image passed signature verification". On ARMv7 this branch is usually 'F3 E7' (Thumb mode, instruction B (branch) to address -0x16 relative to opcode address).
Keep In mind, modifying the RAMDISK requires iBEC / iBSS Patching as well, and without an iBOOT Exploit you cannot load the patched iBSS and iBEC on a normal way, use iRecovery to manually send and call the files either way, you will get errors from libi! iRecovery is available for both MAC and Windows.
For the moment, we're also researching this error, so the fixes might appear from time to time. I recommend you to subscribe to stay updated, usually these fixes get patched shortly after release, and if you see the video 2 months after being patched, is for no use anymore.
Q: "Where can I get the latest patches for iBEC, iBSS and ASR?"
A: On the Channel. Always look at the latest video about that thing. Older videos clearly address older firmware versions, but I always add the version in the video title to make things easier. You can also find all released patches on the PATCHES PAGE.
Q: "How can I fix "Done sending FDR Trust?"
A: Yes, you are most likely trying to restore an iPhone 5S, 6 or 6S (x64) using a deprecated version of LibiMobileDevice (or Firmware Manager). CFWs on x64 devices are in the alpha stage, there is still a lot of research to be done. There are no keys, no exploits, no leaked files, no dumps and things move slower than on x32 where you have a lot of info to work with. Please be patient. Also, you can find the updated LibiMobileDevice version on the channel.
Q: "How can I fix "Waiting for Device" on LibimobileDevice?
A: We have a permanent fix for that, check out here. It works regardless of version.
Q: What about TransMAC errors while trying to open the DMG?
A: Starting with iOS 10.3, Apple has changed the file system format from the old HFS+ to APFS which in term is no longer compatible with old DMG handling tools – TransMAC included. The only way to open an APFS DMG file is on macOS Sierra (where APFS is supported). There is currently no way to open APFS DMG file on Windows or Linux.
Q: "Can I use this RESEARCH on my stolen device?"
A: Of course NO. You are NOT allowed to use this in any illegal way.
Q: "Can I copy your videos on my channel?"
A: No. If you are caught doing that (you can't hide, we use Content ID), you will receive Copyright Strikes and the videos will be taken down from your channel. At 4 strikes, YouTube automatically terminates your channel with no possible way to recover it.
Q: "When you will make research on iPads?"
A: I have no idea, I don't own any iPad and I am not really interested in them. Maybe some day.
Q: "Is iPhone 5S bypass-able?"
A: Kinda. On iOS 10 due to the fact that the ROOT FS is no longer encrypted with AES key, chances are for you to restore a CFW with no issue. The process is similar as on iPhone 5 iOS 10 iCloud Bypass as the iPSWs are similar. I managed to decrypt and completely disassemble the iPhone 5S Kernel, which give me big hopes for the future of x64 Jailbreak and Research on iCloud Bypass. The fact that keys are required no more is already a huge step. In fact, the lack of keys was the only problem that prevented us from doing research on AARCH 64. Although it is now easier, it doesn't mean it works on all variants of iPhone 5S. The smaller the NAND space, the better, but it is not a rule.
The research on iPhone 5S and x64 in general has just begun, so YOU MUST BEAR IN MIND that it is buggy, it might not work for your particular device while for others might work with no issue, or it might work for you and might not work for others. That completely normal because iPhone 5S has multiple revisions (variants).
Q: "I am a dev. Can I have a full iOS 10 Beta iPhone 5S Kernel Dump list with all kexts? Wanna mess with it a little ^^"
A: Sure! I uploaded it for you here: GeoSn0w-Full-iPhone5S-KernelKexts
Q: "Who is the target group of your videos?"
A: Mostly, Developers / People with programming / iOS knowledge. As it is a work in progress, It might pose serious difficulty on an average users. You must keep in mind the idea that there are still errors to be fixed in some cases and if you find something (a fix, a workaround), you might share it.
Q: "What is this channel for?"
