Skip to content

Instantly share code, notes, and snippets.

@0xallie
Last active June 8, 2024 20:31
Show Gist options
  • Save 0xallie/aac55c97f7925cddcf5ec3167f85dfe8 to your computer and use it in GitHub Desktop.
Save 0xallie/aac55c97f7925cddcf5ec3167f85dfe8 to your computer and use it in GitHub Desktop.
Guide for downgrading checkm8 devices
@deargosep
Copy link

I have blobs saved

This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634

when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:

Continuing with given SHSH
File verified as SHSH2 file, continuing
Getting generator from SHSH
Your generator is: 0x1111111111111111
 
Either unsupported device or no device found.
Exiting..

In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.

I installed both via homebrew. Also I have Big Sur, could it be a problem? On homebrew page it says it is supported on Big Sur. Also i have M1 chip on my mac

You can try some basics like make sure the Mac sees and “trusts” the phone. Also, I remember once having major issues with a usb-c to lightning cable for JB purposes; and using a usb-a to lightning cable fixed communications between the Mac and the phone. Not sure what kind of ports you have on an M1, but you may need an intermediary usb-c to usb-a (female) adapter to test this.

Thank you, gonna try with USB a

@deargosep
Copy link

I have blobs saved

This post (below) summarized step-by-step what worked for me. Hope it helps in your case...
https://gist.github.com/nyuszika7h/aac55c97f7925cddcf5ec3167f85dfe8?permalink_comment_id=4144634#gistcomment-4144634

when I'm using noncergulator from your post, it says that libirecovery is not installed. first three times macOS thrown me an error message saying libirecovery is corrupted and should be deleted. after that it asks me for shsh2 file path, I paste it and then there is this error:

Continuing with given SHSH
File verified as SHSH2 file, continuing
Getting generator from SHSH
Your generator is: 0x1111111111111111
 
Either unsupported device or no device found.
Exiting..

In my case, I needed both ldid and libirecovery installed via homebrew for it to work in macOS Monterey.

I installed both via homebrew. Also I have Big Sur, could it be a problem? On homebrew page it says it is supported on Big Sur. Also i have M1 chip on my mac

You can try some basics like make sure the Mac sees and “trusts” the phone. Also, I remember once having major issues with a usb-c to lightning cable for JB purposes; and using a usb-a to lightning cable fixed communications between the Mac and the phone. Not sure what kind of ports you have on an M1, but you may need an intermediary usb-c to usb-a (female) adapter to test this.

I tried with usb a adapter, Mac is trusted on iPad, even reinstalled ldid and libirecovery via rosetta 2, still doesn't work

@showmak
Copy link

showmak commented Jul 15, 2022

hello i have iphone 8 and ios 15.5 haw i can downgrade ios 14.7? please help
Do you have blobs for 14.7?

@xrotorhead
Copy link

xrotorhead commented Jul 15, 2022

hello i have iphone 8 and ios 15.5 haw i can downgrade ios 14.7? please help
Do you have blobs for 14.7?

I’m afraid your stuck until a JB is released for your iOS version. Blobs are device-specific. Perhaps somebody (before you) has saved the blobs for your individual handset - you can go here to investigate; otherwise somebody else’s blobs will not work on your device.

@ceson-l
Copy link

ceson-l commented Jul 29, 2022

hi all. iphone7 ios15.2 can I downgrade the system to any version? like 10.x.x or something. please help

@iyedess
Copy link

iyedess commented Jul 31, 2022

NO SOLUTION FOR A9X IPAD PRO 9.7

@joshuah345
Copy link

joshuah345 commented Aug 11, 2022

NO SOLUTION FOR A9X IPAD PRO 9.7

there's gaster now, so a9x is fine
https://github.com/joshuah345/gaster/tree/imagefix

@robi62
Copy link

robi62 commented Sep 23, 2022

hi its has been a while last time there was not a gui all in terminal I keep getting error
Device did not reconnect Possibly invadid iBEC
What is this error about???
Screenshot 2022-09-23 at 17 38 11

Irebooted laptop and started again and seems to be working it did so happy thanks for your hard work guys

@kirpeace121
Copy link

i tried to upgrade from 14.3 to 14.8. I am getting error signing ticket does not contain generator. But a generator is required for 64 bit pwndfu in iphone 7

@SlimShadys
Copy link

Confirmed working on iPhone X (A11) from 15.7 to 14.6 using 19H12 (15.7) SEP/BB.

