Downgrading and upgrading to unsigned iOS versions on iPhone, iPod touches, and iPads is a very hot topic among the jailbreak community. Not too long ago a tool called ‘futurerestore’ or ‘Prometheus’ was released by tihmstar, giving people the ability to restore to unsigned iOS versions if you have the correct SHSH blobs for it.
This tool is quite complicated to use, but as long as you do everything correctly, you can restore an iOS device to an unsigned iOS version. The tool is currently only compatible with macOS and Linux, but Windows support should be coming in the future. This restore method is also not a perfect one. It does have a few downsides and side effects. This mainly being that it doesn’t work without already being jailbroken.
So why would you want to restore to iOS 11.1.2? The main reason everyone would want to restore their device to iOS 10.2 is to be ready for the upcoming jailbreak for iOS 11.0 – 11.1.2. If you are currently jailbroken on iOS 10, you will most likely want to upgrade and keep your jailbreak if possible. Since iOS 11.1.2 is no longer being signed by Apple, you are not able to restore to it without using this method.
It should be noted, however, that this will only work while Apple is signing iOS 11.2.1 (or a newer version that has a SEP compatible with iOS 11.1.2). This means that when future versions of iOS are released, you may not be able to use this method to restore back to iOS 11.1.2. This method also requires that you have valid SHSH2 blobs saved for iOS 11.1.2. If you do not have these saved already, it is too late to save them as Apple no longer signs iOS 11.1.2. You should always save SHSH2 blobs for every iOS version. It is also worth mentioning that if you do not have SHSH2 blobs for iOS 11.1.2, you will not be able to use someone else’s, as these blobs are specific to each device.
Requirements & Notes
- This downgrade requires you to have SHSH2 blobs saved for iOS 11.1.2. If you do not have them saved already, you cannot do it anymore as iOS 11.1.2 is no longer signed by Apple.
- This tool is currently only compatible with macOS and Linux. Official Windows support should be added at some point. If you are using windows you can install a macOS virtual machine.
- When using this method to restore to iOS 11.1.2, Touch ID WILL work. Sometimes when using this method Touch ID wouldn’t work after the restore, but iOS 11.1.2 and iOS 11.2.1 have the same SEP, so Touch ID works perfectly.
- This downgrade should work with all 64-bit devices as long as you have valid SHSH2 blobs for iOS 11.1.2.
- This will restore your device and erase all data on it. Make sure to backup in iTunes if you want to keep any data on your device.
- This exact method will only work while iOS 11.2.1 is being signed by Apple, however, it is possible to tweak it if you use files from the latest IPSW file instead.
- This method requires you to already be jailbroken on iOS 10.0 – 10.2 using at least beta 6 of the YALU jailbreak. If you are not yet jailbroken, you can find out how here.
- If you get any errors with futurerestore or have any questions, please read this post before asking for help.
- If you are running iOS 10.2.1, you will need to jailbreak using Saigon first.
- Create a folder on your desktop called ‘Downgrade’. This is where we are going to keep all of the files needed to downgrade. Keeping everything in one folder makes it much easier to work with.
- Download the IPSW files for iOS 11.2.1 and iOS 11.1.2 from our downloads page here and save them in the ‘Downgrade’ folder you created. Make sure to select the correct IPSW’s for your device.
- Download the latest version of ‘futurerestore’ from here and save it in the ‘Downgrade’ folder you created. Extract the ZIP file and make sure the ‘futurerestore_macos’ file is present. Move the ‘futurerestore_macos’ file to the main ‘Downgrade’ folder. You can delete the ZIP and all other extracted files at this point.
- Once the iOS 11.2.1 IPSW file has finished downloading, right click on it and click ‘Rename’. Add ‘.zip’ onto the end of the filename to convert it from an IPSW to a ZIP file. You will get a pop-up asking you which extension you want to use. Make sure to select ‘.zip’.
- Double click on the new .zip file to extract its contents. You need to get 2 (if you are using a non-cellular device) or 3 (if you are using a cellular device) files from the extracted .zip file. These files are the ‘BuildManifest.plist’, the baseband (.bbfw file), and the SEP (.sep file).
Getting the BuildManifest.plist File
The ‘BuildManifest.plist’ file should be located in the folder you extracted from the ‘.zip’ file. Copy this file to the ‘Downgrade’ folder.
Getting the Baseband File (Only for Cellular Devices)
Getting the baseband is a little bit more complicated. The baseband files are located in the ‘Firmware’ folder within the extracted folder. Depending on the IPSW file you downloaded for your device, there may be multiple baseband files in this folder. If there are, you need to make sure you copy the correct one. To check which file is the correct one, you can use the table to the right. For example, if you are using an iPhone 6 Plus, the baseband version would be 6.30.04. Therefore, the baseband file would be named ‘Mav10-6.30.04.Release.bbfw’ (may begin with ‘ICE’ instead of ‘Mav’ for some devices). Once you have found the correct baseband file, copy it to the ‘Downgrade’ folder. Make sure you copy the .bbfw file and not the .plist file.
