ipsw | iOS/macOS Research Swiss Army Knife | iOS library

That is not a valid offset.

I assume you mean the KERNEL_MAP and REALHOST offsets.

If you already have the decrypted kernelcache file on your desktop, and you are doing this on macOS (which I assume you do since you're building an iOS app, here's one of the methods to find the offsets:

1. Place your kernelcache file on Desktop and make sure it's called "kernelcache".
2. Open Terminal and paste the following commands:

For KERNEL_MAP:

it is maybe more a guess than a solution but did you name your module or the package remotezip? in that case it might shadow the lib

It looks like urllib (not urrlib) is not able to verify you're talking to the real ipsw.me. They're using Cloudflare's certificates.

You'll have a much better time using the Requests module. It comes with a more recent certificate bundle, which will likely fix your problem.

In practice, you can't.

In theory, there are three ways:

1. Become an Apple employee.
2. Break RSA.
3. Find a vulnerability in Apple's boot chain.

Assuming number 1 and 2 are not feasible for you, let's look at the third option. All iPhones up to and including the iPhone 8 and X do actually have a known BootROM vulnerability - the one for A5-A11 chips is called checkm8. There's a couple of issues with that though:

• The bug is in the DFU portion of the BootROM, so in order to use it, you have to put your device into DFU on each boot. You can't just "install" an OS and be done with it.
• The bug only affects the Application Processor, not the Secure Enclave. So you'd have to patch the system to either update the code that is responsible for talking to the SEP so that it works with a currently signed firmware, or to not talk to the SEP at all.

Now there is another vulnerability called blackbird - this time in SEPROM. It's limited to A8-A10 chips (which would include your iPhone SE), and allow two potential solutions:

• Apple's firmware signatures tie a particular version to a particular device. If you had previously saved such a signature while Apple was handing them out, you could use these two bugs to downgrade to such a version, and then continue to use it without a jailbreak.
• If you had not saved such a signature for your device, you could still load an unsigned SEPOS firmware via DFU, so you could at least boot old versions tethered.

And now for a self-plug: I'm on the development team of the checkra1n jailbreak and we do plan to implement a reasonable interface for the aforementioned procedures - but we're still quite a way off, and not our top priority.

So for the time being: you can't install unsigned versions.

The information in your opening paragraph suggests that you've not found examples of searching a directory for files with a pattern/glob and isolating a section of it. IMO, this has been covered thousands of times on this site, under the batch-file tag alone. However, here's some example code to assist you.

Please remember to adjust the path, %AppData%\Apple Computer\iTunes\iPhone Software Updates, on line 2 first, if I've guessed it incorrectly.