Hi everyone. Many people asking me about flashing custom iOS firmware with patched Setup.app and I decided to make an experiment and verify it. In theory, you can flash modified firmware and unlock the device using patched firmware. If you read instructions to modify firmware it sounds like it should work.
I got decryption keys and modified it by myself, and always got error 14 while trying to flash it to iPhone 5. First idea of problem is that it encrypted incorrectly or maybe used different file structure. I decided to make simple experiment that will makes understand is it even possible to flash not modified, but custom firmware.
I added 1 byte to the end of iOS firmware dmg file and verified that file system structure is easy to decrypt and unpack, so it not damaged after modification. So I was sure that iOS device will unpack it without errors and it 100% valid firmware. Finally, I tried to flash it, but always get error 14 via iTunes, and also tried Pangu and other ways to flash the firmware.
- iTunes or any app just uploading unpacked firmware files to an iOS device.
- iTunes send a command to device “start flash”.
- iOS device verifies files itself and validates checksums.
- If the checksum is correct than firmware being flashed, if no, then failed.