Thursday, November 7, 2024

improve – Can I set up any iOS model I want by selecting and selecting which firmware to revive?

Notice: There’s a new technique of downgrading/upgrading that does not require Apple to be presently signing, and it really works on newer units that are not current within the first listing of my reply beneath. The device for it’s referred to as futurerestore (codenamed Prometheus). The most important caveat to this device is that you just have to be jailbroken normally earlier than initiating the restore (and also you solely have one shot, so a failed restore will pressure you to put in a signed firmware) (if that signed firmware can be jailbreakable, then technically you get second possibilities, however it’s uncommon for that to be the case until there is a bootrom exploit to your gadget). Proper now, the perfect tutorial for Prometheus is by @iPodHacks142 and is endorsed by the creator of Prometheus, @tihmstar. I will probably be updating this reply later to clarify extra about it, however I needed to get this data posted right here sooner slightly than later.

Different Notice: I’m lacking details about the unique Odysseus which permits a couple of 32-bit iOS units to downgrade within the iOS 6 and seven vary.

Different Different Notice: There’s an even newer technique of downgrading/upgrading that can permit nearly all 32-bit units (does not embody the 32-bit units that may set up iOS 10) to go from iOS 9.3.5 firmware to some other iOS 9.X firmware.

Different Different Different Notice: There’s an new bootrom exploit for A5 to A11 units referred to as checkm8. It will probably will let you set up any IPSW so long as legitimate SHSH blobs are supplied (it’s unclear should you want a sound APTicket as effectively, as it has been demonstrated it is not essential in some circumstances).

Once I discover a while, I’ll add these to the reply beneath. My reply continues to be up-to-date (apart from something having to do with these notes).


Briefly, until you will have one of many following units (units with A4 processors or earlier, hereafter known as “pre-A5 units”), you can not set up something aside from the iOS variations that Apple presently indicators:

  • iPhone (1st era)
  • iPhone 3G
  • iPhone 3GS
  • iPhone 4
  • iPod contact (1st era)
  • iPod contact (2nd era)
  • iPod contact (third era)
  • iPod contact (4th era)
  • iPad (1st era)
  • Apple TV (2nd era)

The next subset of units don’t make the most of SHSH blobs, and might due to this fact set up any model of iOS at-will:

  • iPhone (1st era)
  • iPod contact (1st era)

You will need to word that whereas all units listed within the first part do have working bootrom exploits, there are various kinds of bootrom exploits, and every permit for various ranges of boot manipulation.

The next units can make the most of a particular bootrom exploit that enables for putting in any model of iOS with out SHSH blobs:

  • iPhone 3G
  • iPhone 3GS (previous bootrom)
  • iPod contact (2nd era)
  • iPod contact (third era)

The next units have a special bootrom exploit generally known as limera1n, which permits set up of any model of iOS so long as legitimate SHSH blobs are supplied:

  • iPhone 3GS (new bootrom)
  • iPhone 4
  • iPod contact (4th era)
  • iPad (1st era)
  • Apple TV (2nd era)

Extra Data

Putting in iOS on any gadget utilizing a bootrom exploit requires you to place your gadget right into a state generally known as Pwned DFU, which lets you set up customized firmware. You will additionally want:

In case you do occur to fall into the small group of customers which have all of those items, take into account your self fortunate, as you need to use iFaith by iH8sn0w to sew your SHSH blobs into the firmware to create a customized IPSW that you need to use with iTunes after you set your gadget into Pwned DFU utilizing iREB inside iFaith.

Additional Analysis

Not all cases of the iPhone 3GS are the identical. Fashions manufactured in early 2010 or earlier (previous bootrom) have a bootrom exploit that enables for downgrading with out SHSH blobs, whereas newer fashions (new bootrom) have a separate exploit that enables for downgrading with SHSH blobs.

It’s in truth attainable to put in iOS variations that Apple is not singing anymore on units newer than pre-A5 units in very particular circumstances. The 2 units that qualify are the iPhone 4S and the iPad (2nd era). Utilizing redsn0w, the iPad (2nd era) may be downgraded to iOS 5 from any newer model, and the iPhone 4S can transfer from any model of iOS 5.x to some other model of iOS 5.x. Each of those operations require a number of particular units of legitimate SHSH blobs and APTickets.

For all units which comprise an SEP chip (Safe Enclave Processor) (i.e. iPhone 5s and past), an exploit will probably be essential towards the chip itself along with a bootrom exploit, or else the SEP chip will reject the firmware. You possibly can, nevertheless, assemble an .ipsw that comprises an older model of the SEP firmware as long as that older model is being signed or you will have an exploit that permits you to replay the previous signature. If the older model is just not supported on the model of iOS that you just’re putting in, Contact ID and different SEP-dependent options will probably be disabled.

You possibly can save SHSH blobs through the signing window and handle them your self, or you need to use iFaith to have them be saved and managed for you with Saurik’s Cydia server.

For pre-A5 units, it’s often attainable to extract legitimate SHSH blobs and APTickets for the present firmware no matter that firmware’s signing standing. iFaith was developed to carry out this operation. A state of affairs wherein this will not be attainable could be should you arrived in your present firmware by way of an OTA (over the air) replace.

iH8sn0w has some unreleased downgrade exploits for units that don’t comprise an SEP chip.

@unimp0rtanttech (recognized extra generally as n00neimp0rtant within the jailbreak neighborhood) has hinted that he additionally has some downgrade exploits within the works.

Some iOS OTA (over-the-air) firmware photos (for sure variations of iOS for sure units) are nonetheless being signed by Apple. Set up of those photos is feasible, and there’s a device referred to as OdysseusOTA (a derivation of Odysseus) to just do that. You have to be jailbroken to make use of the device, as a result of you could have tfp0 enabled (to bootstrap a customized firmware picture in RAM, which requires modification of the kernel’s VM area). The device bootstraps a customized iBSS that manually installs an OTA firmware picture fully-signed by Apple.

This reply will probably be stored up-to-date as a lot as attainable.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles