Prometheus downgrade tool released: here is what you need to know

By , Dec 28, 2016

prometheus-header

Today hacker tihmstar released his tool Prometheus, which can be used (in some cases), to upgrade or downgrade iOS to currently unsigned firmwares.
The tool is not foolproof however, so in this article I’ll briefly explain what its limitations are and how to follow tihmstar’s guidance on the tool.

First off, I strongly advise you read through my previous article on Prometheus, because it clarifies the main areas of confusion, the requirements to use the tool, and explains in more detail what the tool is.

Background

Prometheus is not a single GUI tool, but a collection of tools including “nonceenabler”, “futurerestore” and “img4tool”. Together, they have the upgrade/downgrade functionality.

Prometheus can be used in two ways. One uses “nonceenabler” and “futurerestore” together. This is more reliable and faster, but requires a jailbreak, and .shsh2 blobs saved with a generator. The second way uses only “futurerestore”, does not require a jailbreak, but uses a probabilistic attack which may take a long time to work (or not work at all). This second way still requires .shsh2 blobs, but saved with a specific nonce and no generator. This only seems to work for certain devices, and may take forever.

Requirements

  • A 64-bit device, excluding the iPhone 7(+). Do not bother trying with a 32-bit device or an iPhone 7(+).
  • In most cases, a jailbreak on the firmware you are leaving.
    (Not be required on some iPhone 5s and iPad Air, when using the nonce collision method).
  • If using Prometheus with a jailbreak, saved .shsh2 blobs for the firmware you want to restore to, with a generator. The generator is a field within the .shsh2 file, which can be seen by opening it and looking near the end of the document.
  • If using Prometheus with no jailbreak, saved .shsh2 blobs for the firmware you want to restore to, created using one (or more) of the 5 specific nonces given out by tihmstar, which have been found to work most often in a probabilistic attack.
  • If using Prometheus with a jailbreak, the jailbreak must have “tfp0” functionality (“host_get_special_port” workaround is also fine). This rules out some jailbreaks.

Process

There is some confusion over how to follow tihmstar’s process, as it is not unified. Depending on your situation, you may have to follow more than one video to complete the process. If you have your blobs saved with a generator and have a current jailbreak, follow Steps 1 and 2. If you have your blobs saved with the 5 nonces tihmstar made public, and are attempting the process without a jailbreak, go straight to Step 2.

1) The video below shows you how to use your jailbreak to set a specific nonce on your device. The advantage of this is that once the specific nonce has been manually set (which will match the generator in the .shsh2 files you saved), the restore will be accepted immediately on the first try, as the nonce and .shsh2 generators match.

Therefore, using Prometheus this way is recommended if you have a jailbreak. Follow the above video and set your nonce with “nonceenabler”. Once the nonce is set and the device is in recovery mode (from 0:00 – 10:35 in the above video), you can move onto Step 2.

2) The video below shows how to restore an unsigned firmware onto your device, using the “futurerestore” component of Prometheus.

If you just came from Step 1 and have set your nonce, follow the instructions from the beginning of the video up to 5:53, but ignore any talk about the nonce collision method. At 5:53, pay close attention to what he says. Your device will already be in recovery mode and you must leave out the “-w” flag here. Then continue with the instructions (you will not have to wait through the rebooting stage which the video shows).

If you have no jailbreak and started at Step 2, follow the entirety of the video below to the letter, using one of the most generated nonces. It may take a few minutes, or an unknown amount of time, because you will have to use the nonce-collision method. This is probabilistic and relies on some luck/time. You cannot use your jailbreak to immediately create the right nonce for you.

Together, these two videos cover the whole process of downgrading with Prometheus, using both the “nonceenabler jailbreak method” and the “nonce collision no-jailbreak method”.

SEP and basebands

One last thing to note is what tihmstar says about SEP and basebands, which are two parts of the iOS firmwares you will be working with. The information he gives on this can be found from 0:50 – 2:07 in the second video, and this applies to you whichever method you are using. Users of both the “nonceenabler jailbreak method” and the “nonce collision no-jailbreak method” must note this information.

Basically, the SEP and baseband must be taken from a currently signed firmware because they cannot be faked by Prometheus. But SEPs and basebands are not compatible over many iOS versions, so you must use one that is near enough to be compatible. For example, iOS 10.2 is currently signed, so you could use its SEP and baseband. However, you cannot use them to restore to iOS 9 because the gap is too big; they are not compatible. You can use the SEP and baseband from iOS 10.2 to restore to iOS 10.1.1, because they are close enough versions to be compatible.

In summary: you must always use the SEP and baseband from a signed firmware to use Prometheus, but it must also always be compatible with the version you want to restore to. If the SEP and baseband are not compatible with your target firmware, you cannot restore even if they are signed, and vice versa. The version of iOS you are coming from is irrelevant. The version of iOS you want to restore to, and the signed version of SEP/baseband you have, are relevant.

Here are some likely use-cases: 

1) Upgrading from iOS 9.3.3 to 10.1.1. You can use the SEP and baseband from 10.2 to finish the restore. iOS 10.2 SEP and baseband are signed whilst 10.2 is signed. iOS 10.2 SEP and baseband are compatible with 10.1.1 because they are close to each other. The fact that you are on iOS 9.3.3 doesn’t matter, only the destination firmware matters. Possible.

2) Downgrading from iOS 10.2 to 10.1.1. You can use the SEP and baseband from 10.2 to finish the restore. iOS 10.2 SEP and baseband are signed whilst 10.2 is signed. iOS 10.2 SEP and baseband are compatible with 10.1.1 because they are close to each other. The fact that you are on iOS 10.2 doesn’t matter, only the destination firmware matters. (Because there is no jailbreak for 10.2, you can only try this with the nonce collision method). Possible, depending on device (nonce collision method).

3) Downgrading from iOS 10.2 to 9.3.3, you cannot use the SEP and baseband from 10.2 to finish the restore. iOS 10.2 SEP and baseband are signed whilst 10.2 is signed, but iOS 10.2 SEP and baseband are not compatible with 9.3.3 because they are not close enough versions to each other. The fact that you are on iOS 10.2 doesn’t matter, but the fact that your signed SEP version is far from your destination firmware does matter. Not possible.

I will put together a hands-on tutorial at a later date which will show the specific steps involved in these two methods. For now though this article should clarify the two methods of using Prometheus, which one applies to you, and whether you can use either one at all. Good luck!

  • Share:
  • Follow:

  • Mark S

    Oh man is this going to be brutal for so many people to figure out. Many could barely figure out programs when it was just a one button to click shiny GUI.

    Thanks for the write up and video links.

    • Joaquim Barbosa

      Yea, I agree it’s a bit involved. Hopefully I’ve made it clear enough though, it may just take a couple of read-throughs to get it straight. Thanks for reading, I hope it helps you out.

    • Itsyaboy

      Yup deff not for everyone

  • Ash

    Great!

  • Itsyaboy

    How about if I want to restore back to iOS 10.1.1 from 10.1.1, I want to try out the jail break that’s out right now and need a safety net in case something goes wrong or incase the public JB is released and I would need to start from scrtch to JB the stable way

    • Joaquim Barbosa

      That’s possible, so long as iOS 10.2 is signed. While iOS 10.2 is signed, you can use its SEP and baseband to restore 10.1.1 to 10.1.1. Once it is not signed, I can’t say, perhaps the next iOS version will still have a compatible SEP/baseband, perhaps not. But for now, you’re good. Good question!

      • Itsyaboy

        Ahh Gotcha, ok Thanks a lot!

    • droid3000

      is that jb only out for 6s and up?

      • Joaquim Barbosa

        This tool is not a jailbreak, it is for downgrading firmware. If you are referring to Luca’s 10.1.x jailbreak then yes, it is for iP6s and up at the moment, but more devices will be added later. Thanks

      • Diego Milano

        While it is implicit, you may want to write a visible disclaimer about it for the noobies (or distracted) ones out there.

  • p1noyako

    Just give up if you are on iOS10.2

    • Joaquim Barbosa

      You can still downgrade to 10.1.1 from 10.2 if you have your 10.1.1 .shsh2 blobs saved, you just have to use the nonce collision method, which will take longer. iP5s should be fine especially…

      • Arjan Vlek

        Why are 32-bit devices not fine? They should be older and are probably less secure?

      • Dany

        can i downgrade even if i never updated to 10.1.1? i’m currently on 9.3.4, but planning to upgrade to 10.2 if it is possible.

  • askep3

    XD Jailbreak on the firmware you are leaving, so in most cases entirely pointless.

    • Joaquim Barbosa

      The jailbreak on the firmware you are leaving is optional. It is a lot better, admittedly, but the process can sometimes be done without a jailbreak. Most of the people using this guide will already have a jailbreak I think; they will be people who waited on 9.3.3 to see if a 10.1.x jailbreak would be released, and now might want to move up to 10.1.x. It is true that not everyone will be able to make use of this tool though. Cheers!

      • Diego Milano

        I’m not sure about the fact most would be moving from an already jailbroken device but certainly interesting to run a poll- why not do it and find out?

  • Chris Mn

    Okay, so I’m only lost at the tfp0 part. So then on 9.3.3 you cannot use the “jailbroken” method because it doesn’t have tfp0 functionality. My question then is would I upgrade to iOS 10.2 and used my saved .shsh2 to downgrade? End goal: 9.3.3 (jailbroken) to 10.1.1. (Unjailbroken)

    • Chris Ryan

      i have this exact same question^^ if i recall i read that the pangu 9.3.3 jailbreak did not have this tfpo thingy??

      • BasedOnAir

        Rejailbreak your 9.3.3 using Luca Todescos jailbreakme Safari exploit which uses the tfp0 then go from there

      • Chris Ryan

        thanks!

      • Joaquim Barbosa

        As BasedOnAir says, Luca’s web jbme has tfp0. Reboot your device, rejailbreak with Luca’s tool instead of Pangu app, then you can use Prometheus.

    • Mark S

      I’d like to know the answer to this as well. I’m on 9.0.2 on a 6+ and used Pangu v1.0.0 which didn’t use tfp0. Guessing I’m stuck. Hoping for an all devices 10.2 jb.

      • BasedOnAir

        Rejailbreak your 9.3.3 using Luca Todescos jailbreakme Safari exploit which uses the tfp0 then go from there 🙂

      • Mark S

        I’m not on 9.3.3. I’m on 9.0.2.

      • Rolf Bause

        Prometheus works both for upgrading and downgrading, for specific scenarios. You need shsh2 blobs for 10.1.1 tho! You could then iTunes restore to 10.2 and after that – downgrade from 10.2 to 10.1.1 with Prometheus.

      • Mark S

        Thanks for the information! I think I’ll wait until someone can document this.

      • Rolf Bause

        Yeah, I’d recommend that too. There are currently still issues with Prometheus… Again, this will only work anyway, if you saved the 10.1.1 blobs before.

      • Mark S

        Yeah I’ve got the blobs. I figured Apple would stop this if they could since we are all just banging away at their servers trying to do a replay attack.

    • BasedOnAir

      Rejailbreak your 9.3.3 using Luca Todescos jailbreakme Safari exploit which uses the tfp0 then go from there.

    • Joaquim Barbosa

      Luca’s web tool jbme has tfp0. Reboot your device, rejailbreak with Luca’s tool instead of Pangu app, then you can use Prometheus. Cheers.

  • Alan Otelo M. Etó

    I have a device runing with ios 9.3.5

    is it posible to downgrade to ios 9.3.3 to jailbreak?

    • Mark S

      If you watch the video you’ll see tihmstar did this very thing.

      • Andreas

        If you watch the video you’ll see tihmstar did this very thing whilst 9.3.5 was still signed.

  • appletimemac

    I wonder what’s so different in iPhone 7 that it won’t work :/

    • burge

      Perhaps the A10 fusion chip to start with.

    • Joaquim Barbosa

      Yea, I wondered too. I think I remember Luca saying that iP7 has additional hardware based protections, but I can’t say if that is the problem here or not. Thanks for reading.

