@@ -151,7 +151,7 @@ static struct bbdevice bbdevices[] = {
151151 {"Mac14,9" , 0 , 0 }, // MacBook Pro (14-inch, M2 Pro, 2023)
152152 {"Mac14,10" , 0 , 0 }, // MacBook Pro (16-inch, M2 Pro, 2023)
153153 {"Mac14,12" , 0 , 0 }, // Mac mini (M2 Pro, 2023)
154- {"Mac14,13" , 0 , 0 }, // Mac Studio (M2 Pro , 2023)
154+ {"Mac14,13" , 0 , 0 }, // Mac Studio (M2 Max , 2023)
155155 {"Mac14,14" , 0 , 0 }, // Mac Studio (M2 Ultra, 2023)
156156 {"Mac14,15" , 0 , 0 }, // MacBook Air (15-inch, M2, 2023)
157157 {"Mac15,3" , 0 , 0 }, // MacBook Pro (14-inch, M3, Nov 2023)
@@ -165,15 +165,19 @@ static struct bbdevice bbdevices[] = {
165165 {"Mac15,11" , 0 , 0 }, // MacBook Pro (16-inch, M3 Max, Nov 2023)
166166 {"Mac15,12" , 0 , 0 }, // MacBook Air (13-inch, M3, 2024)
167167 {"Mac15,13" , 0 , 0 }, // MacBook Air (15-inch, M3, 2024)
168+ {"Mac15,14" , 0 , 0 }, // Mac Studio (M3 Ultra, 2025)
168169 {"Mac16,1" , 0 , 0 }, // MacBook Pro (14-inch, M4, Nov 2024)
169170 {"Mac16,2" , 0 , 0 }, // iMac 24-inch (M4, Two Ports, 2024)
170171 {"Mac16,3" , 0 , 0 }, // iMac 24-inch (M4, Four Ports, 2024)
171172 {"Mac16,5" , 0 , 0 }, // MacBook Pro (16-inch, M4 Pro, Nov 2024)
172173 {"Mac16,6" , 0 , 0 }, // MacBook Pro (14-inch, M4 Pro, Nov 2024)
173174 {"Mac16,7" , 0 , 0 }, // MacBook Pro (16-inch, M4 Pro, Nov 2024)
174175 {"Mac16,8" , 0 , 0 }, // MacBook Pro (14-inch, M4 Pro, Nov 2024)
176+ {"Mac16,9" , 0 , 0 }, // Mac Studio (M4 Max, 2025)
175177 {"Mac16,10" , 0 , 0 }, // Mac mini (M4, 2024)
176178 {"Mac16,11" , 0 , 0 }, // Mac mini (M4 Pro, 2024)
179+ {"Mac16,12" , 0 , 0 }, // MacBook Air (13-inch, M4, 2025)
180+ {"Mac16,13" , 0 , 0 }, // MacBook Air (15-inch, M4, 2025)
177181
178182 // Apple Displays
179183 {"AppleDisplay2,1" , 0 , 0 }, // Studio Display
@@ -261,12 +265,13 @@ static struct bbdevice bbdevices[] = {
261265 {"iPhone17,2" , 1652214800 , 4 }, // iPhone 16 Pro Max
262266 {"iPhone17,3" , 1652214800 , 4 }, // iPhone 16
263267 {"iPhone17,4" , 1652214800 , 4 }, // iPhone 16 Plus
268+ {"iPhone17,5" , 0 , 0 }, // iPhone 16e
264269
265270 // iPads
266271 {"iPad1,1" , 0 , 0 }, // iPad (1st gen)
267272 {"iPad2,1" , 0 , 0 }, // iPad 2 Wi-Fi
268273 {"iPad2,2" , 257 , 12 }, // iPad 2 GSM
269- {"iPad2,3" , 257 , 12 }, // iPad 2 CDMA
274+ {"iPad2,3" , 2 , 4 }, // iPad 2 CDMA
270275 {"iPad2,4" , 0 , 0 }, // iPad 2 Wi-Fi (2012, Rev A)
271276 {"iPad3,1" , 0 , 0 }, // iPad (3rd gen, Wi-Fi)
272277 {"iPad3,2" , 4 , 4 }, // iPad (3rd gen, CDMA)
@@ -286,6 +291,8 @@ static struct bbdevice bbdevices[] = {
286291 {"iPad12,2" , 165673526 , 12 }, // iPad (9th gen, 2021, Cellular)
287292 {"iPad13,18" , 0 , 0 }, // iPad (10th gen, 2022, Wi-Fi)
288293 {"iPad13,19" , 495958265 , 4 }, // iPad (10th gen, 2022, Cellular)
294+ {"iPad15,7" , 0 , 0 }, // iPad (A16, Wi-Fi)
295+ {"iPad15,8" , 3452763205 , 4 }, // iPad (A16, Cellular)
289296
290297 // iPad minis
291298 {"iPad2,5" , 0 , 0 }, // iPad mini (1st gen, Wi-Fi)
@@ -319,9 +326,13 @@ static struct bbdevice bbdevices[] = {
319326 {"iPad13,16" , 0 , 0 }, // iPad Air (5th gen, Wi-Fi)
320327 {"iPad13,17" , 495958265 , 4 }, // iPad Air (5th gen, Cellular)
321328 {"iPad14,8" , 0 , 0 }, // iPad Air (11-inch, M2, Wi-Fi)
322- {"iPad14,9" , 495958265 , 4 }, // iPad Air (11-inch, M2, Cellular)
329+ {"iPad14,9" , 3452763205 , 4 }, // iPad Air (11-inch, M2, Cellular)
323330 {"iPad14,10" , 0 , 0 }, // iPad Air (13-inch, M2, Wi-Fi)
324- {"iPad14,11" , 495958265 , 4 }, // iPad Air (13-inch, M2, Cellular)
331+ {"iPad14,11" , 3452763205 , 4 }, // iPad Air (13-inch, M2, Cellular)
332+ {"iPad15,3" , 0 , 0 }, // iPad Air (11-inch, M3, Wi-Fi)
333+ {"iPad15,4" , 3452763205 , 4 }, // iPad Air (11-inch, M3, Cellular)
334+ {"iPad15,5" , 0 , 0 }, // iPad Air (13-inch, M3, Wi-Fi)
335+ {"iPad15,6" , 3452763205 , 4 }, // iPad Air (13-inch, M3, Cellular)
325336
326337 // iPad Pros
327338 {"iPad6,3" , 0 , 0 }, // iPad Pro (9.7-inch, Wi-Fi)
@@ -964,15 +975,15 @@ void getRandNum(char *dst, size_t size, int base){
964975}
965976
966977#pragma mark tss functions
967- int tss_populate_devicevals (plist_t tssreq , uint64_t ecid , char * nonce , size_t nonce_size , char * sep_nonce , size_t sep_nonce_size , int image4supported ){
978+ int tss_populate_devicevals (plist_t tssreq , uint64_t ecid , char * nonce , size_t nonce_size , char * sep_nonce , size_t sep_nonce_size , int image4supported , int has_sep ){
968979 plist_dict_set_item (tssreq , "ApECID" , plist_new_uint (ecid )); //0000000000000000
969980 if (nonce ) {
970981 plist_dict_set_item (tssreq , "ApNonce" , plist_new_data ((const char * )nonce , (int )nonce_size ));//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa
971982 } else {
972983 plist_dict_set_item (tssreq , "ApNonce" , plist_new_data (NULL , 0 ));
973984 }
974985
975- if (sep_nonce ) {//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa
986+ if (has_sep && sep_nonce ) {//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa
976987 plist_dict_set_item (tssreq , "ApSepNonce" , plist_new_data (sep_nonce , sep_nonce_size ));
977988 }
978989
@@ -1056,6 +1067,9 @@ int tss_request_add_custom_cryptex_tags(plist_t request, plist_t parameters)
10561067 if ((strstr (key , "Cryptex" ) == 0 )) {
10571068 continue ;
10581069 }
1070+ if ((strstr (key , "Rap" ) == 0 )) {
1071+ continue ;
1072+ }
10591073
10601074 plist_t info_dict = plist_dict_get_item (manifest_entry , "Info" );
10611075 if (!info_dict ) {
@@ -1210,7 +1224,7 @@ int parseHex(const char *nonce, size_t *parsedLen, char *ret, size_t *retSize){
12101224 return 0 ;
12111225}
12121226
1213- int tss_populate_random (plist_t tssreq , int is64bit , t_devicevals * devVals ){
1227+ int tss_populate_random (plist_t tssreq , int is64bit , int hasSEP , t_devicevals * devVals ){
12141228 size_t nonceLen = 32 ; //valid for all devices with KTRR
12151229 if (!devVals -> deviceModel )
12161230 return error ("[TSSR] internal error: devVals->deviceModel is missing\n" ),-1 ;
@@ -1296,23 +1310,25 @@ int tss_populate_random(plist_t tssreq, int is64bit, t_devicevals *devVals){
12961310 }
12971311 }
12981312
1299- if (devVals -> sepnonce ){
1300- if (devVals -> parsedSepnonceLen != NONCELEN_SEP )
1301- return error ("[TSSR] parsed SEPNoncelen != requiredSEPNoncelen (%u != %u)" ,(unsigned int )devVals -> parsedSepnonceLen ,(unsigned int )NONCELEN_SEP ),-1 ;
1302- }else {
1303- devVals -> sepnonce = (char * )calloc (1 , (devVals -> parsedSepnonceLen = NONCELEN_SEP ) + 1 );
