It’s time to grow up

AppleTV jailbreaks, for those who were even aware of their existance, have always been seen as novel at best. And justifiably so! Compared to iOS the changes that can be made to your device are minimal. It should come as no surprise then that the single most common question we see when announcing a new AppleTV jailbreak is: Why?

Why jailbreak the AppleTV? For me the answer has always been the same, freedom. “This feature or behavior is missing from my favorite system on my TV or my phone, let me add it!” You may be motivated to tinker with your devices because you enjoy it and are passionate about contributing to a community that has such a rich history of drastically changing the ecosystem of a variety of Apple (or other companies) products. Our community had an App Store before Apple, we had copy and paste first, mobile notifier was a tweak Peter Hajas sold on the Cydia store before Apple hired him and a version of his solution became the de-facto way to receive notifications in iOS. 

Even pop culture has given at least two pretty awesome nods to jailbreaking:

Futurama in Attack of the killer App

Mom: The new eyePhone is wonderful. I use it to check recipes and send threatening e-mails to unauthorized third party app developers.

or Tiffy in Archer during Sea Tunt II

Eugene: Well, now there’s no signal at all.

Tiffy: Wow! Oh my God! I’m having the weirdest deja vu right now.

Eugene: Ya know….

Tiffy: Here, let me jailbreak your phone. It’s a totally reversible process. Oh, bricked it!

Awesome pop culture references aside, up to the present day a product like nControl came first (as did many things that made it into *OS 13, and even Controllers for All came before nControl), this helps me pivot to the next point. 

The availability of alternate 'jailbreak' stores throughout iOS history has always been a huge boon to the community and arguably is the main reason it still thrives. None of these stores ever adapted to tvOS, which gave us a fantastic opportunity to make one on our own. 

We have been, for a long time, and have fought through many challenges to get here, but:

WE FINALLY LAUNCHED THE tvOS APP STORE!!

I know, I know, it's 'old' news because I already announced it earlier this week on twitter, however, this is still the inaugural post to officially announce it anyways! 

nControl is the lone product right now, but in the very near future we will extend an invitation to *OS developers to join the party. We strongly believe tvOS has the most untapped potential out of any Apple device and we want your help to actualize this potential!!

Down to brass tacks, right now it isn't possible for us to accept other developers, most of the infrastructure is there, but not enough to open the door just yet. When this does happen we have some cool features that we think you will like, among them is ability to provide Package Discounts and Payout percentage calculation (two developers on same project). 

In conjuction with the next phase of the store launch (inviting more developers) there will be a FREE class I will be teaching ASAP to anyone who is interested in learning how to code for this platform. Varying levels of experience will be accepted! We will be offering ideas for commercial products, and will help you create them! 

Examples include: 

Picture in picture apps,

tweak to customize home screen style, 

quick jump to an app via remote button, 

adjust bitrate settings, add user profiles, 

deep save video position for later, 

web widgets via an iOS or Mac app to crop out just the useful part, 

dashboard for mail/weather/calendar events, 

Siri tweaks, 

audio enhacement (customized routing etc), 

VNC

Airplay FROM your AppleTV (similar to VNC idea)

Ad Blockers

the possabilities are endless! nitoTV had Pizza on Demand on the first generation of AppleTV sometime between 2007-2010, LONG before an App Store ever existed for the AppleTV, or before the nito.tv App Store was launched for that matter, its time for us to set the curve again.

Store Tutorial

NOTE: This requires a jailbroken AppleTV if you aren’t currently jailbroken head over to the wiki for instructions on jailbreaking with ChimeraTV

We use a 4 digit pin system (similar to plex and a variety of other applications) to authenticate an account you create with us. The payment processing is done through Amazon pay, which means an amazon.com account is needed as well as a valid credit card+billing address on record with them.

NOTE: Currently 2FA on Amazon accounts is not supported (OTP passwords are, but not 2FA). If you have that enabled on your account you will need to temporarily disable it to make purchases on the nito.tv store. We will rectify this as soon as possible.

Sign Up For Amazon.com account 

1. Sign up for an account on amazon.com (or sign in to your existing amazon account - they do our payment processing)

2. Add a valid credit card to your account (if you don't already have one)

3. Make sure your credit card has a billing address associated to it, or you will not be able to use it.

Sign up for Account on nito.tv

1. Sign up for a brand new account 

2. After you sign up you will receive an email with a link to verify your account works. If you do NOT get this email, send an email to [email protected] and he will get you sorted out. (a message like the one below will advertise said email)

3. Click the link in the email and then you should appear back at nito.tv with a similar page. notice authorized is circled, you can click that link now to get ready for the next step on the AppleTV itself

3. Open the nitoTV application on your AppleTV and navigate to Settings -> Accounts -> App Store - > Sign In

4. At this point you will get a screen with a 4 digit code to enter on another device with a web browser. After entering this code you will be signed in to the nito.tv store.

5. That's it, you should now be able to purchase items!

Conclusion

Time to circle back to the question of 'Why jailbreak' It may seem like I never directly answered the question. Here's a direct answer, the future. Right now there isn't a ton of earth shattering reasons, I think nControl is awesome, and I also think its a better fit for the AppleTV than any other Apple device. Maybe games aren't your cup of tea, outside of AirMagic a few assorted tweaks and freedom, there aren't a ton of answers that will fill an immediate need for an answer, the store can help catalyze this community to grow into what it has the potential to be. I know the pieces fit. The metamorphosis is almost complete, it’s time to for the AppleTV to discard it’s awkward phase and to become an adult.

Long overdue update!!

At long last the much promised and oft delayed blog post update that I've been promising off and on for MONTHS. Going to cover a huge range of topics here, therefore nothing that I cover will get extensive depth or attention. Will cover the App Store status, nControl, chimeraTV, electraTV, uicache / ldrestart recent changes / snafu, DalesDeadBug update, cycripter and any known issues that are occuring with any of the above. Will also include a link to a handy tutorial for saving OTA blobs for the 4K AppleTV, just in case we find a way to make them useful!

Saving 4K OTA blobs covered by idownloadblog:

nitoTV App Store

This is several months behind schedule, and at this point its pretty much entirely my fault. I still need to do some payment processing work on the amazon front regarding declined cards / failed payments, etc. Im going to be looking into this immediately after i finish writing this post. 

If you hadn't noticed the new nito.tv website launched at the same time chimera(TV) did. You may have also noticed a beta code for people to help beta test it before i finally launch it, there is no way to get this code yet, not until i finish the payment work I mentioned above. Off the top of my head, this is the only thing holding us back anymore. 

nControl

Obviously nControl was released a few months ago, to resoundingly positive response (thank you!) It's available on chariz repo for 10$ and is currently my only source of income, so all purchases are greatly appreciated! If you need any additional details about nControl in general I kindly redirect you to the exhaustively documented wiki page that I maintain on the subject: https://wiki.awkwardtv.org/wiki/nControl

The tvOS version is only available through patreon and i'd actually prefer that people no longer go that route, patreon makes it WAY too much effort to get the money they owe you so I massively regret doing that in the first place, just didn't want to launch iOS and tvOS separetely and honestly thought the store would wrap up shortly thereafter.

chimeraTV

For the first time (potentially ever) the tvOS jailbreak was released in tandem with the iOS version of the Electra Teams *OS 12 jailbreak. This was a momentus occasion and was a large source of me being delayed from focusing on completing the nitoTV App Store. Its a rock solid jailbreak (especially with latest release) and I'm quite proud to maintain the tvOS version of it. It covers 12.0 - > 12.1.1 on tvOS, this is due to the fact the Apple staggers version numbers between iOS and tvOS for some unknown and maddening reason. For instance (12.1.2 on iOS == 12.1.1 on tvOS). It drives me just as mad as it does the rest of you, but it's been like that since the beginning of ARM based AppleTVs (send gen +) So I doubt it will ever change.

Candidly it was a bit of a challenge to get AppleBetas awesome UI to cooperate on tvOS but i'm glad iIforced myself to use the same code as much as possible (lots of ifdefs), since its written in Swift you can imagine the fight I put up to avoid using the same code base for the UI stuff. Eventually I acquiesced (yes I do make concessions!)

electraTV

Wow it's really been a long time since i've updated this blog (sorry!) electraTV was released several months before chimera (well the initial versions were, the 11.4.1 iteration wasn't THAT long ago) The electra jailbreak covers ALL versions of 11 (11.0->11.4.1) In its latest jailbreakd2 based iteration it is incredibly stable and reliable. Not much else to say about it!

uicache / ldrestart changes

I wasted most of last week fighting against issues with ldrestart. If you aren't familiar with ldrestart it is responsible for running after jailbreaking or loading any new Tweaks to make sure anything they may inject into gets restarted. With the older version of jailbreakd (in backr00m & versions of electraTV that supported 11.2.1->11.3, but not 11.4.1) couldn't handle the speed at which all the daemons get reloaded by ldrestart, this would lead to a lockup that would result in the system eventually rebooting (after being locked up for several minutes).

ldrestart has actually always been an issue, even when i used a kpp bypass in greeng0blin (Im fairly certain thats accurate!) So as a workaround i used to 'killall -9 backboardd' That would respring enough different things (PineBoard, HeadBoard et al) that i would be sufficient for the things i most commonly injected. Obviously this is a hacky stopgap, and uicache used to also kill a variety of other processes to cover them as well (lsd, appstored, etc) to help cover things like DalesDeadBug. 

After coolstar re-wrote uikitools (including uicache) i decided it was probably a good time for me to take a look at uicache again. If you want to know how much of a hassle and challenge uicache was in the earlier days (pre APFS) read some of the older posts on this blog. It's history is covered ad naeuseum.

Since we no longer need to load from /var/mobile/Applications, a lot of the extra hurdles in uicache have ceased to be necessary, essentially all that is really needed is [[LSApplicationWorkspace defaultWorkspace] _LSPrivateRebuildApplicationDatabasesForSystemApps:YES internal:YES user:NO]; + tweak to force App states to return TRUE for isEnabled. 

In the course of thinning down uicache I decided it'd be a good time to try and get ldrestart working on tvOS. After battling with it off an on all last week I came up with something that appeared to work pretty consistently on tvOS 12. Instead of being thorough and testing on 10.2.2->11.4.1 as well I hastily released it. This lead some people to get stuck in respring loops / lockups that eventually restarted the device. This was due to the fact that uicache:restart in postinst scripts would trigger ldrestart instead of uicache in nitoTV. 

In the older version of uicache there was an issue that existed once our new apps were loaded in the UI, a respring was never "required" but if it didn't occur all applications would exhibit weird behavior where they wouldnt launch, or wouldnt exit once launched, etc, to "fix" that I made it always kill backboardd as a compromise. Since this was also no longer necessary I made uicache killing backboardd "optional" by appending -r. Lack of forsite here, the old nitoTV wouldn't know backboardd wouldn't respring anymore, nor to run ldrestart when finish:restart was received, this lead to people getting stuck with a red progress indicator forever when trying to update to latest (at the time) version of nitoTV.

Due to the depth and gravity of the issue I sidelined getting ldrestart working in backr00m (one of the only places it has show stopping issues still) I reverted to uicache always respringing until I have time to revisit the issue.

In conjunction with deciding I was pouring too much time into this issue Chimera 1.0.6 was released the other night with massive stability improvements. Libtakeover & related injection was stripped out into inject_criticald  which provided massively stability improvements for the jailbreak, this made focusing on getting that out a few hours after the iOS release a very high priority.

The big takeaway from all of this:

* uicache run by itself (no arguments) is sufficient to gets apps loaded / removed after installing them into /Applications.

* ldrestart is part of uikittools on tvOS now and should be safe to run on latest electraTV release and chimeraTV release, but won't work at all on backr00m.

if you have installed a tweak and it doesnt seem to be working, try running ldrestart, it should help.

sleepy/wake

Part of the uicache update came the addition of 'sleepy' and 'wake' binaries. Use them from the command line to sleep or wake your AppleTV.

DalesDeadBug

This was recently updated to spoof newer versions, if you can't seem to get it working after installing it, prime candidate to run ldrestart after installing or making changes to that don't seem to be propogating. It works to get SteamLink installed on tvOS 10.2.2, but crashes immediately, not sure if im going to be able to fix it. It won't be possible to make that a priority (I looked into it briefly, thats the best I can do for now). 

If you need more info on what DalesDeadBug does, please read the wiki page: https://wiki.awkwardtv.org/wiki/DalesDeadBug

Cycripter

If you didn't notice, yesterday I decided to take one more brief detour to rectify a glaring deficiency in recent jailbreaks, inability to use cycript. I might have my differences with saurik recently, but this is still one of the most amazing projects he ever undertook and gifted to us. 

cycripter / CycriptLoader.dylib have been updated and open sourced to make it easier to use cycript on iOS or tvOS. All details necessary can be viewed on the wiki and the git.nito.tv repo. 

More Details: https://wiki.awkwardtv.org/wiki/Cycript

Known Issues

I havent kept a very exhaustive list of these, so I'm only going to cover two that I can think of right now.

* Infuse doesn't work on chimeraTV. 

Try launching infuse before running the jailbreak (so if you are currently in a jailbroken state, reboot first) 

if you run the jailbreak after Infuse has already been open it will work. I don't think it is necessarily any jailbreak detection, but it may be some kind of a protecetion from code injection, im honestly not sure.

* Music app doesn't work

Try updating to the latest version of chimeraTV on https://chimera.sh it didn't work in the prior version for me either, but after the latest install it started working.

Wrap-up

That's it for now, my core focus after this post is going to be to wrap up work on my long delayed tvOS App Store. I really hope to get it wrapped up this week or next. Stay tuned! And if you made it down this far, thanks!!

A more in depth update.

.If you haven’t noticed, i’ve come back with a vengeance the last couple of weeks into my AppleTV work. Here is an overview of all the news that has occurred in this time span

KPPless future

The main goal right now is to get completely away from KPP bypass based jailbreaks in favor of the more stable jailbreakd future. There will be some growing pains with this, and some stuff might just straight up not work yet, but it will all come along in due time and will be completely worth the initial pain for the future.

11.x Support

11.1 Is already at beta level full support, Code injection is working, uicache has been updated to get our app loading working as well. nitoTV can be installed and has successfully installed applications already. Still needs more aggressive testing and an updated bootstrap. But its good enough for now for me to focus on other issues.

11.2.x / 11.3 Is not yet supported. There are two exploits available and only one of them can be used at this time, and it has yet to yield a single success on tvOS. And thats empty_list (yes i've tried the updated version). multi_path is not applicable without an additional sandbox escape which i doubt anyone is willing to burn to make that exploit, that requires a paid account, to work on ONE platform. jaywalker will be working on making that exploit work, in conjunction with any other help he can give to the electra team to sort out remaining 11.3 issues.

10.2.2 Support / greeng0blin future

10.2.2 support made some great strides last night, i got jailbreakd working and some form of code injection working. PsychoTea's approach for jailbreakd is a bit different in some places and im not sure if i can just use the same stuff from 11.1 instead that i already have fullly working, requires more investigation. But i do have a bootstrap working that enables openssh and some basic code injection. nitoTV was loaded (albeit hackily and not properly through uicache) but it also is up and running and installing applications.

The best news of using meridians updated source is that PsychoTea worked directly with Siguza to make v0rtex work 10000x better than its previous versions. The success rate is approx 90% so far if not better. This will make ALL of our lives much easier.

The only bad news about anything 10.2.2 related is since it utilizes beta code for a yet to be released version of meridian i might be tethered to his release schedule for that particular update. We'll find out more soon on that topic.

Im not sure if we are going to provide an update path for 10.2.2 greeng0blin users, that is to be determined and if you want to make sure you can get the best experience from it, you may want to restore your 10.2.2 device now while its still signing (who knows when that window will close)

Its about time

It appears apple has FINALLY given us feature parity for downloading apps that used to support a current firmware and no longer do. (ie netflix) so on 10.2.2 now you can download an old supported version of netflix! I imagine this will work with other apps that used to support 10.2.2 as well, try it out and let us know!

Long story short, a lot of progress has been made for the KPPless future, no ETA's but hopefully a month or so isn't unrealistic timeline for release for at VERY least 10.2.2 and 11.1 support. But we hope to launch all the support at once.

brief update

nitoTV and co have been updated to support tvOS 11.x utilizing work from electra project (jailbreakd et al) This includes app and tweak loading. Some tweaks may require extra work to be compatible with jailbreakd, but most things have been pretty seamless. currently 11.1 is supported using async_awake exploit. 11.3 support will currently only be posdible utilizing empty_list exploit, multi_path is not applicanle without additional sandbox escape. since baseline support is mostly complete for 11.x the sights are turning to 10.2.2 being updated with kppless jailbreak, thanks to PyschoTea providing me with meridian code this should be a low impact change that i can exeute pretty quickly. From there and somewhat in parallel with the rest jaywalker will help get empty_list working properly on tvos. after all of that is complete we can release. TL;DR: 1. 11.1 support is essentially complete 2. 10.2.2 jailbreak becoming kppless is next priority 3. get empty_list under control on tvOS for 11.3 support 4. clean up bootstrap , last minute touches stay tuned!!

greeng0blin + brief update

This is not the long winded post I plan on putting together later, this is just a brief FAQ and extra release announcement.

greeng0blin was released late last night as were a suite of tools to install nitoTV on AppleTVs jailbroken on 9.0-10.1, and greeng0blin will jailbreak devices on 10.2.2.

Some links of assorted stuff related to this release

https://nito.tv

https://git.nito.tv/NitoTV/nitoTVInstaller

https://git.nito.tv/NitoTV/the_memo

https://git.nito.tv/NitoTV/g0blin/src/master/g0blinTV

https://nitosoft.com/ATV4/bootstraps/nitoInstaller

i will be updating the awkwardTV wiki with some extra install instructions later as well.

FAQ:

1. does this work on 11.x or AppleTV 4k?

no, support for tvOS 11 is top of our list, requires a lot of work to get jailbreakd and such incorporated into our setup and no on 4K because you can’t downgrade without a usb port or firmware files

2. whats this i hear about netflix, hulu, etc..?

netflix and hulu apparently have all 1st year junior level devs working on their tvOS apps who cant do basic support for 10-11 (the latest two tvOS versions, pretty standard practice for ANY company / dev / team) So if you try to install either of those apps after updating it will give you a sad alert that says you need 11.0+. Working on a fix for this no idea on ETA

3. hearing about remote pairing issues after downgrading

I dont have any good solution for this, using a old silver remote can get you through the initial setup process and then for some reason pairing with siri remote again has much higher success rate

4. Why jailbreak AppleTV?

freedom! Right now we are basically just serving apps that apple would never allow in their walled garden, but have a lot more cool shit planned in the future.

I will draft up a more in depth post later. going to be late for my flyers v coyotes game!

Stay tuned...

nitoTV update

Backend update

We have been coordinating the last couple of weeks to get the back end up to speed. And thus far I have apt and dpkg, and all related dependencies built and mostly validated / working for arm64. Thus far it has been tested on my 9.0 device and nothing passed that yet. Hoping to get to testing it on 10.1 today or tomorrow. Some of the dependencies are built in a bit of a hacky fashion and I need to address that before we can be confident that its fully validated. Right now I'm still using my old insecure nitoHelper and need Jaywalker to get the version he re-wrote up to speed. Hoping we can get that sorted this week.

UI update

The UI is essentially done for the next release, have a curated featured section that looks great (pretty exciting) and it also has a new package display view that looks really nice as well if your package implements Depiction properly (I'll cover that formatting later after things have been released). Installing / removing / searching are all working, I still need to test adding and removing repos, but that /should/ just work.

Updating

So you are stuck on 9.0 and 10.1 with your blobs saved and you want to update to 11.1? My advice at this time is to wait. The upcoming version of nitoTV is not going to support 11.1. The reason for this is we don't have mobilesubstrate updated and code injection in general is still a bit dicey / in progress. This release has already been delayed enough and I don't want to wait for that to fall into place to get a release out. The reason code injection is important for a release is for our app loading process, as of right now it requires code injection, if you can’t even install applications with nitoTV then its pretty useless!

However, if you are on 10.2->10.2.2 then you MIGHT be able to use my fresh port of https://github.com/lechium/v0rtexNonce to set your nonce and then restore using futurerestore. My instructions from before on this blog are not going to be sufficient because that bundled version of futurerestore that I built will likely be incompatible with tvOS 11. I know there are forks out there that supposedly work with iOS 11 but I can't vouch for any of them without personally using it.

App Store

The initial version won't have a paid store yet, I still need to figure out the logistics for that. But its definitely planned for a future update, and I'm going to do my best to get that update out very early next year (January hopefully) I will support other people supplying packages if they so desire, but none of the default cydia repos are going to be added by default, I would NOT recommend adding them either. 99.99% of the packages won't be applicable.

ETA

As a rule most of us hate doing this, because as soon as you put a date on something you'll most likely miss it!

That being said, I'm hoping to get out a version with 9.0 / 10.1 support sometime before the end of the year.

If you made it this far, thanks for reading and thanks for your continued patience!

nitoTV 4 tvOS update

Overall update

I apologize from the bottom of my heart for how long its taken to get an update one this. I truly am really sorry and appreciate all the patience for those of you who have stuck around and kept your AppleTV's on a compatible version for this jailbreak.

That being said, I know I said on twitter that I was going to cover a big setback when I thought of how to phrase it diplomatically. I've decided theres no way to do that and it was a setback that is unavoidable and it was a pretty bad one, on the backend side. It is in no way jaywalkers fault either. Thats as much as I've deemed necessary to say about it.

Backend update

Due to the fact that I got layed off from my job this week my "free" time has increased (so to speak). I've decided to take over any work that has been done on the backend with regards to the toolchain. I know i avoided talking about details above, suffice it to say the toolchain needs to be started over completely and I'm taking that work off of Justin's hands because he doesn't have the time to do it and I do now.

That being said at this very moment I'm going to spin up a linux VM and start / resume building with any notes that he needs to provide me. I don't have any estimate on how long that will take me, doing it all in straight up linux which isn't my normal wheelhouse. Not that I'm not comfortable there based on my darwin experience on OS X, but also in the interest of full disclosure.

Application loading

Not going to bore you with all the details of why alternate locations for Application loading has been necessary to move things forward, covered it pretty well in posts prior to this one.

Over the course of defcon, and a few additional days afterwards working with qwerty this conundrum has MOSTLY been solved. We can load applications from any location that we like, we have chosen /var/mobile/Applications/ (for now) as the target to load applications from.

This works reliably, for tvOS 9 and 10 now. There are still some issues regarding folder / keychain / etc sharing between top shelf plugins and applications, but aside from that it seems to be solved.

Potential Problem:

That being said, there is a new issue that has arisen since this solution has been found and I'm not sure if it is related. Ever since I've been using this new solution I can no longer successfully sideload tvOS applications from Xcode. It complains that "No such file or directory: /usr/libexec/springboardservicesrelay" is now an issue, strangely enough, that binary is not even part of a standard tvOS installation. This needs to be eliminated as a potential side effect to our process before anything can be released as well. Going to work on this in tandem to working on updating the toolchain.

Conclusion

tl:dr the following things are in progress and need to be taken care of to get nitoTV released for this and any future versions of tvOS jailbreaks;

1. update the toolchain to 64bit (which i am now personally working on) 2. figure out how i broke Xcode app sideloading 3. finish any UI work to tie it together with the finished backend / toolchain.

Final thoughts

I know this sounds like a mountain of work, but now that I'm unemployed at the moment I have more time to focus on this and I'm hoping that facilitates it getting done quicker.

nitoTV / liberTV update..

ICYMI: https://twitter.com/Morpheus______/status/846685087202787328

Jonathan Levin‏ @Morpheus______  Mar 28 “So maybe a #jailbreak for #TvOS 10.1.1 can be had, after all *snicker* :-) STAY ON <= 10.1.1 AND DO *NOT* UPDATE. And DON'T ask w(h)en ETA.”

So that is exciting news! We are hoping to have nitoTV ready by the time he is ready for his next release (or sooner, i have no information on his status)

Backend update

@jaywalker is very close to finishing up his work. Aside from completely redoing the existing backend for nitoTV,  he needed to build dpkg and all of its dependencies. This is mostly done, aside from building those packages, the rest of the backend work is tested and feature complete!!

Pangu 9 background info

I could be reckless and foolhardy on the 9.x pangu jailbreak due to the fact that it was untethered. With a semi-tether bootloops can happen much more easily, and can’t be recovered without a restore. With this in mind, we are being extra careful with the way we are building things, and doing rigorous testing.

updating nitoTV on tvOS 9.0 device

For anyone that is already jailbroken on 9.0 with pangu your transition to the new nitoTV will be slightly painful. Due to the fact that i rolled my own version of dpkg we will need to do a “purge” of ANYTHING nitoTV has installed previously.

Due to the fact that kodi and most other apps have been installed through AppSync, you will lose all your settings files for all of those applications. This is going to be unavoidable, sorry! A special utiltiy was crafted to purge all of the previous install data to create a smooth transition to a proper dpkg setup.

Application loading

In parallel of these efforts we are researching a better way to load applications, without relying on /Applications, this is to sidestep AppSync, because lets face it, that was hit or miss for a lot of people and i spent tons of time troubleshooting why it wasn’t working, we are diligently working on a better solution for that.

Saving “shsh2 blobs”

I recently realized I have covered future restore on this site without actually giving instructions on how to save these blobs for the future.

You will need SOME kind of USB-C cable that will allow you to plug your AppleTV into your computer. You will also need iTunes installed.

Your AppleTV will also need to be plugged in to an outlet to get power while plugged in to your computer. 

1. Connect your AppleTV to your computer

2. Select your AppleTV in iTunes.

3. Click the serial number twice. The ecid will appear

4. Enter this ecid into the requisite field on http://tsssaver.1conan.com and choose AppleTV 

5. You MIGHT need to change ecid popup to decimal, i dont remember which format iTunes returns it in

6. Under identifier in the first popup choose AppleTV and in the second choose AppleTV 4

7. You may need to solve captchas

8. Submit

Afterwards i would recommend saving the resulting files, i dont remember if it retrieves them right away or if you have to retrieve them manually on the same initial website and then download them, either way its a good idea to keep a local backup.

Thats it for now, be sure to check back periodically, if i forgot anything when reviewing this i will update it with the extra info.

futurerestore for tvOS

AppleTV future restore instructions

ONLY DO THIS IF YOU CONSIDER YOURSELF A POWER USER / EXPERT, I TAKE NO RESPONSIBILITY FOR BRICKED DEVICES!!!

based on instructions from https://www.reddit.com/r/jailbreak/comments/5pu8x4/tutorial_how_to_upgradedowngrade_to_ios_102_using/?st=IYLLB97O&sh=85cdc90c

Prerequisites

AppleTV 4 Jailbroken on 9.x

shsh2 blobs (apticket) for 10.1 for the same AppleTV

a Mac (maybe a vm?)

AppleTV5,3_10.1_14U593_Restore.ipsw

Terminal application open to this folder

a USB-C cable to connect your AppleTV to your computer

NOTE: Make sure you have ALL of the files prepared and ready, and even the futurerestore command ready before you do all the preparation on the AppleTV itself, once you reboot the AppleTV it can reboot every 15 minutes or so and then you will lose your nvram values with your specified "generator"

1. Set up all the preqs listed above

2. Prep your appletv with nonceEnabler and your "generator" from your .shsh2 file

ie:

# Change to your location of this folder in the terminal (yours could be different!)

cd ~/Downloads/future

# Use libfragmentzip to download BuildManifest.plist and sep-firmware.j42d.RELEASE.im4p to this folder

./libfragmentzip

(if this doesnt work you will need to download AppleTV5,3_10.1.1_14U712a_Restore.ipsw and extract BuildManifest.plist and Firmware/all_flash/all_flash.j42dap.production/sep-firmware.j42d.RELEASE.im4p out yourself into this folder manually)

# get your "generator" value out of the .shsh2 file. you can just open it with a text editor or cat the file and look for the "generator" key

cat YOUR_APTICKET.shsh2

.... <key>generator</key> <string>0x4cbbcbf673693427</string>

ie my "generator" value is 0x4cbbcbf673693427

# copy nonceEnabler over to your device

scp nonceEnabler root@YOUR_APPLETV_IP:~

(enter your password if applicable, default is alpine)

# ssh in to your device

ssh root@YOUR_APPLETV_IP

(enter your password if applicable, default is alpine)

# run nonceEnabler

./nonceEnabler

NOTE: This could take several tries to be successful, if it crashes just ssh in and try again until its successful.

# Next we are going to set the generator you got above into nvram

nvram com.apple.System.boot-nonce=YOUR_GENERATOR

(so for me it would've been nvram com.apple.System.boot-nonce=0x4cbbcbf673693427)

# Next make sure the AppleTV boots directly into recovery mode

nvram auto-boot=false

# If you want to verify your information is set in nvram properly

nvram -p  

should display something like this:

com.apple.System.boot-nonce 0x4cbbcbf673693427 auto-boot false boot-args

# Before we reboot make sure you have your command for the actual restore ready to go!!!

reboot

-- were back over to the mac now

# Plug the AppleTV in to your computer

./futurerestore -t YOUR_AP_TICKET.shsh2 -s sep-firmware.j42d.RELEASE.im4p -m BuildManifest.plist -w AppleTV5,3_10.1_14U593_Restore.ipsw --no-baseband

This could take a few tries to be successful, be patient and wait for it to report success or failure!!

Below is the package with all the files (i hid it down here so you would read the instructions!)

Why did i package them myself? I built futurerestore from the latest source myself because i was getting segfaults with the copies floating around, in conjunction i used some magic scripts @pimskeks put together to bundle and rejigger the bins to make them search for their libs inside the libraries folder. this should make running these binaries on any machine work just fine!

https://www.dropbox.com/s/t8cmz18gth73x5k/future.zip?dl=0

Good luck!

In case there is any confusion (i know i was a little confused the first run through) The reason we need BuildManifest and sep files from 10.1.1 is they are still signing that version of sep and they are not signing the 10.1 version anymore, futurerestore will restore the 10.1 filesystem to the device but use the 10.1.1 sep, this works just fine!

if you want to get further educated @tihmstar has done a great job of documenting the process in his 3c33 talk and on his blog:

http://blog.tihmstar.net

liberTV / nitoTV 10.1 update..

I know everyone has been super patient for updates on this, and I REALLY appreciate that. I think that patience deserves a bit of an update all in one place instead of sporadically spread out through my tweets over the last couple of weeks.

Theres a decent amount of info to cover in this post, so it is entirely possible I miss something

nitoTV status / updates

I have completely overhauled the UI/UX of the featured section of nitoTV to resemble Apples featured section in their store.

https://www.youtube.com/watch?v=3nJiNzf_4Cs

That being said, its still loading from dummy data that i poached directly out of their cached JSON files. What this means is that right  now I’m not loading anything similar to debian control files for  apps/packages yet.  

Therefore, I’m going to either need to 

modify control files or 

layer extra attributes on top of them.

I am not sure how I’m going to approach that conundrum yet.

Backend bedlam

@jaywalker is bringing my backend from nitoTV1-4 into the current century, yes parts of my setuid helper tool have been around since the FIRST AppleTV. The bulk of it was taken from nitoTV for the 2G AppleTV, but either way its not the greatest  code. For the 4G 9.x pangu jailbreak it was an amalgam of the old nitoHelper code and my own (horrid) ‘version’ of dpkg. It was “good enough” for the limited amount of people that use the 9.x jailbreak, now that this one will hit a much larger audience we need to do things right.

Respring madness

I haven’t just been in a holding pattern waiting for @jaywalker, i still needed to find a better way to get applications to load from /Applications in tvOS 9 and 10 alike. 

Previously the hateful methodology employed to get applications to load in there we removing *.csstore from mobile caches and killall -u mobile.

This lead to a variety of random issues (some known, some unknown) and was a terrible way to solve this problem, kludgy mckludgerstein as it were.

On top of that, this “solution” didn’t work on tvOS 10, even when deleting the *.cstore file from its new random location. This meant I needed to find a solution to that problem as well, because how else are we going to run nitoTV from /Applications (a necessity) If we cant get it to display?

This problem has been kind of solved with a cleaner solution that killall -u mobile, but its still a bit too overwraught and requires hooking into things that definitely aren’t requirements to get the process working, they will work, but aren’t ideal. 

From there, this solution didnt work in tvOS 9 (and i can’t leave those users hanging!!!) So I need to take extra time to sort that out. Thankfully i got a cleaner solution working than killall -u mobile, its slightly faster and doesn’t appear to have any terrible side effects yet.

tss checker / futurerestore on tvOS for 9.x->10.x

I apologize for the radio silence on this one, its been on my todo list and I just haven’t gotten there yet, that being said, according to @tihmstar the same process that one would use on the iPad WIFI (neither that nor AppleTV 4 have a baseband). So if anyone wants to be courageous and take one thing off my todo list for me, that’d be great!

Finding an ATV 4G on 10.1

Thanks to an awesome follower @skibowlruler i have procured information on at least one AppleTV that came stock with 10.1 and what kind of information http://www.chipmunk.nl/klantenservice/applemodel.html/ returned so hopefully someone else will be able to use this information to procure that device for themselves as well!

Model Number: MGY52

Group 1: AppleTV

Generation: 4

Production week: -2- (January)

Production year -2017-

Model introduced: -2015-

Factory: DY (China, Shenzhen - Foxconn)

I hope this helps! please comment on twitter to let me know if it does!

NOTE: Another twitter user @Sowers13C has pointed out another thread to get potentially better information on procuring an ATV 4G NIB with 10.1 on it: 

https://www.reddit.com/r/jailbreak/comments/5xjbim/question_apple_tv4_jailbreak/

https://twitter.com/Sowers13C/status/844197561183485952

Known issues with liberTV

This is by no means an exhaustive list, but its stuff i’ve seen reported and I can verify firsthand

Random reboots during video playback

Can take several tries to work successfully

SSH stops working

Ill address them one by one:

Random reboots during video playback

Jon commented on this on his forum 

“KPP (kernel patch protection) kicks in when the processor is doing floating-point related operations. It could be that the KPP implementation still has a bug - which wouldn't surprise me given how many cases I had with the initial installation of it (and why LiberTV succeeds on average 1/4). I am constantly working to improve these odds - and Luca's code isn't the easiest to work with.. Patience would be appreciated.”

source; http://newosxbook.com/forum/viewtopic.php?f=12&t=16823&sid=221a1e76489cd22eb3faa9d24a77aeb9&start=20#p18328

I dont have a solution for this, however, I can say it doesn’t seem to happen with plex or infuse. it does happen with kodi and tuyu and possibly netflix. Thats all i know offhand

Can take several tries to work successfully

Just the nature of the beast, its a hard vuln to get predictably under control afaik. Just keep trying!

SSH stops working

When jon was initially testing liberTV he was extracting his iosbintools pack directly to root, in doing so he definitely overwrote nvram bin and MAYBE the bash binary that are on the stock device, if you reboot with unsigned versions of those, boot loop of bad times! (semi-tethered!)

To mitigate this, every time liberTV runs it extracts the tools (including ssh configs) into /tmp. This gets wiped on a regular basis. Could be every few days, could be every day. This will wipe the config files that tell dropbear where you are supposed to be directed to and whatnot when logging in, if it doesnt know that, u just get booted off immediately. I imagine future versions will address this issue.

Whats working so far

MobileSubstrate

cycript

rocketbootstrap

respring to load /Apps in 9.x/10

AppSync

Thats all she wrote for now, I will probably periodically update / modify this file. Feel free to edit / reprint it for your blogs, just please attribute this link as a source somewhere.

Thanks!

AppleTV 10.1 FAQ

To piggyback on what https://twitter.com/Morpheus______ did with his FAQ http://newosxbook.com/forum/viewtopic.php?f=11&t=16820 (which i recommend you read first) Im going to put together one of my own as well.

1. There was a new tvOS jailbreak?? 

Not public yet, still in beta testing https://twitter.com/nitoTV/status/836359975169503234

2. I backed up my apticket for 10.1 and am jailbroken on 9.0 will i be able to update?

Hopefully, its not the top item on my list put it is pretty far up to investigate this. I have 2 AppleTVs on 9.0 / 9.0.1 and am willing to sacrifice one to test out getting that process to work. (especially since i have a third on on 10.1 now) This process has never been done on the AppleTV so its new territory, but theres no reason it shouldn’t work using a similar technique. However you WILL need to be jailbroken on 9.x AND have the 10.1 apticket saved for it to be potentially possible for you to do.

3. So theres no Cydia?

I know jon covered this question in his FAQ, but I have a more complete answer. For the 9.x tvOS jailbreak nitoTV was the closest thing we had to Cydia. It was more hand rolled hacky “implementation” of dpkg without any repo support or anything of that nature. The plan is to overhaul nitoTV to be a more full featured version that is closer in functionality to what Cydia offers on other iOS devices.

4. Can i please help test it? 

I know this is another re-tread, my answer is the same is his, thank you, but no.

5. My AppleTV is on 10.1.1, do i have any hope? 

No sorry, you will have to buy a new one and keep returning them till you get one on 10.1, sorry.

6. What will this enable me to do? Why should I jailbreak my AppleTV?

Right now, not a whole lot. The community didn’t really coalesce around the first jailbreak because it had such a limited audience of people still on 9.0/9.0.1 or that were willing to go buy a device in hopes it was still on 9.x. But i strongly believe we will have a much more vibrant community around this one than the last. We have some awesome ideas that i can’t share at this time, but trust me, they are awesome.

7. How will I install it?

Cydia Impactor, same as the yalu for 10.2 on all other devices.

---

Thats all I can think of for now, if i find any other questions getting frequently asked i will update this page as necessary.

One final note, another thing on my todo list is to bring http://wiki.awkwardtv.org into the modern era for tvOS and hopefully get it to be as active as the iphone wiki is for iphone related stuff. Also have a plan to bring the awkwardTV irc chat room back to life once we get further along.

Thats all for now, get excited!!!

Clarification on manually installing Kodi

If you are jailbroken and you try to install kodi manually with nitoHelper it SHOULD fail telling you that you will run out of space if you extract that package into its designated destination. 

Support for stashing was never added for the tvOS jailbreak and Kodi+ all its support files is MASSIVE. Whether you are jailbroken or not the best method to go about is following the instructions on the wiki:

http://wiki.awkwardtv.org/wiki/AppSync#Sideloading_Kodi

Bad news everyone...

Apple closed the signing windows for all the firmwares that can be exploited with yalu 10.2.

There is no guarantee you can upgrade to 10.2 even with those tickets i had people save, that process never got adopted and tested before they closed the windows and i dont have a huge cache of ATV4s i can sacrifice to testing the risky process.

I wanted to get more definitive answers before i told everyone what to do about this and Apple pulled the carpet right out from under us again even sooner than i expected.

Will suspend work on the on-device blob backup since that window is now closed and my rationale for making it a top priority is no longer relevant.

Someone at Apple had a case of the mondays and took it out on us :( sad story.

tvOS 10.1 & yalu 10.2 musings...

Here are some relatively brief thoughts (but not brief enough for twitter, which is why im using this infrequently used tumblr page)

Q: “have i tried to use yalu 10.2 JB on tvOS yet?”

A: No i haven’t, it should be compatible, i know offsets have been updated but from what i understand “The core exploit still relies on mach ports which tvOS doesn't expose to userland” Im not sure if any of this has changed in the last two days and havent had an opportunity to investigate yet.

Q: “What the hell are you doing then???!?!? slacker!!”

A: Right now since i know it /should/ be applicable, but i dont have 100% verification yet i’m doing my best to make it possible for people that hold steady on 9.0.x to preserve their jailbreak can hopefully secure a route to upgrade to 10.1 when a jailbreak is created and released. The best & easiest way i see of securing this is getting Img4Tickets to be saved directly on the device. That being said, i have now gotten that working on at least one device, and after some more testing and integration i will release it and move on to looking in to the actual jailbreak.

Thats it for now, if you made it this far, thanks for reading :)

HotKeys

Fresh back from my trip to SF for WWJC, had a blast, would love to talk more about it but gotta get to work!

Long story short (difficult for me) people really enjoyed this sound board setup i have for my function keys that i exhibited during my talk. I decided to tweak the app that i made to make it more usable for the general public.

http://nitosoft.com/HotKeys.zip

Right now the file it copies over are based on values i was using on my setup, so out of the box it wont do anything. you will need to double click on each row one at a time and chose an audio sample (or a script) that you want assigned to that key.

If you don’t want to have to press fn before hitting the function key (if applicable) you can toggle this off in 

System Preferences - > Keyboard -> Use all F1, F2, etc.. keys as standard function keys

Add the application as a startup app and it will “persist” between boots :)

enjoy!

nitoTV 4 out + more...

It appears its time to start updating my tumblr more often again with things that are too verbose for twitter.

I’m going to cover a few things in this post.

1. nitoTV 4 and some basics around how it works

2. “porting” flappySwift to tvOS

3. How applications are packaged for nitoTV 4

nitoTV 4 was released yesterday and it was a work of love and labor that i’m really happy to share with the jailbreak world, i’ve missed all of you!

http://wiki.awkwardtv.org/wiki/NitoTV_Take_4 for install instructions if you missed it :)

Right now nitoTV 4 is still an infant and only serves to install applications that you could easily sideload yourself. tvOS is still a brave new world and we have a lot to learn and discover. I rolled my own “version” of dpkg installation, and right now its not really the same as far as tracking what is installed or dependency management yet. I just wanted to get something out there to start people out. The extent of dpkg support is i wrote a REALLY hacky parser that will extract control.tgz and data.* files and then extract them from there. i only support postinst scripts right now, but do plan to support the rest as well.

I didn’t really want to supplant dpkg, but the builds put together so far are missing some important pieces so I decided this was an easier route where i wasn’t depending on anyone else to get it done.

could i cross compile dpkg & apt? most likely, however its too time consuming and I feel like my efforts are better focused on getting thing to the users earlier.

I also wanted to allow myself to get a release out so I can focus on the nitty gritty, like porting AirControl to tvOS. Right now mobilesubstrate hasn’t even been tested yet, therefore there isn’t much to speak of with tweak development.

Yesterday when I released nitoTV I asked people about applications I may have missed in initial release so I could add them. @b3ll put out a request for flappyBird, and I found an open source swift version that didn’t currently support tvOS. I figured i’d add some notes here about what I did to “port” it in case anyone is curious.

https://github.com/lechium/FlappySwift

1. I created a tvOS target in the projet choosing “Game” template. 

2. Went over to the other source files in the previous iOS target and added the new tvOS target under “Target Membership” in the right side panel for GameScene.sks GameScene.swift, GameViewController.swift Images.xcassets and bird.atlas

3. Deleted any files of the same name from tvOS target folder (GameViewController.swift is all i remember)

4. Selected the storyboard for tvOS target and changed the view to an SKView in custom class panel.

5. Took some of the image assets and cobbled together a tvOS icon (the fully layered version is available in my fork as icon layers.psd

Im pretty sure that was all i did from memory. There was no real heavy lifting involved.

On to the last topic I want to cover in this post, how apps are currently packaged for nitoTV distribution.

1/ I build the app normally in Xcode with Generic tvOS target chosen. 

2. Find the built app and move it over into a layout/Applications folder (theres a basic example in my flappySwift fork) https://github.com/lechium/FlappySwift/tree/master/layout

3. Create a DEBIAN/control and DEBIAN/postinst folder/file the postinst file is necessary for my installer to know that a respring is required.

4. dpkg-deb -b layout com.companyid.project-version.deb

That is a basic example for how the flappyBird one is made. However due to the fact that stashing /Applications doesn’t work reliably (yet, if ever) 

JBATV:~ root# df -h Filesystem       Size   Used  Avail Capacity iused   ifree %iused  Mounted on /dev/disk0s1s1  1.6Gi  1.4Gi  167Mi    90%  377527   42635   90%   / devfs            49Ki   49Ki    0Bi   100%     168       0  100%   /dev /dev/disk0s1s2   28Gi  1.7Gi   26Gi     6%  432846 6888428    6%   /private/var

That 1.6G doesnt go very far, especially when i think initially it only has ~250 megs free. This forces us to do stashing of partial parts of the application into /var/stash/AppName and then using symbolic links in the application itself before created the dpkg.

In that case inside layout i 

1. create layout/private/var/stash/<AppName.app>

2. move the files from layout/Applications/<AppName.app> into layout/private/var/stash/<AppName> 

3. cd (this need to be done in the terminal) into layout/Applications/<AppName.app>

4. ln -s /var/stash/<AppName>/<StashedItem> .

that will create a (currently broken) symbolic link to the Application root folder, once you create the dpkg and install it on device, as long as you did everything right, the symbolic link will properly point to the new location.

Thats it for today, I hope people found this post helpful / enlightening! I will be posting more in the near future as I learn more about tvOS jailbreaking info and tweaking.

Fixing the Black Screen of Death on AppleTV 4

ssh in to your device

ssh [email protected] (your ip address or hostname may differ)

if you havent changed the password or logged in before its alpine (And you should change it!)

wget http://nitosoft.com/ATV4/fixBoot.sh

chmod +x fixBoot.sh

./fixBoot.sh

this will put a script in /etc/rc.d that will unload and reload lockdownd for you, not sure what causes this problem, but this appears to be a stopgap to “fix” it for now.

let me know if it works!