TrollNonce is a nonce setter for TrollStore on iOS 15

Lars Fröder after releasing TrollStore the permanent IPA installer for iOS 14 up to iOS 15.5 beta 4 published also TrollNonce app. This is the first public tool to set nonce on iOS 15.0 up to iOS 15.1.1 on A10 – A15 devices. A nonce is required for iOS downgrades.

What is TrollNonce?

TrollNonce is an iOS app allowing you to set nonce on iOS 15.0 up to iOS 15.5 b4. All A10 — A15 devices are supported. It requires you to install it through the TrollStore app. Nonce generated from blobs on your iDevice allows you to downgrade or upgrade iOS to a not signed version.

Nonce is a signing method that randomizes Apple's cryptographic signature hash blobs (SHSH blobs) and is used with the baseband signing ticket, the APTicket, and SEP (Secure Enclave). Whenever you restore your device, a random string of numbers and letters is generated.

The nonce (e.g., 0x123ac11xd11k10) is sent to Apple serves to request an APTicket for the firmware you want to restore. If the nonce of the device and the APTicket match, you can restore even no longer signed IPSW. It's a perfect solution to return to jailbreak vulnerable iOS.

TrollNonce can set the nonce on not jailbroken iOS 15 devices. The tool was released as an open source project through GitHub and can be compiled with theos libraries. TrollNonce was licensed under MIT, but it also uses an exploit by John Åkerblom and dimentio by 0x7ff.

The latest release of TrollNonce 1.1 uses the new weightBufs exploit by Mohamed Ghannam (iOS kernel r/w exploit) to set nonce on A12+ devices running on iOS 15.0 up to iOS 15.5 beta 4. This kind of app with properly saved blob files and a tool like futurerestore will allow you to downgrade iOS to not signed version that can be potentially jailbroken in the future.

Always remember to save blobs when a new version of iOS is released to have the possibility to downgrade the system at any point. On modern jailbreaks such as unc0ver or Taurine, the nonce on the device is set by default to 0x1111111111111111 value.

How to install TrollNonce IPA

TrollNonce for iOS 15 up to iOS 15.5 b4 (A12+) and iOS 15 – iOS 15.1.1 (A10 – A15) was released as a free IPA package. It can be installed only through the TrollStore app and will not work when installed in other IPA signing apps. Only works when installed through TrollStore 1.0.9 or newer.

1. Install the TrollStore app on iOS 15 with your preferred method.
2. Download TrollNonce IPA 1.1.2 with Safari mobile.
3. Open the Files app on your iPhone and navigate to “Recents”.
4. Select the downloaded IPA and send it to the TrollStore app.
5. TrollNonce will be installed, and an icon will be placed on the Home Screen.

What's new

• Updated TrollNonce to version 1.1.2.
• Fix wrong assert causing noncehelper to crash on some device / version combinations.
• Add support for some A12+ devices on iOS 15.2 – iOS 15.5b4.
• Fix uninitialized variables, making the nonce be 0x2 when it really should show “error”.
• Initial release.

Post a comment