Skip to content

Instantly share code, notes, and snippets.

@dhinakg
Last active December 9, 2023 01:50
Show Gist options
  • Star 55 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save dhinakg/035dc585a0de54b6a34cf72a2a36016e to your computer and use it in GitHub Desktop.
Save dhinakg/035dc585a0de54b6a34cf72a2a36016e to your computer and use it in GitHub Desktop.
iOS/iPadOS 14.3 OTA

Upgrading to iOS/iPadOS 14.3 NOW

make sure you read the WHOLE THING

NOW IS POTENTIALLY THE LATEST YOU CAN DO THIS. 14.4 WILL LIKELY BE SERVED WHEN IT'S THE 26TH, IN UTC. THE END

"lies ur trolling stop"

Don't believe me? Look at r/jailbreak, or the r/jailbreak Discord. Try it yourself on a phone you don't care about jailbreaking. I can't make you believe me, but do your own research.

ok damn you better EXPLAIN buddy

ok for future reference assume iOS = iOS/iPadOS

note: all day counts are written as if the current date is April 7th. so adjust appropriately for current date


Apple has a feature where you can defer updates if your phone is supervised, intended for situations with corporate devices. The intention was to delay updates so that your company could properly test and validate them before allowing company devices to install it. However, you don't actually need an MDM (mobile device management) to use this - you just need your phone to be supervised and you can push a profile to it.

Specifically, this features allows you to defer updates for a configurable period between 1 and 90 days (inclusive). Let's assume we set this delay to 90 days. Here's Apple's update table: https://support.apple.com/en-us/HT201222

Specifically, let's look at the iOS portion:

header 14.4.2 14.4.1 14.4 14.3

Now look at when iOS 14.4 and when iOS 14.3 were released. As of the time of this post (April 7th), 14.3 was released on December 14th. That's about 114 days (given my math is right) from today. Now, 14.4 was released on January 26th. That's 71 days from today. Do you know what that means?

If you defer for 72 days or more, you can install 14.3 now.

Still don't get it? Imagine you moved back in time 90 days and checked for updates.

Now, if you wanted to go to 14.4.1 for some reason, it was released on March 8th, so 30 days ago. 14.4.2 was released on March 26th, or 12 days ago. So you'd have to defer updates for between 29 days (so you can install 14.4.1) and 13 days (so you can't install 14.4.2).

ok but whats the catch cuz there's gotta be one

You can only install the latest version available that complies with your deferral.

For example, you can't install 14.1. Since 14.3 was released over 90 days ago, since the max delay is 90 days, any update older than 90 days will not be delayable, and the latest update that satisifies that criteria is 14.3.

As this method is time based, you need to do it before 14.4 hits 90 days old.

That's April 26th.

You need to get your iPhone supervised.

What is supervision? Basically, it's a way for enterprises to have more granularity over their Apple devices. As Apple puts it: "During the setup of a device, an organization can configure the device to be supervised. Supervision denotes that the device is owned by the organization, which provides additional control over its configuration and restrictions." You can control features like disabling iMessage/Apple Music/AirDrop/etc, disabling Erase All Content and Settings, disabling modification of settings, global proxies, and key for use, enabling deferment of software updates.

However, you need to either wipe your phone to be able to supervise it, or if jailbroken, use a tweak (or edit a plist directly - see below) to toggle supervision.

More info on this below.

OK HOW DO DIS

Now there's two options here. Credit to Tanbeer on the r/jailbreak Discord for the latter.

  1. If you're not jailbroken - wipe your phone and supervise it with Apple Configurator 2 (on macOS, free), or with iMazing (on Windows, might be paid).
    • Already have data already? No problem. Back up your phone, wipe and prepare, update, then restore backup.
    • DON'T BACKUP IF YOU'RE JAILBROKEN
    • Restoring a backup will unsupervise your phone (unless you made the backup while supervised), so make sure you update before you restore your backup.
    • This is personally what I used, as I had a new in box iPhone SE with 13.4 installed.
    • more on how to do this later
  2. If you are jailbroken (or can jailbreak) - use a tweak that can spoof supervision. I've heard MyBloXX works. There's a good guide covering this here: https://ios.cfw.guide/updating-to-14-3.
    • I haven't tried this myself, but many people in the Discord are reporting success.
    • You will likely need to restore rootFS.
    • Instead of using the tweak, you can also edit /var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/CloudConfigurationDetails.plist. Find isSupervised and toggle it to on. Thanks to whoever found this first

Once you're supervised, it's fairly smooth sailing. You need to push a profile that will delay software updates: you can do this with Apple Configurator 2, or use this link from Froggy, which will delay for 90 days (so you'll end up seeing 14.3): https://cdn.discordapp.com/attachments/688122301975363591/829232841774596096/90_Day_Delay.mobileconfig

Once you do this, you should be seeing 14.3 (or if you included a different delay in your profile, some other version) in Settings.

