How to set a generator with nonceEnabler on iOS 9 and 10

First off, this guide is only necessary for 64-bit devices which are currently jailbroken on old firmwares, such as iOS 9 and some versions of iOS 10. The jailbreaks for those firmwares did not always include a way to set a generator for use with futurerestore, and nonceEnabler provides that ability. Nearly all newer jailbreaks provide their own simpler ways of setting a generator, and they do not need to use nonceEnabler, nor this guide. If your device is not currently jailbroken on an old firmware such as the ones mentioned in this guide, and/or has its own method of setting a generator, refer instead to our main futurerestore guides.

Before you begin following the instructions, read the entire guide and watch tihmstar’s video which outlines the process visually. This will save time and prevent errors. Make sure you have all the required files ready before you begin. These are listed in the introductory article. Be prepared to continue from this guide to Part 2 of our futurerestore guide immediately afterward. Have both open, and leave enough time to follow them one after the other.

This guide uses iOS 9.3.3 as an example, whose jailbreak requires using nonceEnabler to set a generator. It can also be used for any other starting firmwares whose jailbreaks require nonceEnabler to set their generator, and with which nonceEnabler is compatible.

Instructions

0) Ensure your device’s jailbreak does not provide a simpler method of setting a generator without using nonceEnabler. Once you are sure that it does not, and that you do indeed need to use nonceEnabler for your firmware, ensure that your jailbreak has tfp0, and that it is active. On iOS 9.3.3, that means re-jailbreaking with Luca’s JailbreakMe website. Users on older firmwares must check that their jailbreak has tfp0, and install a patch themselves if not.

1) Create a folder on your Desktop and name it nonceenabler.

2) Download the nonceEnabler tool, and place it into the folder on your desktop.

3) Copy the .shsh2 blob for the firmware you want to move to, and paste it into the folder on your desktop too.

4) Note down the generator from your .shsh2 blob.

a) If your blob was saved without a specific nonce, the generator can be found inside your blob file:

To get it, open your .shsh2 file in a text/plist editor of your choice (I use TextEdit or TextWrangler). Hit cmd-f and type in generator to find the generator field. Copy the generator value, and paste it somewhere safe for later. Close your .shsh2 file without accidentally making any edits.

If your blob has no generator field in it, you may have saved it with a specific nonce, so try Step 4) b).

b) If your blob was saved with one of the five specific nonces which tihmstar provided on his blog:

In this case, tihmstar has provided the generators in the description section of his video guide, where you can find them.

5) Open the Terminal application from /Applications/Utilities, or via Spotlight.

6) Connect your device to your computer.

7) SSH into your device by typing:

ssh root@YOUR_DEVICE_IP_ADDRESS_HERE

Replace YOUR_DEVICE_IP_ADDRESS_HERE with your iOS device’s IP address.

If you do not know how to SSH into your device, or do not know its IP address, follow my full guide on how to connect to your device using SSH.

8) Enter your device’s root password if prompted. By default, the password is alpine, but if you followed my SSH guide linked above you should have changed it, and so should enter your new password instead.

9) Once your device is connected via SSH, leave the Terminal window with SSH open and running, and minimise it.

10) Open a second Terminal window.

11) At the Terminal prompt, type cd, then drag the nonceenabler folder from your desktop onto the Terminal window, and hit Enter.

12) Now type:

scp nonceEnabler root@YOUR_DEVICE_IP_ADDRESS_HERE:

Replace YOUR_DEVICE_IP_ADDRESS_HERE with the IP address of your device, which you used to connect to it in Step 6. Please remember the colon at the end of your device’s IP address.

13) Terminal should show the nonceEnabler file being transferred to the device.

14) Enter your device’s root password if prompted. By default, the password is alpine, but if you followed the guide linked in Step 6 you should have changed it, and so should enter your new password instead.

15) Now return to your open SSH Terminal window, which you minimised in Step 8. The command prompt should read root#.

16) At the prompt enter the following command to run nonceEnabler:

./nonceEnabler

17) You should now see output as nonceEnabler attempts to patch the kernel. If it does not complete quickly, with only one line of “patching bytes at…”, then it likely has not worked. If many lines of patching appear, try rebooting your device and following Steps 4-15 again until it works. (Remember to re-jailbreak after rebooting if you are on a semi-untethered jailbreak, and use a method with tfp0 enabled).

18) Once the output of Step 16 reads “done patching” without having printed too many lines of bytes, and without crashing, proceed to Step 19.

19) At the prompt, type:

nvram com.apple.System.boot-nonce=YOUR_GENERATOR

Replace YOUR_GENERATOR with the generator from your own .shsh2 file, which you noted down in Step 4.

20) This should set the generator in nvram so that when we reboot, the device should generate the corresponding nonce. We can then use our saved blob, because the nonce it was saved with will match the nonce on the device. To check that the generator is saved correctly in nvram, type the following command at the Terminal prompt:

nvram -p

Terminal will print out all the boot commands for your device. Make sure that you can see com.apple.System.boot-nonce in the list, and that it has your generator value set.

21) Now type the following command in Terminal:

nvram auto-boot=false

You can check this value is set correctly the same way we did in the previous step, with nvram -p. Look for the auto-boot flag to be listed, with the value false.

Do NOT close the Terminal windows, restart your device, or disconnect your device after Step 21!

Continue straight on to Part 2 of our futurerestore guide and use futurerestore immediately!

If you don’t want to use futurerestore right now, do NOT stop here! Follow the section below to properly cancel the procedure.

If you are not about to use futurerestore now, do this!

1) At the Terminal prompt, type:

nvram auto-boot=true

2) Type:

nvram -p

Make sure the auto-boot flag is set back to true, otherwise your device will not reboot back to normal mode, it will keep booting back to recovery indefinitely.

3) Type:

reboot

This will reboot your device back to normal. You will have to go through this guide again in future if you wish to use futurerestore with nonceEnabler.