How to Downgrade 64-bit iDevice?

How to use 3uTools Flash?

Moderators: Lily Lee, jc_3u, Moderators

Jacob Black
Posts: 248
Joined: 27 Jul 2016 14:51
like: 70

How to Downgrade 64-bit iDevice?

Postby Jacob Black » 30 Dec 2016 14:40

Hacker tihmstar released his tool Prometheus, which can be used (in some cases), to upgrade or downgrade iOS to currently unsigned firmwares.

8.jpg
8.jpg (35.3 KiB) Viewed 12110 times


Background

Prometheus is not a single GUI tool, but a collection of tools including “nonceenabler”, “futurerestore” and “img4tool”. Together, they have the upgrade/downgrade functionality.

Prometheus can be used in two ways. One uses “nonceenabler” and “futurerestore” together. This is more reliable and faster, but requires a jailbreak, and .shsh2 blobs saved with a generator. The second way uses only “futurerestore”, does not require a jailbreak, but uses a probabilistic attack which may take a long time to work (or not work at all).

This second way still requires .shsh2 blobs, but saved with a specific nonce and no generator. This only seems to work for certain devices, and may take forever.

Requirements

A 64-bit device, excluding the iPhone 7(+). Do not bother trying with a 32-bit device or an iPhone 7(+).

In most cases, a jailbreak on the firmware you are leaving.

(Not be required on some iPhone 5s and iPad Air, when using the nonce collision method).

If using Prometheus with a jailbreak, saved .shsh2 blobs for the firmware you want to restore to, with a generator. The generator is a field within the .shsh2 file, which can be seen by opening it and looking near the end of the document.

If using Prometheus with no jailbreak, saved .shsh2 blobs for the firmware you want to restore to, created using one (or more) of the 5 specific nonces given out by tihmstar, which have been found to work most often in a probabilistic attack.

If using Prometheus with a jailbreak, the jailbreak must have “tfp0” functionality (“host_get_special_port” workaround is also fine). This rules out some jailbreaks.

Return to “Flash Tutorials”