Skip to content

fix(imagemounter): apply RestoreRequestRules when personalizing DDI#776

Open
qiuzilin wants to merge 1 commit into
danielpaulus:mainfrom
qiuzilin:fix/imagemounter-personalized-tss-restore-request-rules
Open

fix(imagemounter): apply RestoreRequestRules when personalizing DDI#776
qiuzilin wants to merge 1 commit into
danielpaulus:mainfrom
qiuzilin:fix/imagemounter-personalized-tss-restore-request-rules

Conversation

@qiuzilin

Copy link
Copy Markdown

Personalized Developer Disk Image mounting (iOS 17+) requests a signature from Apple's TSS server. Newer BuildManifests (e.g. iOS 26) no longer carry static EPRO/ESEC values on the trusted manifest entries; instead they ship RestoreRequestRules (on the LoadableTrustCache entry) that derive these fields from the request parameters.

Previously getSignature read entry.EPRO/entry.ESEC directly, which decode to their zero value (false) for these manifests. Apple then rejects the request with STATUS=94 (This device isn't eligible for the requested build) because a production + secured Img4 device must send EPRO=true/ESEC=true.

Parse RestoreRequestRules from the manifest and apply them (matching the algorithm used by idevicerestore / pymobiledevice3) so the correct EPRO/ESEC are sent. Verified end-to-end against a physical iOS 26.5 device, which now mounts successfully.

Adds unit tests for applyRestoreRequestRules.

Personalized Developer Disk Image mounting (iOS 17+) requests a signature
from Apple's TSS server. Newer BuildManifests (e.g. iOS 26) no longer carry
static EPRO/ESEC values on the trusted manifest entries; instead they ship
`RestoreRequestRules` (on the LoadableTrustCache entry) that derive these
fields from the request parameters.

Previously getSignature read entry.EPRO/entry.ESEC directly, which decode to
their zero value (false) for these manifests. Apple then rejects the request
with `STATUS=94 (This device isn't eligible for the requested build)` because
a production + secured Img4 device must send EPRO=true/ESEC=true.

Parse RestoreRequestRules from the manifest and apply them (matching the
algorithm used by idevicerestore / pymobiledevice3) so the correct EPRO/ESEC
are sent. Verified end-to-end against a physical iOS 26.5 device, which now
mounts successfully.

Adds unit tests for applyRestoreRequestRules.
@shamanec shamanec requested a review from danielpaulus June 23, 2026 07:07
@shamanec

shamanec commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Important change, I had to add those properties manually to the manifest so it would work 😅 I'd rather @danielpaulus approve it for merging though

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants