Prometheus: Upcoming Tool Will Allow Users to Downgrade or Upgrade to Unsigned iOS Firmware Version

iOS hacker tihmstar has announced the upcoming release of his tool Prometheus. And no, it doesn’t steal fire from the gods for you to foster the burgeoning potential of your race. Instead, he claims it will be the first tool capable of upgrading and downgrading 64-bit iOS devices to unsigned firmwares.

 If successful, this would be welcome news for the jailbreak community, allowing movement between firmwares for which you have saved your blobs, even after Apple’s signing windows have closed.

Apple has been using a two-pronged strategy to stay ahead of the cat and mouse game with jailbreakers. It has been releasing software updates to patch security vulnerabilities that could be used for a jailbreak like they did in iOS 10.2, and they also stop signing the firmware files of older iOS versions, to ensure that jailbreakers cannot downgrade back to an iOS version that can be jailbroken. So a tool to downgrade or upgrade to an iOS version that Apple has stopped signing would be quite groundbreaking.

To use the Prometheus tool, you first need to save the SHSH blobs. tihmstar has released a new tool called tsschecker, which saves them in a new format called .shsh2. You can download it from this github link, and use this guide to save the .shsh2 blobs. We will also publish a step-by-step guide shortly.

The tsschecher is currently available only for 64-bit iOS devices. You will also need a jailbroken device to use Prometheus to downgrade or upgrade to an unsigned iOS firmware. The jailbreak also must have “tfp0” functionality, though “host_get_special_port” workaround would be fine. So a device jailbroken using Pangu 9.1 would be eligible. Tudesco’s web-based Pangu 9.3.3 jailbreak loader also enables it.

Tihmstar has elaborated further on the workings of the tool, and also posted a teaser/explanation video which shows the first steps of using it, which you can watch below.

For some, the process of saving the .shsh2 blobs may be too much hassle or they may not get round to it in time, but even if not, the release of this tool signifies something exciting for the community. After years of devs and bloggers like me telling people to save their blobs just in case, it has been proven again that given enough time, a way can be found to leverage them in an unsigned downgrade/upgrade. Even if the current usages may be limited (as people may not have the correct .shsh2 saved in time, or may not have a jailbreak to move from), the fact that 64-bit devices can be manipulated in this way is news in and of itself. Who knows what other improvements can be made to the process in future?

 


blog comments powered by Disqus
Octofinder Blog Catalog