Making your own profile and installing it

This uses Apple Configurator 2, which is only available on macOS. If someone can contribute a guide using iMazing that would be helpful.

  1. Download Apple Configurator 2
  2. Open it
  3. Click File > New Profile
  4. Change the name if you want
  5. Click on the Restrictions tab, then click Configure.
  6. Scroll down to "Defer software updates for days" and enable it.
    • Leave the defaults for all the other options here so no other restrictions get enabled (unless you want them).
  7. Set the limit to your desired value, between 1 and 90 (inclusive).
  8. Save the profile and close the window

You have two options here now:

a. Transfer profile to iPhone through some other method

b. Use Apple Configurator 2 since you already have it open

  1. Plug in your iPhone and double click it in Apple Configurator 2
  2. Click Profiles at left
  3. Drag in the profile that you just created
  4. Wait for it to install. If using a tweak to spoof supervision, Apple Configurator 2 will probably prompt you to accept installing the profile on device as it thinks you aren't supervised, but it'll work fine.
  5. Profit

FAQ (credit to nyuszika7h#0001 on Discord for part of this section)

Does this work on all devices?

It's supposed to, as it's a feature built in to iOS 11.3 and up. However, A14 is having issues due to a personalization error when attempting to install. There are no current known workarounds for this.

For other devices, see the next entry.

It says "Unable to verify update"

This started happening after this blew up, so I'm guessing it's server load. A VPN may work.

A14 is having issues, no known workaround

If not on A14, make sure you restored rootFS.

It also appears that being on an SEP higher thsn your target OS may cause this issue. Specifically, iOS 14.4+ SEP when trying to OTA to 14.3 appears to be causing issues. Since the OTA cannot downgrade the SEP, an error results.

So basically if you used futurerestore with --latest-sep after January 26th, or manually specified a iOS 14.4+ SEP, you're on iOS 14.4+ SEP and this won't work for you. If you're on iOS 14.3 SEP or lower, you are fine and you should retry instead.

iOS 14.4.1+ SEP and trying to OTA to 14.4 does not seem to have issues. This is because iOS 14.4 and 14.4.2 have the same SEP.

Is erasing after required

No, this was thought to be needed to remove supervision spoofing but there are other ways to do it (scroll down).

It says iOS is up to date

Remove any beta profiles (including tvOS profiles) - these profiles will block updates. Delete /var/mobile/Library/Preferences/com.apple.MobileAsset.plist and ldrestart/userspace reboot. or Install OTADisabler and uninstall it, then ldrestart/userspace reboot.

"Software Update Failed: An error occurred downloading iOS X"

Apple servers seem to have issues, I couldn't download 12.5.1 on a test iPhone 6+ but I couldn't download 12.5.2 either, so it doesn't seem like they intentionally killed the method

If it says "Unable to check for updates"

Grab OTAEnabler or Restore rootfs, rejailbreak with u0 and have "Disable updates" turned off

It just freezes

Re-enable OTA daemon using iCleaner Pro

It shows 14.4.2

Make sure you're supervised - there should be text at the top of settings. Also make sure you installed the right profile. The PAC profile from MYbloXX settings is not what you want, use the profile linked above or the instructions to make your own.

Can I remove the profile after I do this?

Yes

Will this work for downgrades?

No, see SEP info above.

Does this work for ie. updating to an older iOS 13 version?

No, as the latest iOS 13 update is over 90 days old, you can't delay it.

However this does work to delay 12.5.2 as it's under 90 days old

Does this work for iOS 14.3 RC to stable iOS 14.3?

Maybe, maybe not. Some people have reported success, others failure. ymmw

This has now been found to be tied to SEP as explained above; if you futurerestored and ended up on 14.4+ SEP you cannot do this.

Can you save blobs?

You can dump your blobs right now but you can’t use them with futurerestore without a bootrom exploit, which means they would not work for A12 and above.

How do I get rid of this supervision thing

You can install whatever tweak you installed to spoof supervision again, and disable it from there. You can also edit /var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/CloudConfigurationDetails.plist again and disable isSupervised. Otherwise, (but this is the nuclear option, unless you did this unjbed, in which this is the only option) Erase All Content and Settings.

OK but how does this work if the OTA is unsigned

Alright it appears a request is made to Pallas with 3 extra keys being the clincher: DelayPeriod (integer between 1-90), DelayRequested (true), and Supervised (true). The server will return with a 400 if your delay period is not between 1 and 90 (inclusive). This is how the OTAs are being found, so delayed software update handling seems to be entirely serverside.