A: I created F.C.E. 365 TV iDevice Central to share my knowledge and my research in iOS Security and Jailbreak it is more like a sketch notebook. Provides a lot of interesting info about iOS. This channel is strictly providing research info and comes with no guarantees. Try not to take it as a service for bypassing2go. It is not. Unless you are willing to learn with us how these devices work internally, it is probably not suitable for you.
Q: "Do you offer any paid iCloud bypass?"
A: No. And I never will.
Q: "What would make a CFW work with lower error rate?"
A: An exploit (iBoot, LLB / BootRom). I explained why on the page (up).
Q: How does an exploit work? What's that?
A: Here I've written a fully detailed whitepaper about exploits with a practical OS X example, I strongly recommend reading and trying to understanding it.
Q: "I think is fake because I get error x / I am a troll / I want attention"
A: Ok, go to other channel that is not fake. You clearly don't understand what WORK IN PROGRESS Means! Bye.
Q: "Somebody said you are fake".
A: Yes, there are people who do criticize CFW methods due to various reasons, but mostly because replicating the result is very hard and many have errors during the process. Usually they did not read this page and they believed it is a full method, despite the warnings stating is not. I don't have a fix for that.
Q: "If you don't give me file X or if you don't release video Y I give dislike to all videos"
A: Go ahead. Make sure you don't forget any one. LMAO.
Q: "Do you Jailbreak / Research Jailbreaking?"
A: Nope, at least not publicly yet.
Q: "I always get error X, Y"
A: Yes, as I said, not all devices work with this method, especially newer devices that are in WORK IN PROGRESS.
NOTE: On the YouTube Channel the SPAM filter is set to biggest. Most of the comments require approval. DON'T Post 1-mile long error logs, YouTube will take it as spam, instead send them to firstname.lastname@example.org and when I have time I check them.
* Now Channel Rules! (As any other organized channel, we have some internal rules to keep the community clear and readable).
Rule #1: If you copy our work (i.e name (F.C.E. 365 TV), (GeoSn0w) (iDevice Central), or the logo or the videos, expect Copyright strike. I think it is fair enough. Of course, you can obtain a permission from us to use any of these in your title but you must have the written permission before you can use them.
Rule #2: If you consider it fake just because it gives errors / it is a work in progress, then please, kindly don't watch, leave the video (you can even dislike). These videos are ONLY for those who DO understand everything I published on this page. It is more a developer thing.
If you thought you can come here and bypass a couple devices and sell them, you are NOT in the right place. This is a development community, not a GSM store. You can still subscribe to learn more about the iOS / iDevices, but be civilized.
Rule #3: Don't CUSS! Yes, we want normal, respectful comments. Don't swear, don't pick up fights with other users, discuss ideas in a civilized manner.
Rule #4: Don't demand! Developers are NOT factories. If something is finished, it will surely appear. Some things can't be released (like Exploits) due to security measures.
Rule #5: Stay on-topic. If the video is about Jailbreak and you are interested in iCloud and don't wanna see Jailbreak videos, simply leave and come back when you see what interests you. Don't post questions that are not related to the video and expect any reply. If you have a question find an appropriate video. Keep it clean.
Rule #6: Stop selling F.C.E. 365 Firmware Manager on eBay for 20$ or any other price. I made that App FREE and the only genuine link is the one from this page (that goes to The iPhone Wiki).
Rule #7: DON'T Post the same question multiple times, that is SPAM and YouTube will automatically flag it.
To sum up, this is a development community, the channel is more over a sketch notebook for my ideas, if you find an error, try to fix it, if you can't then try to understand where it fails and what it takes to fix it. There is no such thing as "impossible". If jailbreakers can, so can you. (If you learn).
I am doing my best to reply to as much comments as possible, but I have a real Job and I do these research things in my FREE TIME. Please do understand.
That's it. It might look like there are too much rules, but all these rules keep the community a warm place.
Page Last Modification: 04/26/2017 (April 2017)