As iOS 9.3.4 is still signed and has all Firmware Component Keys published on The iPhone Wiki, I decided to create the tutorial for iCloud Bypass using NAND Attack (LibiMobileDevice CFW Restore) on Windows (No Mac / OS X Required at all).
This is particularly better because you don't need to combine two different iOS file systems as 9.3.4 has all keys published, and you don't need to use Disk Utility on OS X (which makes it better for Windows-only users).
The NAND Attack works by exploiting the ASR (Apple System Restore) that has a flaw in its working criteria.
ASR firstly copies the whole ROOT FS (modified or not) inside the NAND (the storage microchip of the phone), and after that checks it. During the copy part, a cache of the ROOT FS is being created and even if the signature fails, the cache is not being removed, hence the exploitation by multiple attempts.
Every restore ends with a code (exit code) that is stored inside the phone.
LibiMobileDevice also creates a cache file of the ROOT FS.
Disclaimer:
This tutorial is made for EDUCATIONAL and RESEARCH Purpose ONLY. You are the only one liable for: damages, issues or the way you decide to use the tutorial. No guarantees are given. The tutorial and the files are provided "as is".
Keep in mind that:
It is crucial to read the F.A.Q. page linked down bellow if you are a beginner and you face issues. Keep in mind that NOT all devices are compatible. 16 GB devices tend to have a higher success rate, but this is not a rule, just a personal observation.
This video contains multiple proofs.
==Download Section==
The Patch:
Firmware Manager: https://www.theiphonewiki.com/wiki/Firmware_Manager
LibiMobileDevice: https://www.youtube.com/watch?v=9bObMycOZtI
PlistEditor: http://www.icopybot.com/plist-editor.htm
TransMAC: http://www.acutesystems.com/scrtm.htm
==Additional Info==
Keys: https://www.theiphonewiki.com/wiki/Firmware
F.A.Q: https://fce365.info/f-a-q-cfw-bypass/
Patches: https://fce365.info/patches/
