tsschecker terminal output

It seems tihmstar has been busy putting right the flaws in his suite of tools; just one week after he revealed that a bug in his .shsh2 saving tool TSSChecker had led to all iPhone 7(+) blobs saved with it being invalid, a new update restores the ability to correctly save blobs on Apple’s most recent flagship device.

This may come as small consolation to those who had already saved their iOS 10.1.x blobs with the tool, and for whom it is now too late to re-save, but does bode well for the future. The fact that the problem was so quickly overcome is encouraging for the tool’s longevity going forward, and perhaps in a few months’ time, the iOS 10.2 blobs which can now be correctly saved are the ones everyone will need, for example to downgrade from 10.3 to 10.2 to jailbreak. It does seem that the new trend is for jailbreaks to be released for a firmware which has already gone unsigned, meaning that downgrade tools like Prometheus, and the TSSChecker blobs that it requires may begin to become a major part of the jailbreaking lifecycle in future.

The original fault with TSSChecker lay in the fact that the iP7(+) derives its nonces differently from the generator in comparison to other devices. Without having been able to test this, tihmstar was initially unaware, and so the tool attempted to save APTickets with a generator in the same way as it did with all other devices, leading to invalid blobs. When he discovered the fault, he was unable at first to work out what method the iP7(+) was using to create its nonces from its generators, but given a few days’ work and some collaboration with Luca Todesco, the problem was resolved. TSSChecker v170 and higher are now capable of correctly saving iP7(+) blobs with a generator again.

If you have an iPhone 7 or iPhone 7 Plus, I would recommend re-saving your iOS 10.2 blobs with the newest version of TSSChecker. You never know when they will come in useful, and even Luca Todesco has advised it on a couple of occasions. As I say, in a few months time we may be in a similar situation as we are now with the 10.1.x jailbreak and people stuck on 9.3.x and 10.2, but with an iOS 10.2 jailbreak instead. If that does turn out to be the case, it will be important then to have your iOS 10.2 blobs to use with Prometheus.

The popular tool TSSSaver has been updated to use the latest TSSChecker, so that is probably the quickest way to re-save your iP7(+) blobs if you wish to. Please remember that “futurerestore” is not yet compatible with iP7(+), though support is supposedly coming.

tsssaver download zip

One final interesting piece of Prometheus news from today is that some preliminary evidence has appeared which suggests that some iPhone 6 models may also be susceptible to the “nonce collision” method with Prometheus. This is in addition to the iPhone 5s and iPad Air models which were previously known to be vulnerable to the technique. It is not yet clear how many iP6 are really vulnerable to it, and to make use of this method you would have to run “noncestatistics” on your device and save blobs with your own individual repeating nonces, but in theory it could allow some iP6 devices to upgrade/downgrade with Prometheus without a jailbreak in the future.

Have you re-saved your iPhone 7(+) blobs with TSSChecker? Are you going to find out if your iPhone 6 is susceptible to a Prometheus downgrade without a jailbreak? Let me know below.