Unable to restore to 14.6 with SHSH2 blobs on iPad Mini 4 currently running 15.8.1

[mrgarbagegamer]

*** Legacy iOS Kit ***
 - Script by LukeZGD -

* Version: v24.05.04 (21fafe1)
* Platform: linux (Ubuntu 23.10) 

* Device: iPad5,1 (j96ap) in Recovery mode
* iOS Version: Unknown
* ECID: 977093122412326

* Only select unmodified IPSW for the selection. Do not select custom IPSWs

* Selected Target IPSW: /home/ubuntu/restoring to 14.6/iPad_64bit_TouchID_14.6_18F72_Restore.ipsw
* Target Version: 14.6-18F72
* Check the SEP/BB compatibility chart: https://docs.google.com/spreadsheets/d/1Mb1UNm6g3yvdQD67M413GYSaJ4uoNhLgpkc7YKi3LBs

* Selected Target SHSH: /home/ubuntu/restoring to 14.6/977093122412326_iPad5,1_j96ap_14.6-18F72_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2
* Generator: 0x1111111111111111
* Selected SHSH file is validated

 > Main Menu > Restore/Downgrade > Other (Use SHSH Blobs)
[Input] Select an option:
1) Select Target IPSW
2) Select Target SHSH
3) Start Restore
4) Go Back
#? 3
* Get ready to enter DFU mode.
* If you already know how to enter DFU mode, you may do so right now before continuing.
[Input] Select Y to continue, N to exit recovery mode (Y/n) y
* Get ready...
02 01 
* Hold TOP and HOME buttons.
10 09 08 07 06 05 04 03 02 01 
* Release TOP button and keep holding HOME button.
08 07 06 05 04 03 02 01 
[Log] Found device in DFU mode.
[Log] Placing device to pwnDFU mode using gaster
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SETUP
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SPRAY
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: PATCH
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
[Log] Downloading firmwares.json...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 4585k    0 4585k    0     0  13.6M      0 --:--:-- --:--:-- --:--:-- 13.6M
cp: -r not specified; omitting directory '../saved'
[Log] Checking firmware keys in ../resources/firmware/iPad5,1/18F72
[Log] Starting local server for firmware keys: /usr/bin/python3 -m http.server -b 127.0.0.1 8888
[Log] Waiting for local server
Serving HTTP on 127.0.0.1 port 8888 (http://127.0.0.1:8888/) ...
127.0.0.1 - - [05/May/2024 20:49:56] "GET / HTTP/1.1" 200 -
[Log] futurerestore nightly will be used for this restore: https://github.com/futurerestore/futurerestore
[Log] Checking for futurerestore updates...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  128k    0  128k    0     0   423k      0 --:--:-- --:--:-- --:--:--  423k
[Log] Running futurerestore with command: ../saved/futurerestore_linux --latest-sep --latest-baseband --use-pwndfu -t /home/ubuntu/restoring to 14.6/977093122412326_iPad5,1_j96ap_14.6-18F72_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 /home/ubuntu/restoring to 14.6/iPad_64bit_TouchID_14.6_18F72_Restore.ipsw
Version: v2.0.0(625e0ec61b962b6bea22625fd3315f4734604d45-320)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.91-cb10d973d0af78cc55020d4cf1187c28fad0f2a0-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
Checking for updates...
Futurerestore is up to date!
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket /home/ubuntu/restoring to 14.6/977093122412326_iPad5,1_j96ap_14.6-18F72_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 is done
User specified to use latest signed SEP
Cached /tmp/futurerestore/sep.im4p not found, downloading a new one.
Downloading SEP
100 [===================================================================================================>]
Checking if SEP is being signed...
Sending TSS request attempt 1... response successfully received
SEP is being signed!
User specified to use latest signed baseband
futurerestore: failed with exception:
[exception]:
what=Could not get BasebandFirmware path

code=204013622
line=3113
file=/tmp/Builder/repos/futurerestore/src/futurerestore.cpp
commit count=320
commit sha  =625e0ec61b962b6bea22625fd3315f4734604d45
[Log] Restoring done! Read the message below if any error has occurred:
* If you are getting the error: "could not retrieve device serial number",
 -> Try restoring with the jailbreak option enabled
* Please read the "Troubleshooting" wiki page in GitHub before opening any issue!
* Your problem may have already been addressed within the wiki page.
* If opening an issue in GitHub, please provide a FULL log/output. Otherwise, your issue may be dismissed.

* Save the terminal output now if needed.
* Legacy iOS Kit v24.05.04 (21fafe1)
* Platform: linux (Ubuntu 23.10) 

[LukeZGD]

I seem to have missed this baseband check issue for A8 and newer futurerestoring. Fixing now

[mrgarbagegamer]

We have another problem! @LukeZGD

 *** Legacy iOS Kit ***
 - Script by LukeZGD -

* Version: v24.05.05 (3343f5e)
* Platform: linux (Ubuntu 23.10) 

* Device: iPad5,1 (j96ap) in Normal mode
* iOS Version: 15.8.1 (19H380)
* ECID: 977093122412326

* Only select unmodified IPSW for the selection. Do not select custom IPSWs

* Selected Target IPSW: /home/ubuntu/restoring to 14.6/iPad_64bit_TouchID_14.6_18F72_Restore.ipsw
* Target Version: 14.6-18F72
* Check the SEP/BB compatibility chart: https://docs.google.com/spreadsheets/d/1Mb1UNm6g3yvdQD67M413GYSaJ4uoNhLgpkc7YKi3LBs

* Selected Target SHSH: /home/ubuntu/restoring to 14.6/977093122412326_iPad5,1_j96ap_14.6-18F72_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2
* Generator: 0x1111111111111111
* Selected SHSH file is validated

 > Main Menu > Restore/Downgrade > Other (Use SHSH Blobs)
[Input] Select an option:
1) Select Target IPSW
2) Select Target SHSH
3) Start Restore
4) Go Back
#? 3
* The device needs to be in recovery/DFU mode before proceeding.
[Input] Send device to recovery mode? (Y/n): y
[Log] Entering recovery mode...
[Log] Finding device in Recovery mode...
[Log] Found device in Recovery mode.
* Get ready to enter DFU mode.
* If you already know how to enter DFU mode, you may do so right now before continuing.
[Input] Select Y to continue, N to exit recovery mode (Y/n) y
* Get ready...
02 01 
* Hold TOP and HOME buttons.
10 09 08 07 06 05 04 03 02 01 
* Release TOP button and keep holding HOME button.
08 07 06 05 04 03 02 01 
[Log] Found device in DFU mode.
[Log] Placing device to pwnDFU mode using gaster
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: RESET
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SETUP
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: SPRAY
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Stage: PATCH
ret: true
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
CPID: 0x7000
Found the USB handle.
Now you can boot untrusted images.
usb_timeout: 5
usb_abort_timeout_min: 0
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227
Found the USB handle.
[Log] Downloading firmwares.json...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 4585k    0 4585k    0     0  11.0M      0 --:--:-- --:--:-- --:--:-- 11.0M
[Log] Checking firmware keys in ../resources/firmware/iPad5,1/18F72
[Log] Starting local server for firmware keys: /usr/bin/python3 -m http.server -b 127.0.0.1 8888
[Log] Waiting for local server
Serving HTTP on 127.0.0.1 port 8888 (http://127.0.0.1:8888/) ...
127.0.0.1 - - [05/May/2024 21:33:10] "GET / HTTP/1.1" 200 -
[Log] futurerestore nightly will be used for this restore: https://github.com/futurerestore/futurerestore
[Log] Checking for futurerestore updates...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  128k    0  128k    0     0   329k      0 --:--:-- --:--:-- --:--:--  329k
[Log] futurerestore nightly update detected, downloading.
rm: cannot remove '../saved/futurerestore_linux': No such file or directory
[Log] Downloading futurerestore-Linux-x86_64-RELEASE.zip...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 1935k    0 1935k    0     0  1578k      0 --:--:--  0:00:01 --:--:-- 8342k
futurerestore
linux_fix.sh
[Log] Running futurerestore with command: ../saved/futurerestore_linux --latest-sep --no-baseband --use-pwndfu -t /home/ubuntu/restoring to 14.6/977093122412326_iPad5,1_j96ap_14.6-18F72_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 /home/ubuntu/restoring to 14.6/iPad_64bit_TouchID_14.6_18F72_Restore.ipsw
Version: v2.0.0(625e0ec61b962b6bea22625fd3315f4734604d45-320)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.91-cb10d973d0af78cc55020d4cf1187c28fad0f2a0-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
Checking for updates...
Futurerestore is up to date!
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket /home/ubuntu/restoring to 14.6/977093122412326_iPad5,1_j96ap_14.6-18F72_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh2 is done
User specified to use latest signed SEP
Cached /tmp/futurerestore/sep.im4p not found, downloading a new one.
Downloading SEP
100 [===================================================================================================>]
Checking if SEP is being signed...
Sending TSS request attempt 1... response successfully received
SEP is being signed!

