Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to downgrade from iOS 15 to iOS 14

How to downgrade from iOS 15 to iOS 14

The latest SEP/BB as of right now is iOS 15.1, and is partially or fully compatible with iOS 14 depending on your device. See the appropriate section for exact compatibility info.

Prequisites

Notes

  • If the exploit fails even after multiple attempts or your device reboots out of DFU mode, you'll have to start over from the beginning and be quicker next time. (You don't have to redownload anything though.) You may have to force restart your device if it's stuck in DFU.

Instructions

Table of Contents
A12 and newer
A11
A10(X)
A9X
A9
A8(X)

A12 and newer

Nope, you can't. At least not until a jailbreak for iOS 15 comes out, but SEP/BB will probably be fully incompatible by then.

A11

IMPORTANT: On the iPhone X, downgrading to iOS 14 will break Face ID and cause other issues (broken RootFS snapshot and OTA updates). The only way to fix it is by restoring to iOS 15.

This very likely also affects A12 and above, but you can't downgrade those devices from iOS 15 currently anyway. It does also apply to upgrading from an earlier version with FutureRestore, though.

There are no issues with iPhone 8(+), Touch ID will work fine.

Compatible versions: 14.3-14.8

Part 1/4: Entering pwned DFU

  1. Put your device in DFU mode.
  2. Download and extract Cryptic's fork of ipwndfu for A11.
  3. Open the extracted folder in a terminal.
  4. Run python2 ipwndfu -p --patch. (On newer Linux distros, you may have to explicitly install Python 2 from your package manager, e.g. sudo apt install python2.)

Part 2/4: Setting nonce

  1. Download and open FutureRestore GUI.
  2. Click "Settings", enable "FutureRestore Beta", then click "Save".
  3. Click "Download FutureRestore".
  4. Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
  5. Click "Next", enable "Pwned Restore" and "Set Nonce", and leave SEP and Baseband on latest. (If you see a "64 Bit Checkm8" option, update FRGUI. You should not use that option.)
  6. Click "Next", and then "Start FutureRestore".

Part 3/4: Restoring

  1. Put your device in recovery mode.
  2. Go back to the previous tab in FutureRestore GUI and uncheck both "Pwned Restore" and "Set Nonce".
  3. Click "Next", and "Start FutureRestore" again.

Part 4/4: Fixup (iPhone X only)

  1. Once the restore starts looping at "No data to read (timeout)", force restart your device.
  2. When you see the recovery mode screen, press "Exit Recovery".
  3. Go through with setup as usual.
  4. Jailbreak your device with checkra1n.
  5. Open the checkra1n loader app and press "Install Cydia". If it complains about a missing RootFS snapshot, tap "Create".
  6. If you want to use Odysseyra1n, after this finishes tap "Restore System" in the loader (or just force close it when it says "Downloading Base System").

Note that this is not a complete fix, as Face ID will still be broken. Taurine may also have issues jailbreaking with the manually fixed up snapshot, but hopefully that will be fixed in the future.

A10(X)

Compatible versions: 14.0-14.8

Part 1/3: Entering pwned DFU

macOS
  1. Put your device in DFU mode.
  2. Download and extract ipwndfu.
  3. Open the extracted folder in a terminal.
  4. Run ./ipwndfu -p.
  5. Download and extract Fugu.
  6. Open the extracted folder in a terminal.
  7. Run ./Fugu rmsigchks.
Linux
  1. Put your device in DFU mode.
  2. Download and extract Cryptic's patched ipwndfu for A10.
  3. Open the extracted folder in a terminal.
  4. Run python2 ipwndfu -p.
  5. Run python2 rmsigchks.py.

Part 2/3: Setting nonce

  1. Download and open FutureRestore GUI.
  2. Click "Settings", enable "FutureRestore Beta", then click "Save".
  3. Click "Download FutureRestore".
  4. Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
  5. Click "Next", enable "Pwned Restore" and "Set Nonce", and leave SEP and Baseband on latest. (If you see a "64 Bit Checkm8" option, update FRGUI. You should not use that option.)
  6. Click "Next", and then "Start FutureRestore".

Part 3/3: Restoring

  1. Put your device in recovery mode.
  2. Go back to the previous tab in FutureRestore GUI and uncheck both "Pwned Restore" and "Set Nonce".
  3. Click "Next", and "Start FutureRestore" again.

A9(X)

Coming soon...

A8(X)-A9

Requires macOS.

Compatible versions: 14.0-14.8

Part 1/3: Entering pwned DFU

  1. Put your device in DFU mode.
  2. Download Eclipsa.
  3. Open the folder in a terminal.
  4. Run killall -STOP AMPDevicesAgent AMPDeviceDiscoveryAgent MobileDeviceUpdater.
  5. Run make and wait for it to compile. (You need to have Xcode installed.) If you cannot compile Eclipsa for some reason, download and extract this zip instead (only compatible with Intel Macs).
  6. If compiled manually, run ./eclipsa. Otherwise, you will need to run the appropriate version for your SoC:
    • A8: ./eclipsa7000
    • A8X: ./eclipsa7001
    • A9: ./eclipsa8000 or ./eclipsa8003
  7. Run killall -CONT AMPDevicesAgent AMPDeviceDiscoveryAgent MobileDeviceUpdater.

Part 2/3: Setting nonce

  1. Download and open FutureRestore GUI.
  2. Click "Settings", enable "FutureRestore Beta", then click "Save".
  3. Click "Download FutureRestore".
  4. Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
  5. Click "Next", enable "Pwned Restore" and "Set Nonce", and leave SEP and Baseband on latest. (If you see a "64 Bit Checkm8" option, update FRGUI. You should not use that option.)
  6. Click "Next", and then "Start FutureRestore".

Part 3/3: Restoring

  1. Put your device in recovery mode.
  2. Go back to the previous tab in FutureRestore GUI and uncheck both "Pwned Restore" and "Set Nonce".
  3. Click "Next", and "Start FutureRestore" again.
@Joshua929zz

This comment has been minimized.

Copy link

@Joshua929zz Joshua929zz commented Nov 5, 2021

Can I run the eclipsa on windows 10

@Joshua929zz

This comment has been minimized.

Copy link

@Joshua929zz Joshua929zz commented Nov 5, 2021

Can you use windows 10

@lionnisgod

This comment has been minimized.

Copy link

@lionnisgod lionnisgod commented Nov 7, 2021

Can you use windows 10

it literally says windows will not work in the prerequisites...

@Joshua929zz

This comment has been minimized.

Copy link

@Joshua929zz Joshua929zz commented Nov 9, 2021

How can i install macos on a515-41g-11ff

@joshuazk9

This comment has been minimized.

Copy link

@joshuazk9 joshuazk9 commented Nov 13, 2021

if i use virtualbox to install mac os can do this method

@Tsumetaayz

This comment has been minimized.

Copy link

@Tsumetaayz Tsumetaayz commented Nov 15, 2021

Nice guide, but FutureRestore wont detect my iPhone 8 on pwned DFU, Im using PopOS 21.04.

@Tsumetaayz

This comment has been minimized.

Copy link

@Tsumetaayz Tsumetaayz commented Nov 15, 2021

Nevermind, just a problem with my front USB... turns out i wasnt lucky enough, it failed and i had to restore to ios 15 again

@Nxckdxnxld

This comment has been minimized.

Copy link

@Nxckdxnxld Nxckdxnxld commented Nov 21, 2021

Hi, I passed part 1 (Entering pwned DFU) but I'm stuck on part 2.
I have followed all the handling but I do not know why Futurestore does not detect my phone (Iphone 8 +)
I also misunderstood part 2 and 3,
because at the end of part 1 my device is in DFU mode,
so to continue do I have to put it manually in recovery? if so, what is part 1 for? if not, futurerestore does not detect it in DFU mode.
Thank you for your reply
I am in IOS 15.1 without jailbreak as we know and this device is also deactivated, I need to downgrade it to 14.7 to be able to jailbreak it and do a bypass
thanks again and sorry for the bad english, i use partially google tradution.