Still don't know how signing is validated though. Will update soon

Credits

Apple: implementing this in the first place

Tanbeer#4750 on Discord: Realizing spoofing also works and figuring out you can do this with iMazing

CoocooFroggy#7742 on Discord: Providing a profile link for others to use

dabezt#2228 on Discord: Helping prove this actually works

MasterOfMike#8063 and CoolStar: Connecting the verify errors to higher SEP

@Crazor
Copy link

Crazor commented Apr 27, 2021

@dhinakg: yes, I was, on both the mini 4 and the X. Did restore the rootfs before installing the OTA update on both.

@Hukuma1
Copy link

Hukuma1 commented May 24, 2021

Is it possible to bypass the April 26 hard cap by making the IPSW file be "downloaded" from local/spoofed server? Dupe the phone into thinking it's downloading the update from Apple.com servers? This way we could even set our own date/time and always be within the 90-day window?

@dhinakg
Copy link
Author

dhinakg commented May 25, 2021

No, you still have TSS to deal with. I'll update the post to talk about that soon but I'm really busy right now.

@Grisu70
Copy link

Grisu70 commented May 30, 2021

The ota 90 days is still unacessible to a14 devices? Or it was a problem of ios 14.3 only ?

Tks in advance

@PointBreakk
Copy link

I have iPhone X on iOS 11.4.1 and did everything like your guide and I’m still getting 14.8.1 without OTA delay 14.8 . Of course I already modified the mobileasset.plst . And when I add OTA delay 14.8 it’s says Unable to check for update . Same thing goes with my IPAD 6th generation on IOS 12.1 . Any suggestion. Should I update to 14.8.1 both devices or keep trying . What do u recommend

@bigrich0272
Copy link

bigrich0272 commented Jan 13, 2022 via email

@Dani20000
Copy link

@PointBreakk
You installed the wrong profile. It wasn’t your fault, i think the link you clicked for the 14.8 profile in ios.cfw.guide is actually the profile for 14.8.1 (at least this happened to me when i tried it two days ago). You have to repeat all the steps with the correct profiles (the beta one and the “alternate” one in dhinakg.github.io/delayed-otas.html) and also, for the “unable to check updates” problem, the only thing you have to do is to make sure that whenever you restore rootRS or rejailbreak the “disable updates” is turned off. Here is the step by step to do so (It’s the same thing written in ios.cfw.guide and in tutorial-alternate.md github page):
First, just to be safe:
-remove any profiles installed
-reboot
-restore rootFS but make sure “Disable updates” in the unc0ver settings is turned off
-rejailbreak always with “disable updates” turned off.
-install the SupervisedEnabler tweak from the ichitaso repo
Then:
-install this Beta profile (It’s the same as the ios.cfw.guide guide)
-if it tells you to reboot, do so, but remember to rejailbreak with disable updates turned off
-install the 14.8 (18H17) profile marked as “alternate” in this page: dhinakg.github.io/delayed-otas.html (for the iPhone use the one under “iOS (all other non-legacy devices) and for the iPad the one under “iPadOS”)
-install filza
-navigate to /Library/Managed Preferences/mobile/com.apple.MobileAsset.plist
-Set MobileAssetAssetAudience to c724cb61-e974-42d3-a911-ffd4dce11eda
-SAVE
-reboot
-check if in software updates now is displayed version 14.8
-if so, restore rootFS (always with “disable updates” turned off)
-reboot
-Now you can update
-once updated, remove the profiles
-if you want to remove the supervised thing, rejailbreak (now you can leave the “disable updates” on), install the same SupervisedEnabler tweak from ichitaso, then uninstall the tweak.

This should work. I think (no guarantees, of course). Tell me if anything goes wrong

@Aholicknight
Copy link

Does this guide still work with Apple Configurator? This is what I did, and it still does not show the delay OTA software update:

  1. Supervise the iPhone 6s with Apple Configurator
  2. After the iPhone is in supervision, I downloaded the DelayOTA profile from here: https://dhinakg.github.io/delayed-otas.html
  3. Right click on the iPhone in Apple Configurator, Goto Add and then Install Profile
  4. Restart the iPhone
  5. The profile is now installed on the iPhone, but the profile is not signed. If I goto software update it says "Your iPhone is running the latest software update allowed by your administrator"

And this is where I am stuck, on the sixth step. If anyone can figure out why this is happening that would be great. Thank you!

@mailinglists35
Copy link

hey @dhinakg could you please help re-enable OTA on a A15 device restored from a backup that was made while jailbroken on A9 (u0 + mikoto + icleaner pro)? currently running 15.0 and trollstore/filza

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment