Important: Please don't use the comment section to ask for help, I most likely won't respond there as I have it muted due to too many notifications. Join r/jailbreak (
#genius-bar
) or FDR Bureau (#futurerestore-support
) instead.
Guide to downgrade checkm8 devices from any version
This is a guide for downgrading (or upgrading) to unsigned versions with futurerestore on checkm8 devices (A11 and below) without needing an actual jailbreak, as the checkm8 exploit itself works in DFU mode regardless. You must have blobs for the version you want to go to, and SEP/BB compatibility may limit how far you can go.
Current SEP compatibility
The currently signed SEP/BB versions are:
- 15.6 RC (compatible with 14.3+ on A11, 14.0+ on other devices)
- 16.2 (compatible with 16.0+)
- 16.3 (compatible with 16.0+)
Compatibility for 15.x SEP:
- iPhone X: Breaks Face ID when downgrading to 15.3.1 or below. Causes more breakage when downgrading to 14.8 or below, but issues apart from Face ID can be fixed by jailbreaking with unc0ver/checkra1n and then installing OTAEnabler.
- iPhone 8: Fully compatible down to 14.3
- A10 and below: Fully compatible down to 14.0 (NOTE: Some issues have been reported, may only work down to 14.3)
Prequisites
- SHSH blobs for the version you want to downgrade to (e.g. from https://tsssaver.1conan.com/, https://shsh.host/)
- macOS or Linux (Ubuntu 20.04 or newer recommended). Windows or a VM will NOT work.
Notes
- If the exploit fails even after multiple attempts or your device reboots out of DFU mode, you'll have to start over from the beginning and be quicker next time. (You don't have to redownload anything though.) You may have to force restart your device if it's stuck in DFU.
- checkm8 is known to have issues on AMD CPUs and may not work if you have one.
Instructions
Table of Contents |
---|
A11 |
A8(X)/A9(X)/A10(X) |
A11
Compatible versions: 14.3 and above
IMPORTANT: On the iPhone X, downgrading to iOS 14.x will break Face ID. The only way to fix it is by updating/restoring to iOS 15.
With iOS 15.4 or newer SEP, downgrading to 15.0-15.3.1 will also break Face ID, and you have to update to 15.4 or above to fix it.
Part 1/4: Entering pwned DFU
macOS
- Put your device in DFU mode.
- Run
wget https://static.palera.in/deps/gaster-Darwin.zip && unzip gaster-Darwin.zip
. - If you're on an Apple Silicon (M1/M2) Mac and haven't already installed Rosetta, do
softwareupdate --install-rosetta
. This only needs to be done once. - Run
./gaster pwn
. - Run
./gaster reset
.
Linux
- Put your device in DFU mode.
- Run
wget https://static.palera.in/deps/gaster-Linux.zip && unzip gaster-Linux.zip
. - Run
sudo ./gaster pwn
. - Run
sudo ./gaster reset
.
Part 2/4: Setting nonce
Note: If you want to use OTA blobs, don't tick "Set Nonce" and restore straight from pwned DFU mode. (Ignore this if you don't know what it is.)
- Download and open FutureRestore GUI.
- Click "Settings", enable "FutureRestore Beta", then click "Save".
- Click "Download FutureRestore".
- Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
- Click "Next", enable "Pwned Restore" and "Set Nonce". Enable "Custom Latest Beta" and set "Custom Latest Build ID" to
19G69
. - Click "Next", and then "Start FutureRestore".
Part 3/4: Restoring
- Your device should now be in recovery mode. If not, enter it manually.
- Go back to the previous tab in FutureRestore GUI and uncheck both "Pwned Restore" and "Set Nonce".
- Click "Next", and "Start FutureRestore" again.
Part 4/4: Fixup (iPhone X 14.x restores only)
If you have an iPhone 8, or are restoring to 15.0 or above, you can skip this section.
- Once the restore starts looping at "No data to read (timeout)", force restart your device.
- When you see the recovery mode screen, press "Exit Recovery".
- Go through with setup as usual.
- Jailbreak your device with checkra1n or unc0ver (not Odysseyra1n or Taurine). This will create an initial RootFS snapshot, as it doesn't get created when the restore is interrupted. If checkra1n complains about the missing snapshot, tap "Create".
- Install OTAEnabler 0.4.0 or newer from https://repo.alexia.lol/ to fix the broken preboot volume which causes issues with OTA updates and Taurine.
- (Optional but recommended) Uninstall OTAEnabler and install https://alexia.lol/noota16.mobileconfig or another OTA blocker.
- If you want to jailbreak with Odysseyra1n or Taurine, restore RootFS and go ahead with installing your preferred jailbreak.
Note that this is not a complete fix, as Face ID will still be broken. That is most likely not possible to fix as it's due to a firmware incompatibility.
A8(X)/A9(X)/A10(X)
Compatible versions: 14.0 and above
Part 1/3: Entering pwned DFU
macOS
- Put your device in DFU mode.
- Run
wget https://static.palera.in/deps/gaster-Darwin.zip && unzip gaster-Darwin.zip
. - If you're on an Apple Silicon (M1/M2) Mac and haven't already installed Rosetta, do
softwareupdate --install-rosetta
. This only needs to be done once. - Run
./gaster pwn
. - Run
./gaster reset
.
Linux
- Put your device in DFU mode.
- Run
wget https://static.palera.in/deps/gaster-Linux.zip && unzip gaster-Linux.zip
. - Run
sudo ./gaster pwn
. - Run
sudo ./gaster reset
.
Part 2/3: Setting nonce
Note: If you want to use OTA blobs, don't tick "Set Nonce" and restore straight from pwned DFU mode. (Ignore this if you don't know what it is.)
- Download and open FutureRestore GUI.
- Click "Settings", enable "FutureRestore Beta", then click "Save".
- Click "Download FutureRestore".
- Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
- Click "Next", enable "Pwned Restore" and "Set Nonce". Enable "Custom Latest Beta" and set "Custom Latest Build ID" to
19G69
. - Click "Next", and then "Start FutureRestore".
Part 3/3: Restoring
- Your device should now be in recovery mode. If not, enter it manually.
- Go back to the previous tab in FutureRestore GUI and uncheck both "Pwned Restore" and "Set Nonce".
- Click "Next", and "Start FutureRestore" again.
So unless i've a macOS device i can't downgrade right now, unless there is a working version on Linux, thank you i am out of luck sadly.