GSM Shop GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > GSM & CDMA Phones / Tablets Software & Hardware Area > iPhone ,iPod & iPad (Apple Inc. Products) > iPhone, iPad, iPod - FAQ, Guide, How To, Tutorials , News

iPhone, iPad, iPod - FAQ, Guide, How To, Tutorials , News iPhone, iPad, iPod Jail break, Activation and Unlocking Step by Step How-To: Help, Guides , Tutorials and News

Reply
 
LinkBack Thread Tools Display Modes
Old 02-01-2017, 10:01   #1 (permalink)
Moderator
 
...:::SHAMIM:::...'s Avatar
 
Join Date: Oct 2011
Location: U.A.E
Posts: 2,356
Member: 1676524
Status: Online
Sonork: 100.1608473
Thanks Meter: 2,712
Donate money to this user
Post How to Restore to iOS 10.2 Unsigned Using Prometheus on iPhone, iPad


Downgrading iOS versions on iPhone, iPod touches, and iPads is a very hot topic among the jailbreak community. There hasn’t really been a way to do it without Apple signing the version you are downgrading to in a long time. However, recently a tool called ‘futurerestore’ or ‘Prometheus’ has been released by Tihmstar, giving people the ability to restore to unsigned iOS versions if you have the correct SHSH blobs for it.


This tool is quite complicated to use, and isn’t 100% finished yet, but as long as you do everything correct, you can restore an iOS device to an unsigned iOS version. The tool is currently only compatible with macOS and Linux, but Windows support should be coming in the future. This downgrade method is also not a perfect one. It does have a few down sides and side effects. This mainly being that it doesn’t work all the time.

So why would you want to restore to iOS 10.2? The main reason everyone would want to restore their device to iOS 10.2 is to get a fresh install, ready to be jailbroken, without having to update to the latest version. iOS 10.2.1 is currently the only version being signed by Apple, which cannot be jailbroken at the moment. This would normally mean that if something happened to your jailbreak forcing you to restore you device, you would also have to update to the latest version and lose your jailbreak. However. using this method you can restore to iOS 10.2 without having to update.
It should be noted however, that this will only work while Apple is signing iOS 10.2.1 (or a newer version that has a SEP compatible with iOS 10.2). This means that when future versions of iOS are released, you may not be able to use this method to restore back to iOS 10.2. This method also requires that you have valid SHSH2 blobs saved for iOS 10.2. If you do not have these saved already, it is too late to save them as Apple no longer signs iOS 10.2. You should always save SHSH2 blobs for every iOS version.
There are two methods of restoring to iOS 10.2 while it is not signed by Apple. The first one requires you to be jailbroken on iOS 10.0 – 10.2 using at least beta 6 of the YALU jailbreak (guide here). This method is almost guaranteed to work as long as you have valid SHSH2 blobs saved. The second method is for devices that are not jailbroken (e.g. are on iOS 10.2.1). This method is not guaranteed to work, and if it does work could take hours or days to complete. It relies on the device generating the same nonce that is in your SHSH2 blob, which isn’t always likely to happen.
Requirements & Notes

  • This downgrade requires you to have SHSH2 blobs saved for iOS 10.2. If you do not have them saved already, you cannot do it anymore as iOS 10.2 is no longer signed by Apple.
  • This tool is currently only compatible with macOS and Linux. Official Windows support should be added at some point. If you are using windows you can install a macOS virtual machine.
  • When using this method to restore to iOS 10.2, Touch ID WILL work. Sometimes when using this method Touch ID wouldn’t work after the restore, but iOS 10.2.1 and iOS 10.2 have the same SEP, so Touch ID works perfectly.
  • This downgrade should work with all 64-bit devices, and maybe 32-bit devices, as long as you have valid SHSH2 blobs for iOS 10.2.
  • This will restore your device and erase all data on it. Make sure to backup in iTunes if you want to keep any data on your device.
  • This exact method will only work while iOS 10.2.1 is being signed by Apple, however it is possible to tweak it if you use files from the latest IPSW file instead.
  • One of these methods requires you to already be jailbroken on iOS 10.0 – 10.2 using at least beta 6 of the YALU jailbreak. If you are not yet jailbroken, you can find out how here.
  • The non-jailbroken method of doing this isn’t guaranteed to work. If it doesn’t work within a day, it probably won’t work at all.
Which Method?

Depending on your iOS version you will need to use a different method (either the jailbreak method or the non-jailbreak method).
  • Running iOS 10.2.1 -> Non-jailbroken method
  • Running iOS 10.0 to 10.2 -> Jailbroken method
  • Running iOS 9.3 to 9.3.3 -> Jailbroken method* (re-jailbreak using jbme.qwertyoruiop.com first)
  • Running iOS 9.3.4 to 9.3.4 -> Non-jailbroken method
  • Running iOS 8.x.x (jailbroken) -> Jailbroken method*
  • Running iOS 8.x.x (not jailbroken) -> Non-jailbroken method
*Using the jailbroken method below iOS 10.0 will require you to run nonceEnabler on your device first.

Download Links

Written Guide

Jailbroken Method:
  1. Create a folder on your desktop called ‘Downgrade’. This is where we are going to keep all of the files needed to downgrade. Keeping everything in one folder makes it much easier to work with.
  2. Download the IPSW files for iOS 10.2.1 and iOS 10.2 from our downloads page here and save them in the ‘Downgrade’ folder you created. Make sure to select the correct IPSW’s for your device.
  3. Download the latest version of ‘futurerestore’ from here and save it in the ‘Downgrade’ folder you created. Extract the ZIP file and make sure the ‘futurerestore_macos’ file is present. Move the ‘futurerestore_macos’ file to the main ‘Downgrade’ folder. You can delete the ZIP and all other extracted files at this point.
  4. Once the iOS 10.2.1 IPSW file has finished downloading, right click on it and click ‘Rename’. Add ‘.zip’ onto the end of the filename to convert it from an IPSW to a ZIP file. You will get a pop-up asking you which extension you want to use. Make sure to select ‘.zip’.
  5. Double click on the new .zip file to extract it’s contents. You need to get 2 (if you are using a non-cellular device) or 3 (if you are using a cellular device) files from the extracted .zip file. These files are the ‘BuildManifest.plist’, the baseband (.bbfw file), and the SEP (.sep file).
    Getting the BuildManifest.plist File
    The ‘BuildManifest.plist’ file should be located in the folder you extracted from the ‘.zip’ file. Copy this file to the ‘Downgrade’ folder.
  6. Getting the Baseband File (Only for Cellular Devices)
    Getting the baseband is a little bit more complicated. The baseband files are located in the ‘Firmware’ folder within the extracted folder. Depending on the IPSW file you downloaded for your device, there may be multiple baseband files in this folder. If there are, you need to make sure you copy the correct one. To check which file is the correct one, you can use the table to the right. For example, if you are using an iPhone 6 Plus, the baseband version would be 5.32.00. Therefore, the baseband file would be named ‘Mav10-5.32.00.Release.bbfw’. Once you have found the correct baseband file, copy it to the ‘Downgrade’ folder. Make sure you copy the .bbfw file and not the .plist file.
  7. Getting the SEP File
    Similarly to the baseband, there are sometimes multiple SEP files in IPSW files for different devices or board configurations (which processor the device has). You need to get the correct SEP file or the downgrade will not work. To do this you will need to know what your devices board configuration is. You can find this using the app store app Battery Memory System Status Monitor on your device. Install it and once open, navigate to the ‘System’ tab located at the top. At the very top it should say the ‘Model’, followed by the board configuration (e.g. N59AP). SEP files are located in ‘Firmware/all_flash/all_flash.<boardconfig>.production’ within the extracted folder. For example if your board configuration is N56AP, the SEP file would be in ‘Firmware/all_flash/all_flash.n56ap.production’. In here you should find a file named ‘sep-firmware’ with the extension ‘.im4p’. Copy this file to the ‘Downgrade folder. Make sure to copy the .im4p file and not the .plist file.
  8. Make sure your device is jailbroken on iOS 10.0 – 10.2 using at least beta 6 of the YALU jailbreak (later versions will also work). If you have not jailbroken using it, you can find out how here.
  9. Find your iOS 10.2 SHSH2 blob file and move it to the ‘Downgrade’ folder. For this to work, you need to get the generator from this file to put onto the iOS device later. To do this, right click on the .shsh2 file and hover the cursor over ‘Open With’. Under this menu click ‘Other…’. From here you need to select a text editor to open the file with. TextEdit will do, but you can also use something else if you like.
  10. Scroll down to the bottom of the SHSH2 file and you should see a ‘generator’ key, followed by a string of characters. This string is the generator you need to put onto your device later. Copy it and save it for later, or just keep the file open.
  11. Open Cydia on the device you want to downgrade and install ‘OpenSSH’. You can find this simply by searching for it.
  12. On you Mac, download and install Python from here (if you already have it installed, you can skip this step).
  13. Since the YALU jailbreak only allows SSH over USB and not Wifi, you will need to run a Python script to SSH over USB. Download iPhoneSSH from here and save it to the ‘Downgrade’ folder. Extract the ‘master.zip’ file and find the 3 files inside the ‘python-client’ folder. Move all of these files to the ‘Downgrade’ folder. At this point you can delete the ‘master.zip’ and all other files extracted from it.
  14. Open the ‘Terminal’ app on your mac either by searching for it in spotlight, or opening through Launchpad. Once open, you need to change the current directory to the one where you saved the ‘tcpreplay.ph’file. To do this type cd <location of tcprelay.py file>. For example:
    Quote:
    cd /Users/Josh/Desktop/Downgrade/
    Next, to run the Python script, type this command into Terminal:
    Quote:
    ./tcprelay.py -t 22:2222
    Once the script starts running, just minimise the Terminal window and leave it running in the background.
  15. Make sure your device is plugged into your computer using the USB cable. Also make sure that when you open iTunes, the device is trusted with your computer. Open a new Terminal window and type this command:
    Quote:
    ssh [email protected] -p 2222
    If the connection is made successfully, you should be asked to type ‘yes’ to confirm the connection. Type ‘yes’ into terminal and you should be asked to enter a password. For the password you should type ‘alpine’ (don’t worry if it doesn’t show you typing it on screen, it is still typing). Tap enter and you should now be connected to your device via SSH.
  16. Now you need to add the generator from the SHSH2 file to your device. To do this, type this command into the SSH terminal (replacing <generator> with your own generator): ‘nvram com.apple.System.boot-nonce=<generator>’. For example:
    Quote:
    nvram com.apple.System.boot-nonce=0x62e1e2495d654857
    Make sure to type it exactly as shown, including capital letters.
  17. You now need to make the ‘futurerestore_macos’ file executable, so that it can be used in Terminal. To do this, open a new Terminal window and change directory to the ‘Downgrade’ folder again as shown in step 10. To make the file executable, simply type this command into terminal:
    Quote:
    chmod +x futurerestore_macos
    You should notice the file’s icon change to a Terminal icon if done correctly.
  18. Now we can actually try to downgrade the device. In the same Terminal window as before, type this command (replacing the parts in the ‘<>’ with your own file names): ./futurerestore_macos -t -iOS 10.2 SHSH2 blob- -b <Baseband file> -p BuildManifest.plist <s -SEP file> -m BuildManifest.plist <iOS 10.2 IPSW File>. For example:
    Quote:
    ./futurerestore_macos -t 7850667594858382_iPhone8,1_n71map_10.2-14C92.shsh2 -b Mav13-2.41.00.Release.bbfw -p BuildManifest.plist -s sep-firmware.n71m.RELEASE.im4p -m BuildManifest.plist iPhone_4.7_10.2_14C92_Restore.ipsw
  19. If you did everything correctly, and your SHSH2 blobs are valid, your device should now start to restore to iOS 10.2. Make sure you do not unplug your device, or close Terminal during this process. If you do, you may be forced to restore to iOS 10.2.1 and you will no longer be able to use this method.
Non-Jailbroken Method:
  1. Create a folder on your desktop called ‘Downgrade’. This is where we are going to keep all of the files needed to downgrade. Keeping everything in one folder makes it much easier to work with.
  2. Download the IPSW files for iOS 10.2.1 and iOS 10.2 from our downloads page here and save them in the ‘Downgrade’ folder you created. Make sure to select the correct IPSW’s for your device.
  3. Download the latest version of ‘futurerestore’ from here and save it in the ‘Downgrade’ folder you created. Extract the ZIP file and make sure the ‘futurerestore_macos’ file is present. Move the ‘futurerestore_macos’ file to the main ‘Downgrade’ folder. You can delete the ZIP and all other extracted files at this point.
  4. Once the iOS 10.2.1 IPSW file has finished downloading, right click on it and click ‘Rename’. Add ‘.zip’ onto the end of the filename to convert it from an IPSW to a ZIP file. You will get a pop-up asking you which extension you want to use. Make sure to select ‘.zip’.
  5. Double click on the new .zip file to extract it’s contents. You need to get 2 (if you are using a non-cellular device) or 3 (if you are using a cellular device) files from the extracted .zip file. These files are the ‘BuildManifest.plist’, the baseband (.bbfw file), and the SEP (.sep file).
    Getting the BuildManifest.plist File
    The ‘BuildManifest.plist’ file should be located in the folder you extracted from the ‘.zip’ file. Copy this file to the ‘Downgrade’ folder.
  6. Getting the Baseband File (Only for Cellular Devices)
    Getting the baseband is a little bit more complicated. The baseband files are located in the ‘Firmware’ folder within the extracted folder. Depending on the IPSW file you downloaded for your device, there may be multiple baseband files in this folder. If there are, you need to make sure you copy the correct one. To check which file is the correct one, you can use the table to the right. For example, if you are using an iPhone 6 Plus, the baseband version would be 5.32.00. Therefore, the baseband file would be named ‘Mav10-5.32.00.Release.bbfw’. Once you have found the correct baseband file, copy it to the ‘Downgrade’ folder. Make sure you copy the .bbfw file and not the .plist file.
  7. Getting the SEP File
    Similarly to the baseband, there are sometimes multiple SEP files in IPSW files for different devices or board configurations (which processor the device has). You need to get the correct SEP file or the downgrade will not work. To do this you will need to know what your devices board configuration is. You can find this using the app store app Battery Memory System Status Monitor on your device. Install it and once open, navigate to the ‘System’ tab located at the top. At the very top it should say the ‘Model’, followed by the board configuration (e.g. N59AP). SEP files are located in ‘Firmware/all_flash/all_flash.<boardconfig>.production’ within the extracted folder. For example if your board configuration is N56AP, the SEP file would be in ‘Firmware/all_flash/all_flash.n56ap.production’. In here you should find a file named ‘sep-firmware’ with the extension ‘.im4p’. Copy this file to the ‘Downgrade folder. Make sure to copy the .im4p file and not the .plist file.
  8. Find your iOS 10.2 SHSH2 blob file and move it to the ‘Downgrade’ folder.
  9. Open the ‘Terminal’ app on your mac either by searching for it in spotlight, or opening through Launchpad. Once open, you need to change the current directory to the one where you saved the ‘futurerestore_macos’file. To do this type cd <location of futurerestore_macos file>. For example:
    Quote:
    cd /Users/Josh/Desktop/Downgrade/
  10. You now need to make the ‘futurerestore_macos’ file executable, so that it can be used in Terminal. To do this, simply type this command into terminal:
    Quote:
    chmod +x futurerestore_macos
    You should notice the file’s icon change to a Terminal icon if done correctly.
  11. Now we can actually try to downgrade the device. In the same Terminal window as before, type this command (replacing the parts in the ‘<>’ with your own file names): ./futurerestore_macos -t <iOS 10.2 SHSH2 blob> -b <Baseband file> -p BuildManifest.plist -s <SEP file> -m BuildManifest.plist -w <iOS 10.2 IPSW File>. For example:
    Quote:
    ./futurerestore_macos -t 7850667594858382_iPhone8,1_n71map_10.2-14C92.shsh2 -b Mav13-2.41.00.Release.bbfw -p BuildManifest.plist -s sep-firmware.n71m.RELEASE.im4p -m BuildManifest.plist -w iPhone_4.7_10.2_14C92_Restore.ipsw
  12. If you did everything correctly, your device should now be put into recovery mode and will reboot over and over again. Each time it reboots it generates a different APTicket/Nonce value. The nonce generated by the device needs to match the one in your SHSH2 blob for the restore to take place. This process is not guaranteed to work, and if it does could take hours. You can increase the chances of a nonce collision by specifying multiple iOS 10.2 SHSH2 blob files in the command above (simply add ‘-t <shsh2 filename>’ to the command for each blob you have). If your device does find a matching nonce and begins to restore, make sure you do not unplug your device, or close Terminal during this process. If you do, you may be forced to restore to iOS 10.2.1 and you will no longer be able to use this method. If you don’t have any luck and want to give up trying, simply close Terminal and follow this guide to get your device out of recovery mode.






Video Tutorial is Here:

http://www.youtube.com/watch?v=fDAeVZ7-N_w


Original Source: iPodHacks142

Last edited by ...:::SHAMIM:::...; 02-05-2017 at 19:22. Reason: Source Added!
  Reply With Quote
The Following User Says Thank You to ...:::SHAMIM:::... For This Useful Post:
Old 02-02-2017, 11:22   #2 (permalink)
Moderator
 
Sitlay KING's Avatar
 
Join Date: Jan 2011
Location: Throne of GsmHosting
Posts: 1,593
Member: 1483853
Status: Offline
Sonork: 100.1611111
Thanks Meter: 1,628
This guide dont have any worth if users dont know what is SHSH2 and how they can save it.
Don't forget to mention source if you copy/paste stuff without permit.
  Reply With Quote
Old 02-02-2017, 14:04   #3 (permalink)
Moderator
 
...:::SHAMIM:::...'s Avatar
 
Join Date: Oct 2011
Location: U.A.E
Posts: 2,356
Member: 1676524
Status: Online
Sonork: 100.1608473
Thanks Meter: 2,712
Donate money to this user
How to save shsh2 blobs that have inside the video tutorial! and obviously my next thread if post is copy/paste then will mention to source.
  Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 



All times are GMT +1. The time now is 18:41.



Powered by Searchlight © 2024 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2023 -
Page generated in 0.20907 seconds with 8 queries

SEO by vBSEO