  • Eliijah Moss

    I’m glad the process is more complicated then the average programs people use. Not only will it set examples for thoughs who want the Ferrari, yet not believing in doing the time to retrieve it (coinciding with the tool ruining the users device), but it will also eliminate those immature people with no experience bit by bit. This tool should be used only by people with experience (developers or long time researchers). If you can’t even pronounce the name of the tool correctly, best bet is that you shouldn’t be downloading/using the program. Just saying.

    • Mark S

      I love complicated jailbreaks. However it would be nice to know up front specifically which jailbreaks/firmwares/devices won’t work with this method. It would at least weed out lots of people who otherwise have hope from pointlessly screwing up their main phone. We’ve never had a jailbreak like this with such an information handicap to start with.

      • Eliijah Moss

        I’m sure the information is within the code itself. The question is, how many people can read it? Tweaks and utilities are becoming more and more for developers, and less and less for the average person. It’s neither a good or a bad thing. It’s becoming more complicated to obtain a jailbreak then it was back in the day with greenp0ison and blackrain and redsnow. I can see why these tools are complicated to use. I’ve stoped jailbreaking for a reason, and it’s because I don’t see the point (opinion, not a fact).

      • Joaquim Barbosa

        Yes, there is a difference between knowing a method is in-depth and will require some ingenuity, and being uninformed as to what it can and can’t do to begin with. Hopefully the article sets out what is literally impossible with this tool, so that you at least know that what you’re trying should work before you begin.

      • Francisco Acevedo

        hi, where to download the tool no link or site thanks

      • Joaquim Barbosa

        The tools are available in the descriptions of the videos on YouTube. Cheers.

    • Amr AlSamahy

      i have to disagree with you on that, the devs of greenp0ison etc..
      could’ve released their tools as cli and as complicated as this one, but
      they chose not to and released it with gui and with as much simple
      guides and steps as possible for the avg. user to follow. we’ve all been avg. user once

      • Eliijah Moss

        Yes… they could have created it without the general idea of making things easier for the people. However, look at the timeline. Back in that time period, jailbreaking was fairly new (in terms of popularity and usage). Even the devs came in with questions. Now, with security being tighter then before and Apple releasing software faster then before, people are adapting to advanced levels of coding. If someone doesn’t know what the tool does or how to work it without the aid of the developer (with “general” instructions included), then that person should leave the program alone. And I’m speaking about my self. I don’t know anything about coding or changing files. I leave it to those who know what they are doing. I don’t pretend to know what I’m doing, then cry about running into problems later. I just leave it along all together.

      • Amr AlSamahy

        that somewhat happened with “Ian” finding the exploit and luca building upon it for the public to jailbreak

      • Eliijah Moss

        Yup. If someone can read it, someone can break it down to people with no knowledge and make it understandable. But the jailbreak community has been flooded with immature kids who only know “wants.” It’s very unlikely, but that could be a slight possibility of making the tool more complicated then it has to be. The less kids (not literally) there are that complain and send rude emails all of the time, the more productive the developers become. No noise, no distractions, no complaints.

      • Amr AlSamahy

        Yeah having to read all of those complains gets ME angry and they are not even directed at me. I think of it like this, as the tools get easier it’s highly unlikely to get many complains. and vice versa

      • Eliijah Moss

        I agree. People always complain about the situations they put themselves in. Oh well

      • Amr AlSamahy

        Haha you can totally have a cake and eat it at the same time, crap why did you bring cake into this now i gotta go buy a cake, hmmm chocolate fudge and brownie maybe.

      • f96lrs

        That’s how u learn

    • Joaquim Barbosa

      I agree with you that people should know their limits and should listen to warnings regarding the difficulty of tools. However, I also think they should be free to try if they please. Otherwise no one could ever improve; it is only by trying and learning that they get to the stage where they can in fact manage these things. I just think that they should be aware of the risks first, and should not complain if they get into difficulty, but should regard it as a challenge and a learning process. Thanks for reading!

    • Hotrod

      I actually agree with you but for you to openly state this makes me think you’re just a hater

      • Eliijah Moss

        Nope. No hater at all. I’m very thankful for what we have received from the community. I’ve never complained about anything that we have gottten from the developers. I actually think they should have charged for such tools.

  • what can downgrade from iOS 10.2 to 10.1.1?
    I have .shsh iOS 10.1.1
    this is iPhone 6s

  • what can downgrade from iOS 10.2 to 10.1.1?
    I have .shsh iOS 10.1.1
    this is iPhone 6s

    • Rene K.

      Yes so long iOS 10.2 is signed !

  • Blip dude

    Whoo!!! That was actually quite a bit to take in. I ended up leaving my phone on 10.1.1 (sadly iPad is on 9.3) so I may consider following this. Thanks for the tutorial.

    • Joaquim Barbosa

      You’re welcome Blip dude! I agree, it’s fairly complicated. I just wrote it out in depth so that it’s all there. Feel free to come back and check it out again to refresh your memory. No need to remember it all first off. You should be sorted with leaving 10.1.1 on your phone, but you could perhaps try this on your iPad if you’re feeling brave, to go up to 10.1.1. If you already have a jb on iPad 9.3 though then perhaps don’t bother, or wait until Luca’s 10.1 jb is stable enough on your particular iPad model. Thanks!

  • Scott Curry

    Welcome to the jailbreak support forums…

  • Nero

    I’m on 9.1.0 jailbreaked on my iPhone 6+ and proud to be !

  • iltas

    can wwe downgrade ios 10.2 to ios 10.1.1

    • Joaquim Barbosa

      That is what the article says, did you read it? It depends if you have .shsh2 for 10.1.1, if you have the correct device (probably iPad Air or iPhone 5s), and if you are able to understand the process for the “nonce collision method”. If the answer to any of those is “no”, then probably not, sorry. Hope this helps!

  • Atul Mann

    Hey the beta 4 of yalu jailbreak has ben released. You think its more stable and now its fine to go from ios 9.3.3 to 10.1.1?? In your last post you adviced to stay away from Yalu.

    • Joaquim Barbosa

      I still advise you to wait Atul. Beta 4 has had some problems, and is still not stable. Don’t worry, I think it will be ready soon, but I would wait for better device support, and some more bug fixes, especially for the stability of Cydia Substrate. I’ll be making a tutorial when I think it’s a good time to give it a try, probably within a week or so. Hope this helps!

      • Atul Mann

        Thanks 🙂

  • Mohammad Sajid

    hi , I am sorry if i sound stupid, but I would appreciate a reply, is it possible to downgrade without shsh2 blobs ?

    • Joaquim Barbosa

      No worries, Mohammad, you don’t sound stupid. This is actually a tough question. In theory, you can downgrade with normal .shsh blobs instead of .shsh2 blobs, but you have to use the “nonce collision method” which is less reliable. You do need blobs of some kind, but not necessarily .shsh2 blobs. It will be much harder to do with .shsh though. Which blobs do you have saved, in what format, and for what device?

      • Mohammad Sajid

        sadly, i did not save any of the blobs 🙁 , guess I’m stuck at 10.2 and without a jailbreak 🙁 🙁

  • M.alikhani

    can i upgrade from jailbroken 9.3.3(Luca Todescos) to 10.1.1?
    i have just 10.2 .shsh2.

    • Joaquim Barbosa

      No, sorry, you can’t. You would need .shsh2 for 10.1.1 to go to 10.1.1. Hope this explains it.

  • Biu

    Lets say you started downgrade proccess using nonce collision method.
    After seeing it is taking forever (guessing nonce) you decided to abort. In what state will your phone be? Is is possible to just reboot phone and be back to point zero?

    • Joaquim Barbosa

      Yup, it will be in recovery mode, a reboot will put it back to normal. You may in fact have to do this if the nonce collisions are taking forever, as you may want to try a different nonce. Cheers!

  • farokh

    so with this method
    you can downgrade an upgrade in limited time until ios 10.2 is singed

    after close ios 10.2 you can NOT downgrade and use 10.2 baseband.
    Am I true???

    • Joaquim Barbosa

      Maybe. The baseband must be signed, so at the moment you can use 10.2 for this process. However, we don’t know if the next baseband is compatible or not. So, maybe when 10.2 is unsigned, 10.2.1 or 10.3 will still have a compatible baseband and we can keep using them, but maybe it will be incompatible, and then we won’t. We don’t know yet. Does that make sense?

    • Masoud

      Yes Possible

  • Way too much hassle. Not worth it by a long shot.

    • Natalie

      It’s only fun for me when it’s on a current firmware and actually works. It’s all for the fun, jailbreaking (besides tetherme) doesn’t give me any features that I 100% need 🙁 Sad but I’m in the sam boat as you

    • Mark S

      I’ve jailbroken from 1.0 to 9.0.2 and it’s been fun all the way. I even did the hardware unlock on the first gen iphone. Having a blast here. Plenty of great apps to buy in the Cydia store and lots of great free tweaks as well. Apple’s walled garden still doesn’t compete with the jailbreak community.

  • HamptonWalley

    Would it be possible to downgrade an Ipad Air 2 to 8.x?

    • Joaquim Barbosa

      Almost certainly not. What iOS version is it on at the moment?

      • HamptonWalley

        10.2. If a jailbrake would come for this IOS, would make possibble the downgrade to 8.x?

      • Joaquim Barbosa

        Sadly, no. As the article says, the problem is with the baseband and SEP. You have to use the 10.2 SEP and baseband to downgrade, and they are not compatible with iOS 9, let alone iOS 8. So I’m afraid you’re out of luck.

      • Riot Nrrrd™

        I’ve got a spare iPad Air on 9.3.3 + JB (Luca’s JB4ME) + saved blobs. I don’t hear many things about iPads on Reddit – has anyone successfully upgraded from 9.3.3 to 10.1.1 on any iPad?

      • Joaquim Barbosa

        That •should• work. I haven’t personally seen a specific case of it being done, but it should work. If you have the 10.1.1 blobs saved correctly. iPad Air has no TouchID so you shouldn’t have the TouchID problems. Is it a cellular version or wifi only? Wifi only is probably more likely to work as no baseband issues.

        HOWEVER, I would wait for now because 10.2 jailbreak support •may• be coming soon. That would solve the entire problem as you could just upgrade normally to 10.2 and jailbreak, without Prometheus at all. Please wait to upgrade until the tool has been released though as otherwise you won’t be able to get back. Hope that helps!

  • Omar Motraji

    want to ask u i have iphone 6s jailbroken ios 9.3.2 i want to upgrade to ios 10.1.1 so i need to foolow step 1 + step 2 and i need these write ?
    shsh 10.1.1
    ipsw 10.2
    futurerestore
    nonceEnabler
    img4tool

    • Joaquim Barbosa

      You follow step 1 and 2 if you have 10.1.1 .shsh2 saved with a generator as well as jailbreak. You will need nonceenabler and futurerestore. I would maybe wait for the 10.1.1 jailbreak to get a little more stable first though. And check your chip is Samsung first.

  • M.Ibrahim Zafar

    so in a nutshell.

    1. if you have your SHSH Blobs for iOS 10.1.1, then only you can downgrade from iOS 10.2 using this method.

    2. As far as the baseband thing is concerned, you need to take the files from the most recent update available i.e. iOS 10.2. If you are planning to downgrade to iOS 10.1.1 (you had SHSH Blobs saved when it was signed) you need to download iOS 10.2 and iOS 10.1.1. You will need the BB and SEP file from iOS 10.2 to make the magic happen because BB cannot be downgraded.

    Hence, the only reason you need stuff from iOS 10.2 is to manipulate Apple in believing that you are not downgrading, but restoring back to iOS 10.2.

    This is my understanding.

    • Joaquim Barbosa

      1) yes, with blobs 10.2-10.1.1. But the tool is not only for this, other firmware combinations are possible. But yes, for 10.2-10.1.1, everything you say is correct.
      2) yep

      Thanks for reading!

  • Diego Milano

    Very interesting. While there is space for human error and my current situation has a lot of advantages as I’m jailbroken on iOS 9.3.3, I still don’t know where to get the baseband nor the SEP (I don’t even know what this stands for).

    • Joaquim Barbosa

      SEP and baseband are taken from the 10.2 ipsw, which you must download. My article does not cover the Prometheus process, only clarifies how to follow the process. The videos show the process itself, and show where to get the SEP and baseband. Hope that helps a bit!

