Prolific iOS hacker tihmstar has finally released the highly-anticipated downgrade tool called 'Prometheus' for 64-bit iOS devices, which enables users to downgrade or upgrade iOS to currently unsigned firmware. The tool comes with its own limitations and hence it is imperative to understand the requirements and the various ways to use the tool.
It must be noted that Prometheus is an aggregate of tiny tools including futurerestore, nonceenabler and img4tool, which will together bring the upgrade/downgrade capability on 64-bit iOS devices.
As iDownloadBlog reports, there are two ways of using the Prometheus upgrade/downgrade functionality on eligible devices with access to .shsh2 blobs.
The first method uses nonceenabler and futurerestore together for a faster and stable output, wherein it requires a jailbroken device with access to .shsh2 blobs as well as a generator.
The second method employs a probabilistic attack with futurerestore tool and it works without a jailbreak, but takes a longer time to get the desired result. Furthermore, it works only on specific devices with access to .shsh2 blobs and a saved specific nonce without a generator.
- Any 64-bit device, apart from the iPhone 7 Plus should work flawlessly. Do not attempt this procedure on 32-bit iOS devices.
- You need a jailbroken iOS firmware in order to use Prometheus tool. Some older devices like iPhone 5s and iPad Air are expected to work fine using nonce collision method and without the use of a jailbreak.
- For using Prometheus tool on jailbroken devices, you will need saved .shsh2 blobs for the firmware that you want to restore to, along with a generator.
- If using Prometheus on non-jailbroken devices, you will need saved .shsh2 blobs that were created with five specific nonces offered by tihmstar for the firmware you want to restore to. These nonces are expected to work flawlessly in any probabilistic attack.
- It must be noted that Prometheus tool works on any jailbroken device with tfp0 functionality.
Folks at iDownloadBlog have shared a couple of detailed video guides to set nonce with honceEnabler (jailbreak method) and how to downgrade 64-bit iOS devices (non-jailbreak method). Check out the two videos below:
Also, check out our step-by-step guide to auto save .shsh2 blobs for downgrading to unsigned iOS firmware, using Prometheus.