Getting the SEP File
Similarly to the baseband, there are sometimes multiple SEP files in IPSW files for different devices or board configurations (which processor the device has). You need to get the correct SEP file or the downgrade will not work. To do this you will need to know what your devices board configuration is. You can find this using the app store app Battery Memory System Status Monitor on your device. Install it and once open, navigate to the ‘System’ tab located at the top. At the very top, it should say the ‘Model’, followed by the board configuration (e.g. D221AP). SEP files are located in ‘Firmware/all_flash/’ within the extracted folder. For example, if your board configuration is D221AP, the SEP file would be in ‘Firmware/all_flash’. In here you should find a file named ‘sep-firmware.d221.RELEASE’ with the extension ‘.im4p’. Copy this file to the ‘Downgrade folder. Make sure to copy the .im4p file and not the .plist file.
- Make sure your device is jailbroken on iOS 10.0 – 10.2.1 using at least beta 6 of the YALU jailbreak, or Saigon. If you have not jailbroken using Yalu, you can find out how here.
- Find your iOS 11.1.2 SHSH2 blob file and move it to the ‘Downgrade’ folder. For this to work, you need to get the generator from this file to put onto the iOS device later. To do this, right-click on the .shsh2 file and hover the cursor over ‘Open With’. Under this menu click ‘Other…’. From here you need to select a text editor to open the file with. TextEdit will do, but you can also use something else if you like.
- Scroll down to the bottom of the SHSH2 file (or possibly somewhere in the middle) and you should see a ‘generator’ key, followed by a string of characters. This string is the generator you need to put onto your device later. Copy it and save it for later, or just keep the file open.
- Open Cydia on the device you want to downgrade and install ‘OpenSSH’. You can find this simply by searching for it.
- On your Mac, download and install Python from here (if you already have it installed, you can skip this step).
- Since the YALU jailbreak only allows SSH over USB and not Wifi, you will need to run a Python script to SSH over USB. Download iPhoneSSH from here and save it to the ‘Downgrade’ folder. Extract the ‘master.zip’ file and find the 3 files inside the ‘python-client’ folder. Move all of these files to the ‘Downgrade’ folder. At this point, you can delete the ‘master.zip’ and all other files extracted from it.
- Open the ‘Terminal’ app on your mac either by searching for it in spotlight search, or opening through Launchpad. Once open, you need to change the current directory to the one where you saved the ‘tcpreplay.ph’ file. To do this type
cd <location of tcprelay.py file>. For example:
Next, to run the Python script, type this command into Terminal:
./tcprelay.py -t 22:2222
Once the script starts running, just minimise the Terminal window and leave it running in the background.
- Make sure your device is plugged into your computer using the USB cable. Also make sure that when you open iTunes, the device is trusted with your computer. Open a new Terminal window and type this command:
ssh [email protected] -p 2222
If the connection is made successfully, you should be asked to type ‘yes’ to confirm the connection. Type ‘yes’ into terminal and you should be asked to enter a password. For the password, you should type ‘alpine’ (don’t worry if it doesn’t show you typing it on screen, it is still typing). Tap enter and you should now be connected to your device via SSH.
- Now you need to add the generator from the SHSH2 file to your device. To do this, type this command into the SSH terminal (replacing <generator> with your own generator): ‘
nvram com.apple.System.boot-nonce=<generator>’. For example:
Make sure to type it exactly as shown, including capital letters.
- You now need to make the ‘futurerestore_macos’ file executable, so that it can be used in Terminal. To do this, open a new Terminal window and change directory to the ‘Downgrade’ folder again as shown in step 10. To make the file executable, simply type this command into terminal:
chmod +x futurerestore_macos
You should notice the file’s icon change to a Terminal icon if done correctly.
- Now we can actually try to downgrade the device. In the same Terminal window as before, type this command (replacing the parts in the ‘<>’ with your own file names):
./futurerestore_macos -t <iOS 11.1.2 SHSH2 blob> -b <Baseband file> -p BuildManifest.plist -s <SEP file> -m BuildManifest.plist <iOS 11.1.2 IPSW File>. For example:
./futurerestore_macos -t 7850667594858382_iPhone8,1_n71map_11.1.2-14C92.shsh2 -b Mav13-2.41.00.Release.bbfw -p BuildManifest.plist -s sep-firmware.n71m.RELEASE.im4p -m BuildManifest.plist iPhone_4.7_11.1.2_15B202_Restore.ipsw
NOTE: If you are using a non-cellular device that doesn’t require a baseband, remove the
-b <Baseband file> -p BuildManifest.plistfrom the command. You will also need to add
--no-basebandto the end of the command.
- If you did everything correctly, and your SHSH2 blobs are valid, your device should now start to restore to iOS 11.1.2. Make sure you do not unplug your device, or close Terminal during this process. If you do, you may be forced to restore to the latest iOS version and you will no longer be able to use this method.
ALSO SEE: How to Jailbreak iOS 11.0 – 11.1.2 Using LiberiOS on iPhone, iPod touch or iPad