WARNING: user specified is not to flash a baseband. This can make the restore fail if the device needs a baseband!

If you added this flag by mistake, you can press CTRL-C now to cancel
Continuing restore in 10 9 8 7 6 5 4 3 2 1 Downloading the latest firmware components...
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as j96ap, iPad5,1
Extracting BuildManifest from iPSW
Product version: 14.6
Product build: 18F72 Major: 18
Device supports Image4: true
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
checking if the APTicket is valid for this restore...
Verified ECID in APTicket matches the device's ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"OK (found "msys" with matching hash)
[IMG4TOOL] checking hash for "AppleLogo"               OK (found "logo" with matching hash)
[IMG4TOOL] checking hash for "BatteryCharging0"        OK (found "chg0" with matching hash)
[IMG4TOOL] checking hash for "BatteryCharging1"        OK (found "chg1" with matching hash)
[IMG4TOOL] checking hash for "BatteryFull"             OK (found "batF" with matching hash)
[IMG4TOOL] checking hash for "BatteryLow0"             OK (found "bat0" with matching hash)
[IMG4TOOL] checking hash for "BatteryLow1"             OK (found "bat1" with matching hash)
[IMG4TOOL] checking hash for "BatteryPlugin"           OK (found "glyP" with matching hash)
[IMG4TOOL] checking hash for "DeviceTree"              OK (found "dtre" with matching hash)
[IMG4TOOL] checking hash for "KernelCache"             OK (found "krnl" with matching hash)
[IMG4TOOL] checking hash for "LLB"                     OK (found "illb" with matching hash)
[IMG4TOOL] checking hash for "OS"                      OK (found "rosi" with matching hash)
[IMG4TOOL] checking hash for "RecoveryMode"            OK (found "recm" with matching hash)
[IMG4TOOL] checking hash for "RestoreDeviceTree"       OK (found "rdtr" with matching hash)
[IMG4TOOL] checking hash for "RestoreKernelCache"      OK (found "rkrn" with matching hash)
[IMG4TOOL] checking hash for "RestoreLogo"             OK (found "rlgo" with matching hash)
[IMG4TOOL] checking hash for "RestoreRamDisk"          OK (found "rdsk" with matching hash)
[IMG4TOOL] checking hash for "RestoreSEP"              OK (found "rsep" with matching hash)
[IMG4TOOL] checking hash for "RestoreTrustCache"       OK (found "rtsc" with matching hash)
[IMG4TOOL] checking hash for "SEP"                     OK (found "sepi" with matching hash)
[IMG4TOOL] checking hash for "StaticTrustCache"        OK (found "trst" with matching hash)
[IMG4TOOL] checking hash for "SystemVolume"            OK (found "isys" with matching hash)
[IMG4TOOL] checking hash for "ftap"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC"                    OK (found "ibec" with matching hash)
[IMG4TOOL] checking hash for "iBSS"                    OK (found "ibss" with matching hash)
[IMG4TOOL] checking hash for "iBoot"                   OK (found "ibot" with matching hash)
[IMG4TOOL] checking hash for "rfta"                    IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts"                    IGN (no digest in BuildManifest)
Verified APTicket to be valid for this restore
Variant: Customer Erase Install (IPSW)
This restore will erase all device data.
Device found in DFU Mode.
Getting firmware keys for: j96ap
Patching iBSS
Extracting iBSS.ipad5.RELEASE.im4p (Firmware/dfu/iBSS.ipad5.RELEASE.im4p)...
payload decrypted
iBoot64Patch: Staring iBoot64Patch!
iOS 14 iBoot detected!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: Added unlock nvram patch!
iBoot64Patch: Added freshnonce patch!
iBoot64Patch: has_kernel_load is false!
iBoot64Patch: Applying patch=0x18038df30 : 000080d2
iBoot64Patch: Applying patch=0x18038dfd4 : 000080d2
iBoot64Patch: Patches applied!
Patching iBEC
Extracting iBEC.ipad5.RELEASE.im4p (Firmware/dfu/iBEC.ipad5.RELEASE.im4p)...
payload decrypted
iBoot64Patch: Staring iBoot64Patch!
iOS 14 iBoot detected!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: Added unlock nvram patch!
iBoot64Patch: Added freshnonce patch!
iBoot64Patch: has_kernel_load is true!
iBoot64Patch: Added debugenabled patch!
iBoot64Patch: Added bootarg patch!
iBoot64Patch: Applying patch=0x87000f6ec : 000080d2
iBoot64Patch: Applying patch=0x87000f740 : 000080d2
iBoot64Patch: Applying patch=0x870003824 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x870003d90 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x87002e60c : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x870014c68 : 1f2003d5
iBoot64Patch: Applying patch=0x8700110a0 : 200080d2
iBoot64Patch: Applying patch=0x87001260c : 5a662210
iBoot64Patch: Applying patch=0x8700572d4 : 72643d6d6430206e616e642d656e61626c652d7265666f726d61743d307831202d76202d726573746f72652064656275673d30783230313465206b65657073796d733d30783120616d66693d3078666620616d66695f616c6c6f775f616e795f7369676e61747572653d30783120616d66695f6765745f6f75745f6f665f6d795f7761793d3078312063735f656e666f7263656d656e745f64697361626c653d30783100
iBoot64Patch: Patches applied!
Repacking patched iBSS as IMG4
Repacking patched iBEC as IMG4
Sending iBSS (201200 bytes)...
[==================================================] 100.0%
Booting iBSS, waiting for device to disconnect...
Booting iBSS, waiting for device to reconnect...
Sending iBEC (793072 bytes)...
[==================================================] 100.0%
Booting iBEC, waiting for device to disconnect...
Booting iBEC, waiting for device to reconnect...
INFO: device serial number is F9FV14C1GHKJ
ApNonce pre-hax:
Getting ApNonce in recovery mode... d7 65 7e 2e 47 52 b5 60 29 2d a7 1b db de 76 26 ec b1 4b 13 
ApNonce from device doesn't match IM4M nonce, applying hax...
Writing generator=0x1111111111111111 to nvram!
Sending iBEC (793072 bytes)...
[==================================================] 100.0%
Booting iBEC, waiting for device to disconnect...
Booting iBEC, waiting for device to reconnect...
APnonce post-hax:
Getting ApNonce in recovery mode... d7 65 7e 2e 47 52 b5 60 29 2d a7 1b db de 76 26 ec b1 4b 13 
Cleaning up...
[exception]:
what=ApNonce from device doesn't match IM4M nonce after applying ApNonce hax. Aborting!
code=55640118
line=849
file=/tmp/Builder/repos/futurerestore/src/futurerestore.cpp
commit count=320
commit sha  =625e0ec61b962b6bea22625fd3315f4734604d45
Done: restoring failed!
[Log] Restoring done! Read the message below if any error has occurred:
* Please read the "Troubleshooting" wiki page in GitHub before opening any issue!
* Your problem may have already been addressed within the wiki page.
* If opening an issue in GitHub, please provide a FULL log/output. Otherwise, your issue may be dismissed.

* Save the terminal output now if needed.
* Legacy iOS Kit v24.05.05 (3343f5e)
* Platform: linux (Ubuntu 23.10) 

[LukeZGD]

That issue is now out of scope for Legacy iOS Kit

It looks like you might need to set nonce manually using dimentio or futurerestore itself