Make sure to enable also the --no-rsep option, as it could complain about FDR.

Also, it might show unsuccessful restoring and will pop you back up into recovery mode. As the guide says, click "Exit Recovery" and it will start up the normal boot process.

@lyujie-xm
Copy link

F9C31AAD-5C42-4BB3-8632-554F520FECEE

getting keys failed with error: 14745615 (failed to get FirmwareJson from Server). Are keys publicly available?

A9X

@zillusion
Copy link

zillusion commented Nov 13, 2022

Yesterday upgraded to 15.7.1 and downgraded to 13.3.1 on IPhone SE 2016 - A9 successfully first trying this guide and failing, it's
outdated...
19H12(15.7.0) is no longer being signed, so you'll immediately get an error if you set Build ID to this val.
15.6 RC1 (19G69) is still signed, setting val to this gets you further, but then at the restore step this error stops the process:
getting keys failed with error: 14745615 (failed to get FirmwareJson from Server).

So after some reading I found out that only setting the nonce is needed, not firmware flash. On A9 where 15.7.1 is the final IOS version
So the option to check in step 2 is no rsep - no restore, and as mentioned pwned restore and set nonce.
This sets up our blobs nonce, gets SEP/BB from 15.7.1, and you can just flash original firmware - steps from step 3.
Newer models should use 19G69 and hopefully keys for them will be on the server.

@rilodroid
Copy link

ERROR: Command errored out with exit status 1:
command: /Applications/Xcode.app/Contents/Developer/usr/bin/python3 /Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py get_requires_for_build_wheel /var/folders/_w/tcjktqts2ms6ll49jtx63tbm0000gn/T/tmp9od05enm
cwd: /private/var/folders/_w/tcjktqts2ms6ll49jtx63tbm0000gn/T/pip-install-33t7ko64/cryptography

@cuucondiep
Copy link

you fixed it ?

@ziadplayz1
Copy link

PLEASE help me im getting this error "what=getting keys failed with error: 14745615 (failed to get FirmwareJson from Server). Are keys publicly available?"

downgrading from 16 to 14.6 on ipad 6th gen no baseband.

@laatif
Copy link

laatif commented Dec 19, 2022

I keep getting: what=Failed to get apnonce from device! any help ?
Thank you

Screen Shot 2022-12-19 at 9 01 08 PM
Screen Shot 2022-12-19 at 9 01 00 PM

@jijunzeya
Copy link

Yesterday I from 15.6rc1 downgraded to 14.7.1 on IPad5(wifi).But I keep get:what=assure failed. any help ?
Thank you
D3DA9831-3FB8-451B-87DC-7135D3699434
210547AF-3338-410A-BDD6-355CA9EE7C45

@NotDarkn
Copy link

worked nicely, ty alexia

@joshuaseltzer
Copy link

Thanks for this guide - worked great yesterday on my iPhone SE 1st Gen

@admin-elvistrujanovic
Copy link

Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used

I hope that this downgrade way is not dead for EOL device like this...

@Haeckli
Copy link

Haeckli commented Aug 11, 2023

Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used

I hope that this downgrade way is not dead for EOL device like this...

I just successfully did exactly this: downgrade 2 iPhones 7 (A10) and 2 iPadsAir2 (A8X) from 15.7.8 to 15.4.1. Instead of the GUI I used this most actual version of futurerestore. Nightly build version 306. Used on an ubuntu linux v.20.04.