      • ivish

        so if i am on 10.1.1 and want to go to 9.3.3 i can use SEP & baseband from 9.3.5 as its still signing by apple! qould it work? @joaquimbarbosadiscuss

      • Joaquim Barbosa

        Sorry, no. You cannot go from 10.x to 9.x because the SEP and baseband are incompatible. That is the last example I give in my article of what you can and can’t do. Best to stay on 10.1.1 and wait for Luca’s jailbreak to be stable enough for your device. Hope this helps!

      • ivish

        Ok so according to you will he release a jailbreak tool for 32-bit devices? Thanks!

      • Diego Milano

        Ah, gotcha. Yeah, it does help then! I added my comment without watching the videos yet; might as well be a good idea to clarify that’s in the video ahead of time though, for those who just like me go through the words first and wait to watch the videos at a later time (I’m busy now).

  • ivish

    so if i am on 10.1.1 and want to go to 9.3.3 i can use SEP & baseband from 9.3.5 as its still signing by apple! qould it work?

  • Francisco Acevedo

    where to download from please!!! thanks

    • Joaquim Barbosa

      Download links are in the video descriptions on YouTube. Cheers

  • locomambo

    all this talk and no link to download Prometheus wtf!!

    • Joaquim Barbosa

      You clearly didn’t do as I said and actually watch the videos. The download links are in the video descriptions, and he mentions this many times in the videos. Thanks.

      • locomambo

        noted..most of the times you guys post them in the articles..but good to know.thanks

      • Joaquim Barbosa

        Fair. Tihmstar requested to only direct to the videos so he can update those links and not have his work hosted elsewhere. Good luck!

  • Francisco Acevedo

    THANKS, J. Barbosa

  • Arjan Vlek

    Upgraded to 10.2 this morning. With these jailbreak things, almost each time it is “32-bit devices are not supported” or “requires a jailbreak on your current firmware”. The last compatible jailbreak for my device (iPad 4) was the iOS 9.0.x jailbreak! But I believe there is an iBoot vulnerability on the 32-bit devices, so once apple stopped updating IOS for them, maybe there will be a JB?

  • Randall

    This tool
    Is too complex is there a way to do a easy to use program ? Anyone ? Anyone ? Anyone ? ….

    • Mark S

      You could write it yourself and then give it to us…….

      • Randall

        Well let’s say apple heard you by creating a patch easy to use ! Good day

  • Jeep204

    So if I’m on 9.3.3 on a iphone 5s, jailbroken, how can I obtain .shsh2 blobs for 10.1.1 so I can upgrade? or is this not possible ? Thanks!

  • Riku06

    Question: iPhone 7 iOS 10.0.2 Is there a solution to upgrade to 10.1.1 without having saved .shsh2 blobs?

    • Chris Mn

      Unfortunately not brother, this entire process relies on having saved a version of shsh blobs dubbed .shsh2. As those blobs contain specific “data” needed to approve the upgrade to 10.1.1. Hope that helps.

  • Chris Mn

    Hey Guys, feel free to ask me any questions on this topic in regards, compatibility, troubleshooting, etc. Ill try and answer in a timely response as I know Joaquim Barbosa cannot get to every question.

    • Eliijah Moss

      I remember I tried to help people when the IOS 7 jailbreak came out. It’s was a complete disaster. This? Much worse. Just try to stay calm when people ask redundant questions.

  • Omar Motraji

    my shsh2 has rosi tag found but when i open it it doesn’t show methe generator code any solution ? and im4tool always opening as html on my sierra mac os plz help

    • Chris Mn

      in terms of the generator code youre talking about, not sure but for your img4tool opening as an HTML, go ahead and open a fresh terminal and paste this: chmod +x Then drag and drop img4tool into terminal (shows up with file path) and hit enter. Should now be in Unix Executable.

  • Kapil Balagopal

    I’m running iOS 10.0.2 can I update to iOS 10.1 or 10.1.1 using this tool?

  • sosaysi26

    I’m wondering if I can use this method with an iPhone 6 still running iOS 8.4 to upgrade to a version of iOS 9. Thoughts?

    • Riot Nrrrd™

      No because iOS 9.x (for any “x”) is no longer being signed. Only 10.2.