Important
This guide has moved to Google Docs.
Important
This guide has moved to Google Docs.
I can't pwn dfu on iPad 6th gen iOS 15.5, macOS big sur
Getting the device into pwn/ dfu mode is one of the most challenging parts. I’d look up the procedures for your exact device on YouTube. This one worked for some of the devices I was using: https://youtu.be/IMaD_vz5O3Q
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:
Continuing with given SHSH
File verified as SHSH2 file, continuing
Getting generator from SHSH
Your generator is: 0x1111111111111111
Either unsupported device or no device found.
Exiting..
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:
Continuing with given SHSH File verified as SHSH2 file, continuing Getting generator from SHSH Your generator is: 0x1111111111111111 Either unsupported device or no device found. Exiting..
In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:
Continuing with given SHSH File verified as SHSH2 file, continuing Getting generator from SHSH Your generator is: 0x1111111111111111 Either unsupported device or no device found. Exiting..
In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.
I installed both via homebrew. Also I have Big Sur, could it be a problem? On homebrew page it says it is supported on Big Sur. Also i have M1 chip on my mac
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:
Continuing with given SHSH File verified as SHSH2 file, continuing Getting generator from SHSH Your generator is: 0x1111111111111111 Either unsupported device or no device found. Exiting..
In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.
I installed both via homebrew. Also I have Big Sur, could it be a problem? On homebrew page it says it is supported on Big Sur. Also i have M1 chip on my mac
You can try some basics like make sure the Mac sees and “trusts” the phone. Also, I remember once having major issues with a usb-c to lightning cable for JB purposes; and using a usb-a to lightning cable fixed communications between the Mac and the phone. Not sure what kind of ports you have on an M1, but you may need an intermediary usb-c to usb-a (female) adapter to test this.
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:
Continuing with given SHSH File verified as SHSH2 file, continuing Getting generator from SHSH Your generator is: 0x1111111111111111 Either unsupported device or no device found. Exiting..
In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.
I installed both via homebrew. Also I have Big Sur, could it be a problem? On homebrew page it says it is supported on Big Sur. Also i have M1 chip on my mac
You can try some basics like make sure the Mac sees and “trusts” the phone. Also, I remember once having major issues with a usb-c to lightning cable for JB purposes; and using a usb-a to lightning cable fixed communications between the Mac and the phone. Not sure what kind of ports you have on an M1, but you may need an intermediary usb-c to usb-a (female) adapter to test this.
Thank you, gonna try with USB a
I have blobs saved
This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:
Continuing with given SHSH File verified as SHSH2 file, continuing Getting generator from SHSH Your generator is: 0x1111111111111111 Either unsupported device or no device found. Exiting..
In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.
I installed both via homebrew. Also I have Big Sur, could it be a problem? On homebrew page it says it is supported on Big Sur. Also i have M1 chip on my mac
You can try some basics like make sure the Mac sees and “trusts” the phone. Also, I remember once having major issues with a usb-c to lightning cable for JB purposes; and using a usb-a to lightning cable fixed communications between the Mac and the phone. Not sure what kind of ports you have on an M1, but you may need an intermediary usb-c to usb-a (female) adapter to test this.
I tried with usb a adapter, Mac is trusted on iPad, even reinstalled ldid and libirecovery via rosetta 2, still doesn't work
hello i have iphone 8 and ios 15.5 haw i can downgrade ios 14.7? please help
Do you have blobs for 14.7?
hello i have iphone 8 and ios 15.5 haw i can downgrade ios 14.7? please help
Do you have blobs for 14.7?
I’m afraid your stuck until a JB is released for your iOS version. Blobs are device-specific. Perhaps somebody (before you) has saved the blobs for your individual handset - you can go here to investigate; otherwise somebody else’s blobs will not work on your device.
hi all. iphone7 ios15.2 can I downgrade the system to any version? like 10.x.x or something. please help
NO SOLUTION FOR A9X IPAD PRO 9.7
NO SOLUTION FOR A9X IPAD PRO 9.7
there's gaster now, so a9x is fine
https://github.com/joshuah345/gaster/tree/imagefix
i tried to upgrade from 14.3 to 14.8. I am getting error signing ticket does not contain generator. But a generator is required for 64 bit pwndfu in iphone 7
Confirmed working on iPhone X (A11) from 15.7 to 14.6 using 19H12 (15.7) SEP/BB.
Make sure to enable also the --no-rsep
option, as it could complain about FDR.
Also, it might show unsuccessful restoring and will pop you back up into recovery mode. As the guide says, click "Exit Recovery" and it will start up the normal boot process.
Yesterday upgraded to 15.7.1 and downgraded to 13.3.1 on IPhone SE 2016 - A9 successfully first trying this guide and failing, it's
outdated...
19H12(15.7.0) is no longer being signed, so you'll immediately get an error if you set Build ID to this val.
15.6 RC1 (19G69) is still signed, setting val to this gets you further, but then at the restore step this error stops the process:
getting keys failed with error: 14745615 (failed to get FirmwareJson from Server).
So after some reading I found out that only setting the nonce is needed, not firmware flash. On A9 where 15.7.1 is the final IOS version
So the option to check in step 2 is no rsep - no restore, and as mentioned pwned restore and set nonce.
This sets up our blobs nonce, gets SEP/BB from 15.7.1, and you can just flash original firmware - steps from step 3.
Newer models should use 19G69 and hopefully keys for them will be on the server.
ERROR: Command errored out with exit status 1:
command: /Applications/Xcode.app/Contents/Developer/usr/bin/python3 /Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py get_requires_for_build_wheel /var/folders/_w/tcjktqts2ms6ll49jtx63tbm0000gn/T/tmp9od05enm
cwd: /private/var/folders/_w/tcjktqts2ms6ll49jtx63tbm0000gn/T/pip-install-33t7ko64/cryptography
you fixed it ?
PLEASE help me im getting this error "what=getting keys failed with error: 14745615 (failed to get FirmwareJson from Server). Are keys publicly available?"
downgrading from 16 to 14.6 on ipad 6th gen no baseband.
worked nicely, ty alexia
Thanks for this guide - worked great yesterday on my iPhone SE 1st Gen
Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used
I hope that this downgrade way is not dead for EOL device like this...
Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used
I hope that this downgrade way is not dead for EOL device like this...
I just successfully did exactly this: downgrade 2 iPhones 7 (A10) and 2 iPadsAir2 (A8X) from 15.7.8 to 15.4.1. Instead of the GUI I used this most actual version of futurerestore. Nightly build version 306. Used on an ubuntu linux v.20.04.
Hello guys, in my case I need to update an iPad mini from iOs 15.4.1 to 15.7, it's possible?, because I don't wanna update to iOs 16
Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used
I hope that this downgrade way is not dead for EOL device like this...I just successfully did exactly this: downgrade 2 iPhones 7 (A10) and 2 iPadsAir2 (A8X) from 15.7.8 to 15.4.1. Instead of the GUI I used this most actual version of futurerestore. Nightly build version 306. Used on an ubuntu linux v.20.04.
I've tried this on Windows and Windows methods but didn't worked. On Linux it works so probably, Windows version of futurerestore is not updated even from the nightly builds and maybe it's even discontinued so for Windows PCs, the futurerestore is broken. Linux is recommended and only supported option for things like this..
But I've forced to use the blobs that doesn't have 0x11*** but instead the default generator apnonce info the jailbroken users used to restore the device, I've used pwned DFU mode with pwned generator that doesn't begin with 0x11*** but actually it begins with the same unique for my device and that blobs file that is not jailbroken-based 0x11*** but it's actually a real apnonce.
That worked well but not using Windows, only Linux.
Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used
I hope that this downgrade way is not dead for EOL device like this...I just successfully did exactly this: downgrade 2 iPhones 7 (A10) and 2 iPadsAir2 (A8X) from 15.7.8 to 15.4.1. Instead of the GUI I used this most actual version of futurerestore. Nightly build version 306. Used on an ubuntu linux v.20.04.
Hi, @Haeckli. I almost have the same device with you which is an iPhone 7 Plus(A10) and on 15.7.8. I want downgrade it from 15.7.8 to 15.4.1, but I do not have SHSH blobs(15.0-15.4.1). So how can I deal with my device to get it downgraded. By the way, does your iPhone 7's touch id and passcode work well?
Hi, @Haeckli. I almost have the same device with you which is an iPhone 7 Plus(A10) and on 15.7.8. I want downgrade it from 15.7.8 to 15.4.1, but I do not have SHSH blobs(15.0-15.4.1). So how can I deal with my device to get it downgraded. By the way, does your iPhone 7's touch id and passcode work well?
Hi @augumn,
first thing to say: everything (including touchID and passcode) works absolutely flawless after downgrading my iPhone 7.
The bad news is: NO blobs - NO downgrade. Sorry for you...
Hi, @Haeckli. I almost have the same device with you which is an iPhone 7 Plus(A10) and on 15.7.8. I want downgrade it from 15.7.8 to 15.4.1, but I do not have SHSH blobs(15.0-15.4.1). So how can I deal with my device to get it downgraded. By the way, does your iPhone 7's touch id and passcode work well?
Hi @augumn, first thing to say: everything (including touchID and passcode) works absolutely flawless after downgrading my iPhone 7. The bad news is: NO blobs - NO downgrade. Sorry for you...
Thanks. Next I will try sunst0rm.
Thanks. Next I will try sunst0rm.
Never looked at that ... Good luck
I have blobs saved