@daibergm
Copy link

Hello guys, in my case I need to update an iPad mini from iOs 15.4.1 to 15.7, it's possible?, because I don't wanna update to iOs 16

@admin-elvistrujanovic
Copy link

admin-elvistrujanovic commented Aug 30, 2023

Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used
I hope that this downgrade way is not dead for EOL device like this...

I just successfully did exactly this: downgrade 2 iPhones 7 (A10) and 2 iPadsAir2 (A8X) from 15.7.8 to 15.4.1. Instead of the GUI I used this most actual version of futurerestore. Nightly build version 306. Used on an ubuntu linux v.20.04.

I've tried this on Windows and Windows methods but didn't worked. On Linux it works so probably, Windows version of futurerestore is not updated even from the nightly builds and maybe it's even discontinued so for Windows PCs, the futurerestore is broken. Linux is recommended and only supported option for things like this..

But I've forced to use the blobs that doesn't have 0x11*** but instead the default generator apnonce info the jailbroken users used to restore the device, I've used pwned DFU mode with pwned generator that doesn't begin with 0x11*** but actually it begins with the same unique for my device and that blobs file that is not jailbroken-based 0x11*** but it's actually a real apnonce.

That worked well but not using Windows, only Linux.

@augumn
Copy link

augumn commented Oct 16, 2023

Guys, I've tried to downgrade from iOS 15.7.8 to 15.4.1 with shsh2 blobs using debian following those instructions but unfortunatelly something goes wrong even after I followed instructions - downgrade didn't even moved from 01% and after that it showed for me that Connection is timed out for the url https://coocoofroggy.me:443 and other urls too. After many trying, it doesn't even showing that message, it just stops saying Waiting for device to enter restore mode - Unable to place device into restore mode. iPhone 7 GSM used
I hope that this downgrade way is not dead for EOL device like this...

I just successfully did exactly this: downgrade 2 iPhones 7 (A10) and 2 iPadsAir2 (A8X) from 15.7.8 to 15.4.1. Instead of the GUI I used this most actual version of futurerestore. Nightly build version 306. Used on an ubuntu linux v.20.04.

Hi, @Haeckli. I almost have the same device with you which is an iPhone 7 Plus(A10) and on 15.7.8. I want downgrade it from 15.7.8 to 15.4.1, but I do not have SHSH blobs(15.0-15.4.1). So how can I deal with my device to get it downgraded. By the way, does your iPhone 7's touch id and passcode work well?

@Haeckli
Copy link

Haeckli commented Oct 16, 2023

Hi, @Haeckli. I almost have the same device with you which is an iPhone 7 Plus(A10) and on 15.7.8. I want downgrade it from 15.7.8 to 15.4.1, but I do not have SHSH blobs(15.0-15.4.1). So how can I deal with my device to get it downgraded. By the way, does your iPhone 7's touch id and passcode work well?

Hi @augumn,
first thing to say: everything (including touchID and passcode) works absolutely flawless after downgrading my iPhone 7.
The bad news is: NO blobs - NO downgrade. Sorry for you...

@augumn
Copy link

augumn commented Oct 17, 2023

Hi, @Haeckli. I almost have the same device with you which is an iPhone 7 Plus(A10) and on 15.7.8. I want downgrade it from 15.7.8 to 15.4.1, but I do not have SHSH blobs(15.0-15.4.1). So how can I deal with my device to get it downgraded. By the way, does your iPhone 7's touch id and passcode work well?

Hi @augumn, first thing to say: everything (including touchID and passcode) works absolutely flawless after downgrading my iPhone 7. The bad news is: NO blobs - NO downgrade. Sorry for you...

Thanks. Next I will try sunst0rm.

@Haeckli
Copy link

Haeckli commented Oct 17, 2023

Thanks. Next I will try sunst0rm.

Never looked at that ... Good luck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment