In today's video we're gonna bypass iOS 9.3.4 (Genoa) on iPhone 5 using Custom Fimrware (CFW) that we're going to build using Setup.App Patch released yesterday. The process involves a lot of tasks, so pay attention and consult the F.A.Q. page!
The NAND attack works using a flaw in ASR (Apple System Restore). Actually, ASR firstly copies the payload on the phone's NAND, before checking it's hash, thus creating a cache file of the entire ROOT File System, that we can deploy by forcing the Partitioning NAND (28) function in LibiMobileDevice.
This is still a work in progress, as you can also see from the video, it might still give errors, it is your turn to try to debug them, and check the F.A.Q. page and the channel for fixes. Some devices are not vulnerable. Especially the 16 GB devices who seem to rarely cache the files due to the limited space. But his is not a general rule. Trying this method is free, and will remain free.
This is the only thing you can really try on your locked device. The other method that works, is changing the motherboard which is not cheap and most of the times, results in another scam because people sell locked motherboards on eBay as unlocked and the story loops. Pay attention!
Some parts require OS X (MAC or Virtual Box on Windows)!
For legal and personal use only. You are the only one liable for the way you decide to use this tutorial. For Educational use.
==Download Section and Tools==
Setup.App Patch: https://www.youtube.com/watch?v=Zx9NYR9q-E4
Plist Editor: http://www.icopybot.com/plist-editor.htm
Firmware Manager: https://www.theiphonewiki.com/wiki/F.C.E._365_Firmware_Manager
ROOT KEYS: https://www.theiphonewiki.com/wiki/Firmware
==MUST BE READ FOR DEBUGGING==
F.A.Q. Page: https://fce365.info/f-a-q-cfw-bypass/
iOS 9.3.3 Tutorial: https://youtu.be/tFcsC9kGKQQ