LukeZGD

Downgrade and dualboot status of almost all iOS devices

UPDATED: 2024-04-09

• Reddit mirror: https://www.reddit.com/r/iOSDowngrade/comments/j1x7iv/downgrade_and_dualboot_status_of_almost_all_ios/
• GitHub Gist mirror: https://gist.github.com/LukeZGD/9d781f1b03a69fa46869384a9407a41a
• As of updating this post, there is a downgrade tool that utilizes a SEP exploit released. However its device support is currently limited: https://limefix.tech/?product=limefix-sep-utility-testing
• Save SHSH blobs for signed iOS versions using TSS Saver or blobsaver
• GitHub repo for futurerestore nightly: https://github.com/futurerestore/futurerestore
• Delay OTA Guide (updating only): https://ios.cfw.guide/updating-blobless

marcan

/*
 * m1cat: a proof of concept for the M1RACLES vulnerability in the Apple M1.
 * 
 * This program implements a covert channel that can be used to transmit data
 * between two processes when run on the Apple Silicon "M1" CPUs.
 *
 * The channel is slightly lossy due to (presumably) the scheduler sometimes
 * scheduling us on the wrong CPU cluster, so this PoC sends every byte twice
 * together with some metadata/framing bits, which is usually good enough.
 * A better approach would be to use proper FEC or something like that.

marcan

/*
 * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
 * 
 * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
 *
 * Please visit m1racles.com for more information.
 *
 * Licensed under the MIT license.
 */