1304- getRandNum (devVals -> sepnonce , devVals -> parsedSepnonceLen , 256 );
1313+ if (hasSEP ) {
1314+ if (devVals -> sepnonce ){
1315+ if (devVals -> parsedSepnonceLen != NONCELEN_SEP )
1316+ return error ("[TSSR] parsed SEPNoncelen != requiredSEPNoncelen (%u != %u)" ,(unsigned int )devVals -> parsedSepnonceLen ,(unsigned int )NONCELEN_SEP ),-1 ;
1317+ }else {
1318+ devVals -> sepnonce = (char * )calloc (1 , (devVals -> parsedSepnonceLen = NONCELEN_SEP ) + 1 );
1319+ getRandNum (devVals -> sepnonce , devVals -> parsedSepnonceLen , 256 );
1320+ }
1321+ if (devVals -> apnonce ) devVals -> apnonce [nonceLen ] = '\0' ;
1322+ devVals -> sepnonce [NONCELEN_SEP ] = '\0' ;
13051323 }
1306- if (devVals -> apnonce ) devVals -> apnonce [nonceLen ] = '\0' ;
1307- devVals -> sepnonce [NONCELEN_SEP ] = '\0' ;
13081324
13091325#ifndef TSSCHECKER_NOMAIN
13101326 debug ("[TSSR] ecid=%llu\n" ,devVals -> ecid );
13111327 debug ("[TSSR] ApNonce=%s\n" ,devVals -> apnonce );
13121328 debug ("[TSSR] SepNonce=%s\n" ,devVals -> sepnonce );
13131329#endif
13141330
1315- int rt = tss_populate_devicevals (tssreq , devVals -> ecid , devVals -> apnonce , devVals -> parsedApnonceLen , devVals -> sepnonce , devVals -> parsedSepnonceLen , is64bit );
1331+ int rt = tss_populate_devicevals (tssreq , devVals -> ecid , devVals -> apnonce , devVals -> parsedApnonceLen , devVals -> sepnonce , devVals -> parsedSepnonceLen , is64bit , hasSEP );
13161332 return rt ;
13171333}
13181334
@@ -1346,12 +1362,17 @@ int tssrequest(plist_t *tssreqret, char *buildManifest, t_devicevals *devVals, t
13461362 }
13471363 plist_t sep = plist_dict_get_item (manifestdict , "SEP" );
13481364 plist_t virt = plist_dict_get_item (infodict , "VirtualMachineMinHostOS" );
1349- int is64Bit = !(!sep || plist_get_node_type (sep ) != PLIST_DICT );
1365+ // macOS OTAs don't include SEP definition; hardcode them as having SEP
1366+ int hasSEP = (!(!sep || plist_get_node_type (sep ) != PLIST_DICT )
1367+ || strncasecmp (devVals -> deviceModel , "Mac" , strlen ("Mac" )) == 0
1368+ || strncasecmp (devVals -> deviceModel , "iMac" , strlen ("iMac" )) == 0 );
13501369 if (virt ) {
1351- is64Bit = plist_get_node_type (virt ) == PLIST_STRING ;
1370+ hasSEP = plist_get_node_type (virt ) == PLIST_STRING ;
13521371 }
1372+ // first-generation Apple Watch doesn't have SEP but *does* use img4
1373+ int isImg4 = (hasSEP || strncasecmp (devVals -> deviceModel , "Watch1," , strlen ("Watch1," )) == 0 );
13531374
1354- if (tss_populate_random (tssparameter ,is64Bit , devVals ))
1375+ if (tss_populate_random (tssparameter ,isImg4 , hasSEP , devVals ))
13551376 reterror ("[TSSR] failed to populate tss request\n" );
13561377
13571378 tss_parameters_add_from_manifest (tssparameter , id0 , true);
@@ -1363,7 +1384,7 @@ int tssrequest(plist_t *tssreqret, char *buildManifest, t_devicevals *devVals, t
13631384 reterror ("[TSSR] ERROR: Unable to add common tags to TSS request\n" );
13641385 }
13651386
1366- if (is64Bit ) {
1387+ if (isImg4 ) {
13671388 if (tss_request_add_ap_img4_tags (tssreq , tssparameter ) < 0 ) {
13681389 reterror ("[TSSR] ERROR: Unable to add img4 tags to TSS request\n" );
13691390 }
0 commit comments