Is it possible to decrypt iOS 6 .shsh/extract the nonce and if so, how?

[Shiriko-star]

iPad Mini (2,5) - not attempting to use the re-restore bug.

Attempting to run the tool I get:

./apticket-nonce-checker.py 424815784-ipad2,5-6.1.3.shsh Parsing APTicket. ERROR: OpenSSL returned unexpected output when parsing APTicket.

Looking at the closed issue and following instructions: apticket-nonce-checker admin$ openssl asn1parse -inform DER -in 424815784-ipad2,5-6.1.3.shsh 0:d=0 hl=4 l= 0 prim: <ASN1 1416>
4:d=0 hl=2 l= 0 prim: EOC
42481595784-ipad2,5-6.1.3.shsh.zip

apticket-nonce-checker admin$ plutil -convert xml1 424815784-ipad2,5-6.1.3.shsh 424815784-ipad2,5-6.1.3.shsh: Property List error: Unexpected character at line 1 / JSON error: JSON text did not start with array or object and option to allow fragments not set.

Blob attached.

[axi0mX]

The .shsh file was also compressed with gzip. This worked:

$ unzip 42481595784-ipad2.5-6.1.3.shsh.zip 42481595784-ipad2,5-6.1.3.shsh
Archive:  42481595784-ipad2.5-6.1.3.shsh.zip
  inflating: 42481595784-ipad2,5-6.1.3.shsh  
$ file 42481595784-ipad2,5-6.1.3.shsh 
42481595784-ipad2,5-6.1.3.shsh: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
$ cat 42481595784-ipad2,5-6.1.3.shsh | gunzip > 42481595784-ipad2,5-6.1.3.plist
$ file 42481595784-ipad2,5-6.1.3.plist 
42481595784-ipad2,5-6.1.3.plist: Apple binary property list
$ plutil -convert xml1 42481595784-ipad2,5-6.1.3.plist 
$ file 42481595784-ipad2,5-6.1.3.plist 
42481595784-ipad2,5-6.1.3.plist: XML 1.0 document text, ASCII text
$ ./apticket-nonce-checker.py 42481595784-ipad2,5-6.1.3.plist 
Parsing APTicket from SHSH file.
APTicket does not have a nonce.