@nyuszika7h

This comment has been minimized.

Copy link
Owner Author

@nyuszika7h nyuszika7h commented Nov 21, 2021

@Nxckdxnxld Pwned DFU mode is only used for setting nonce, after that we restore from normal recovery mode. Technically you can do the restore itself from pwned DFU too, but that's unnecessary if you have normal blobs (it would only be needed for OTA blobs).

Futurerestore normally doesn't recognize devices in DFU, the only exception is when you patch the ROM with ipwndfu and use the --use-ipwndfu option.

(Technical explanation: This is because DFU mode has a different nonce from recovery mode, so without something like the checkm8 exploit your nonce would never match in DFU when you try to futurerestore.)

@Nxckdxnxld

This comment has been minimized.

Copy link

@Nxckdxnxld Nxckdxnxld commented Nov 21, 2021

@nyuszika7h thank you for your reply.
Can you tell me the steps I must follow to successfully downgrade from 15.1 to 14.7
I saved my blobls.
and I also get Pwned DFU mode with ipwndfu-A11-patch-rom

I tried checkm8-nonce-setter it didn't work (I think Iphone 8 plus is not compatible)
I do not know what to do.
I am blocked.
I am well aware of the procedure to follow for making a downgrade but I do not have a jailbreak and I am stuck. (the biggest problem is that iphone 8 plus is not compatible with checkm8-nonce-setter

@Tsumetaayz

This comment has been minimized.

Copy link

@Tsumetaayz Tsumetaayz commented Nov 21, 2021

@Nxckdxnxld If futurerestore doesn't pick up your phone in pwndfu, try to manually start futurerestore with root, my workaround was downloading futurerestore beta and manually starting it with sudo ./futurerestorebeta-v2.0.0 'ipsw location' --use-pwndfu --latest-baseband --latest-sep -t 'blobs location'

also nonce doesn't need to be set (at least in my case)
if you have a APTicket error, download the blobs again.

@Nxckdxnxld

This comment has been minimized.

