This guide will show you how to downgrade from 16.7.x to 16.6.1 on checkm8-able devices. This guide is for educational purposes only. I am not responsible for any damage caused to your device. Also, this guide can only be followed on a macOS device, although Linux should work, I have not tested it.
You will also lose ALL data on your device, so make sure to back up your important data before following this guide. ( You cannot just backup and restore afaik with iCloud!! )
You will also need blobs for 16.6.1. If you don't know what blobs are, you probably don't have them.
And finally, this guide is not meant to be copy-pasted into a terminal, you should read it and understand at least a few times before attempting to follow it.
The steps are as follows:
- Download a 16.6.1 IPSW for your device. ( I don't think I need to explain this. )
- Compiling futurerestore 'dev' branch.
- Compiling gaster
- Exploiting checkm8 and setting nonce
- Restoring to 16.6.1
You can use ipsw.me to download the 16.6.1 IPSW for your device.
You will need to compile futurerestore from the 'dev' branch, let's start by making a new directory and cloning the futurerestore repository.
mkdir ios-downgrade
cd ios-downgrade
git clone https://github.com/futurerestore/futurerestore.git --branch dev --recursive
cd futurerestoreNow, we need to download the dep-root for our macOS device, go to Cryptic's CDN, click the architecture of your device ( either x86_64 or arm64 ), and download the macOS_arm64_Release_Latest.tar.zst file. Once downloaded, extract it.
cp /path/to/downloaded/file.tar.zst .
zstd -d file.tar.zst
cd dep_root
tar -xvf ../file.tar
cd ..Finally, we can compile futurerestore. ( Change ARCH if necesarry. )
RELEASE=1 ./build.sh -DARCH=x86_64 -DNO_PKGCFG=1Check that you have a futurerestore binary at cmake-build-release/src.
We will need to compile gaster, which is a tool that will allow us to exploit checkm8 easily. Let's start by cloning the gaster repository.
git clone --recursive https://github.com/0x7ff/gaster.git
cd gasterCompiling gaster is really simple, just run make. ( If on linux, run make libusb )
makeCheck that you have a gaster binary in the current directory.
Now, we will need to exploit checkm8 and set our nonce. First, we need to put our device into DFU mode. You can use palera1n -D as a DFU helper.
Once in DFU mode, we can exploit checkm8 and set our nonce.
./gaster pwn
./gaster resetGo back to where you have your futurerestore binary and run the following command to set your nonce.
./futurerestore -t /path/to/blob.shsh2 -0 -1 -3 -7 /path/to/16.6.1.ipswIMPORTANT: If futurerestore gets stuck with Waiting for device to reconnect / disconnect, you can safely unplug and replug the device. But only if it gets stuck here.
Also, futurerestore may give a error that it failed to set nonce, in my experience, it actually did work. So just try to follow the rest of the guide.
Force Reboot your device back into recovery by using the button combination for your device, then what I usually do is palera1n -D and then exiting palera1n before actually entering DFU. This will place us into recovery mode.
Finally, we can restore to 16.6.1.
./futurerestore -t /path/to/blob.shsh2 -0 -1 /path/to/16.6.1.ipswIf everything went well, your device should now be restoring to 16.6.1, give it some time, and you should be good to go. If anything goes wrong, you can always try the process again, but I probably won't help you.
https://discord.gg/kTFeHCrN