Copy link

@Nxckdxnxld Nxckdxnxld commented Nov 21, 2021

No way! @nyuszika7h i repeat it thre times, and the same error 👍

nick@nick:~/FutureRestoreGUI/extracted$ sudo '/home/nick/FutureRestoreGUI/extracted/futurerestore-v2.0.0-test' '/home/nick/Bureau/Iphone 8 plus/iPhone_5.5_P3_14.7.1_18G82_Restore.ipsw' --use-pwndfu --latest-baseband --latest-sep -t'/home/nick/Bureau/Iphone 8 plus/8295132879253422_iPhone10,5_d211ap_14.7.1-18G82_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2'
[sudo] Mot de passe de nick :
Version: v2.0.0-test(50a6375391c94624fbe1b2b060d46117de2bc4fc-263)
img4tool version: 0.197-aca6cf005c94caf135023263cbb5c61a0081804f-RELEASE
libipatcher version: 0.88-1e855d70c84419014e363bdbcaead7b145fe3e1f-RELEASE
Odysseus for 32-bit support: yes
Odysseus for 64-bit support: yes
[INFO] 64-bit device detected
futurerestore init done
reading signing ticket /home/nick/Bureau/Iphone 8 plus/8295132879253422_iPhone10,5_d211ap_14.7.1-18G82_27325c8258be46e69d9ee57fa9a8fbc28b873df434e5e702a8b27999551138ae.shsh2 is done
user specified to use latest signed SEP
[TSSC] opening firmwares.json
[DOWN] downloading file https://api.ipsw.me/v2.1/firmwares.json/condensed
[TSSC] selecting latest firmware version: 15.1
[TSSC] got firmwareurl for iOS 15.1 build 19B74
[TSSC] opening Buildmanifest for iPhone10,5_15.1
[DOWN] downloading file https://updates.cdn-apple.com/2021FallFCS/fullrestores/071-63829/40740A87-9FDF-4D81-AB74-535ABCB46EC8/BuildManifest.plist
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
downloading SEP
100 [===================================================================================================>]
[TSSC] opening /tmp/futurerestore/sepManifest.plist
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] User specified to not request a baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1... response successfully received
user specified to use latest signed baseband
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
downloading Baseband
100 [===================================================================================================>]
ERROR: Unable to connect to device?!
ERROR: Unable to get FirmwarePreflightInfo
[WARNING] failed to read BasebandGoldCertID from device! Is it already in recovery?
[WARNING] using tsschecker's fallback to get BasebandGoldCertID. This might result in invalid baseband signing status information
[TSSC] opening /tmp/futurerestore/basebandManifest.plist
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] User specified to request only a Baseband ticket.
Request URL set to https://gs.apple.com/TSS/controller?action=2
Sending TSS request attempt 1... response successfully received
Downloading the latest firmware components...
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
downloading SE firmware
100 [===================================================================================================>]
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d211ap, iPhone10,5
Extracting BuildManifest from iPSW
Product version: 14.7.1
Product build: 18G82 Major: 18
Device supports Image4: true
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
checking APTicket to be valid for this restore...
Verified ECID in APTicket matches device ECID
checking APTicket to be valid for this restore...
Verified ECID in APTicket matches device ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"OK (found "msys" with matching hash)
[IMG4TOOL] checking hash for "AppleLogo" OK (found "logo" with matching hash)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" OK (found "chg0" with matching hash)
[IMG4TOOL] checking hash for "BatteryCharging1" OK (found "chg1" with matching hash)
[IMG4TOOL] checking hash for "BatteryFull" OK (found "batF" with matching hash)
[IMG4TOOL] checking hash for "BatteryLow0" OK (found "bat0" with matching hash)
[IMG4TOOL] checking hash for "BatteryLow1" OK (found "bat1" with matching hash)
[IMG4TOOL] checking hash for "BatteryPlugin" OK (found "glyP" with matching hash)
[IMG4TOOL] checking hash for "DeviceTree" OK (found "dtre" with matching hash)
[IMG4TOOL] checking hash for "ISP" OK (found "ispf" with matching hash)
[IMG4TOOL] checking hash for "KernelCache" OK (found "krnl" with matching hash)
[IMG4TOOL] checking hash for "LLB" OK (found "illb" with matching hash)
[IMG4TOOL] checking hash for "Liquid" OK (found "liqd" with matching hash)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" OK (found "rosi" with matching hash)
[IMG4TOOL] checking hash for "RecoveryMode" OK (found "recm" with matching hash)
[IMG4TOOL] checking hash for "RestoreDeviceTree" OK (found "rdtr" with matching hash)
[IMG4TOOL] checking hash for "RestoreKernelCache" OK (found "rkrn" with matching hash)
[IMG4TOOL] checking hash for "RestoreLogo" OK (found "rlgo" with matching hash)
[IMG4TOOL] checking hash for "RestoreRamDisk" OK (found "rdsk" with matching hash)
[IMG4TOOL] checking hash for "RestoreSEP" OK (found "rsep" with matching hash)
[IMG4TOOL] checking hash for "RestoreTrustCache" OK (found "rtsc" with matching hash)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" OK (found "sepi" with matching hash)
[IMG4TOOL] checking hash for "StaticTrustCache" OK (found "trst" with matching hash)
[IMG4TOOL] checking hash for "SystemVolume" OK (found "isys" with matching hash)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" OK (found "ibec" with matching hash)
[IMG4TOOL] checking hash for "iBSS" OK (found "ibss" with matching hash)
[IMG4TOOL] checking hash for "iBoot" OK (found "ibot" with matching hash)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
Verified APTicket to be valid for this restore
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Device found in DFU Mode.
Getting firmware keys for: d211ap
Patching iBSS
Extracting iBSS.d21.RELEASE.im4p (Firmware/dfu/iBSS.d21.RELEASE.im4p)...
payload decrypted
Compression detected, uncompressing (bvx2): ok
iBoot64Patch: Staring iBoot64Patch!
iOS 14 iBoot detected!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: Added unlock nvram patch!
iBoot64Patch: Added freshnonce patch!
iBoot64Patch: has_kernel_load is false!
iBoot64Patch: Applying patch=0x180032094 : 000080d2
iBoot64Patch: Applying patch=0x180032098 : c0035fd6
iBoot64Patch: Applying patch=0x18001f8a8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18001f8f8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18006a36c : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x180038c64 : 1f2003d5
iBoot64Patch: Patches applied!
[WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression
Patching iBEC
Extracting iBEC.d21.RELEASE.im4p (Firmware/dfu/iBEC.d21.RELEASE.im4p)...
payload decrypted
Compression detected, uncompressing (bvx2): ok
iBoot64Patch: Staring iBoot64Patch!
iOS 14 iBoot detected!
iBoot64Patch: Inited ibootpatchfinder64!
iBoot64Patch: Added sigpatches!
iBoot64Patch: Added unlock nvram patch!
iBoot64Patch: Added freshnonce patch!
iBoot64Patch: has_kernel_load is true!
iBoot64Patch: Added debugenabled patch!
iBoot64Patch: Added bootarg patch!
iBoot64Patch: Applying patch=0x180032094 : 000080d2
iBoot64Patch: Applying patch=0x180032098 : c0035fd6
iBoot64Patch: Applying patch=0x18001f8a8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18001f8f8 : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x18006a36c : 000080d2c0035fd6
iBoot64Patch: Applying patch=0x180038c64 : 1f2003d5
iBoot64Patch: Applying patch=0x180034248 : 200080d2
iBoot64Patch: Applying patch=0x180035854 : 38df3810
iBoot64Patch: Applying patch=0x1800a7438 : 72643d6d6430202d726573746f7265202d70726f6772657373206e616e642d656e61626c652d7265666f726d61743d307831202d762064656275673d30783230313465206b65657073796d733d30783120616d66693d3078666620616d66695f616c6c6f775f616e795f7369676e61747572653d30783120616d66695f6765745f6f75745f6f665f6d795f7761793d3078312063735f656e666f7263656d656e745f64697361626c653d30783100
iBoot64Patch: Patches applied!
[WARNING] BUG WORKAROUND recompressing images with bvx2 makes them not boot for some reason. Skipping compression
Repacking patched bootloaders as IMG4
Sending iBSS (1456091 bytes)...
Cleaning up...
[exception]:
what=ERROR: Unable to send iBSS component: Unable to upload data to device

code=38141969
line=582
file=futurerestore.cpp
commit count=263:
commit sha =50a6375391c94624fbe1b2b060d46117de2bc4fc:
Done: restoring failed!

@Nxckdxnxld

This comment has been minimized.

Copy link

@Nxckdxnxld Nxckdxnxld commented Nov 22, 2021

I repeat it more times but the same problem.
I'm trying using the GUI but stuck here also : irecv_event_cb: device 001d786120a1efae (udid: N/A) connected in DFU mode
============================> ]
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
Finished downloading the latest firmware components!
Found device in DFU mode
requesting to get into pwnRecovery later
Found device in DFU mode
Identified device as d211ap, iPhone10,5
Extracting BuildManifest from iPSW
Product version: 14.7.1
Product build: 18G82 Major: 18
Device supports Image4: true
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
checking APTicket to be valid for this restore...
Verified ECID in APTicket matches device ECID
checking APTicket to be valid for this restore...
Verified ECID in APTicket matches device ECID
[IMG4TOOL] checking buildidentity 0:
[IMG4TOOL] checking buildidentity matches board ... NO
[IMG4TOOL] checking buildidentity 1:
[IMG4TOOL] checking buildidentity matirecv_event_cb: device 001d786120a1efae (udid: N/A) connected in DFU mode
irecv_event_cb: device 001d786120a1efae (udid: N/A) connected in DFU mode
ches board ... NO
[IMG4TOOL] checking buildidentity 2:
[IMG4TOOL] checking buildidentity matches board ... YES
[IMG4TOOL] checking buildidentity has all required hashes:
[IMG4TOOL] checking hash for "AOP" OK (untrusted)
[IMG4TOOL] checking hash for "Ap,SystemVolumeCanonicalMetadata"OK (found "msys" with matching hash)
[IMG4TOOL] checking hash for "AppleLogo" OK (found "logo" with matching hash)
[IMG4TOOL] checking hash for "AudioCodecFirmware" OK (untrusted)
[IMG4TOOL] checking hash for "BasebandFirmware" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "BatteryCharging0" OK (found "chg0" with matching hash)
[IMG4TOOL] checking hash for "BatteryCharging1" OK (found "chg1" with matching hash)
[IMG4TOOL] checking hash for "BatteryFull" OK (found "batF" with matching hash)
[IMG4TOOL] checking hash for "BatteryLow0" OK (found "bat0" with matching hash)
[IMG4TOOL] checking hash for "BatteryLow1" OK (found "bat1" with matching hash)
[IMG4TOOL] checking hash for "BatteryPlugin" OK (found "glyP" with matching hash)
[IMG4TOOL] checking hash for "DeviceTree" OK (found "dtre" with matching hash)
[IMG4TOOL] checking hash for "ISP" OK (found "ispf" with matching hash)
[IMG4TOOL] checking hash for "KernelCache" OK (found "krnl" with matching hash)
[IMG4TOOL] checking hash for "LLB" OK (found "illb" with matching hash)
[IMG4TOOL] checking hash for "Liquid" OK (found "liqd" with matching hash)
[IMG4TOOL] checking hash for "Multitouch" OK (untrusted)
[IMG4TOOL] checking hash for "OS" OK (found "rosi" with matching hash)
[IMG4TOOL] checking hash for "RecoveryMode" OK (found "recm" with matching hash)
[IMG4TOOL] checking hash for "RestoreDeviceTree" OK (found "rdtr" with matching hash)
[IMG4TOOL] checking hash for "RestoreKernelCache" OK (found "rkrn" with matching hash)
[IMG4TOOL] checking hash for "RestoreLogo" OK (found "rlgo" with matching hash)
[IMG4TOOL] checking hash for "RestoreRamDisk" OK (found "rdsk" with matching hash)
[IMG4TOOL] checking hash for "RestoreSEP" OK (found "rsep" with matching hash)
[IMG4TOOL] checking hash for "RestoreTrustCache" OK (found "rtsc" with matching hash)
[IMG4TOOL] checking hash for "SE,UpdatePayload" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "SEP" OK (found "sepi" with matching hash)
[IMG4TOOL] checking hash for "StaticTrustCache" OK (found "trst" with matching hash)
[IMG4TOOL] checking hash for "SystemVolume" OK (found "isys" with matching hash)
[IMG4TOOL] checking hash for "ftap" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "ftsp" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "iBEC" OK (found "ibec" with matching hash)
[IMG4TOOL] checking hash for "iBSS" OK (found "ibss" with matching hash)
[IMG4TOOL] checking hash for "iBoot" OK (found "ibot" with matching hash)
[IMG4TOOL] checking hash for "rfta" IGN (no digest in BuildManifest)
[IMG4TOOL] checking hash for "rfts" IGN (no digest in BuildManifest)
Verified APTicket to be valid for this restore
[TSSR] Checking BuildIdentity 0
[TSSR] Checking BuildIdentity 1
[TSSR] Checking BuildIdentity 2
[TSSR] Selected BuildIdentity for request
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Device found in DFU Mode.
Getting firmware keys for: d211ap
Repacking patched bootloaders as IMG4
Sending iBSS (1456091 bytes)...
Cleaning up...
[exception]:
what=ERROR: Unable to send iBSS component: Unable to upload data to device

@oliveirarafa

This comment has been minimized.

Copy link

@oliveirarafa oliveirarafa commented Nov 25, 2021

@nyuszika7h Do you know if A9X really will be possible? I searched a lot to find a way to downgrade mine but couldn't find a way;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment