tsschecker terminal output

It seems tihmstar has been busy putting right the flaws in his suite of tools; just one week after he revealed that a bug in his .shsh2 saving tool TSSChecker had led to all iPhone 7(+) blobs saved with it being invalid, a new update restores the ability to correctly save blobs on Apple’s most recent flagship device.

This may come as small consolation to those who had already saved their iOS 10.1.x blobs with the tool, and for whom it is now too late to re-save, but does bode well for the future. The fact that the problem was so quickly overcome is encouraging for the tool’s longevity going forward, and perhaps in a few months’ time, the iOS 10.2 blobs which can now be correctly saved are the ones everyone will need, for example to downgrade from 10.3 to 10.2 to jailbreak. It does seem that the new trend is for jailbreaks to be released for a firmware which has already gone unsigned, meaning that downgrade tools like Prometheus, and the TSSChecker blobs that it requires may begin to become a major part of the jailbreaking lifecycle in future.

The original fault with TSSChecker lay in the fact that the iP7(+) derives its nonces differently from the generator in comparison to other devices. Without having been able to test this, tihmstar was initially unaware, and so the tool attempted to save APTickets with a generator in the same way as it did with all other devices, leading to invalid blobs. When he discovered the fault, he was unable at first to work out what method the iP7(+) was using to create its nonces from its generators, but given a few days’ work and some collaboration with Luca Todesco, the problem was resolved. TSSChecker v170 and higher are now capable of correctly saving iP7(+) blobs with a generator again.

If you have an iPhone 7 or iPhone 7 Plus, I would recommend re-saving your iOS 10.2 blobs with the newest version of TSSChecker. You never know when they will come in useful, and even Luca Todesco has advised it on a couple of occasions. As I say, in a few months time we may be in a similar situation as we are now with the 10.1.x jailbreak and people stuck on 9.3.x and 10.2, but with an iOS 10.2 jailbreak instead. If that does turn out to be the case, it will be important then to have your iOS 10.2 blobs to use with Prometheus.

The popular tool TSSSaver has been updated to use the latest TSSChecker, so that is probably the quickest way to re-save your iP7(+) blobs if you wish to. Please remember that “futurerestore” is not yet compatible with iP7(+), though support is supposedly coming.

tsssaver download zip

One final interesting piece of Prometheus news from today is that some preliminary evidence has appeared which suggests that some iPhone 6 models may also be susceptible to the “nonce collision” method with Prometheus. This is in addition to the iPhone 5s and iPad Air models which were previously known to be vulnerable to the technique. It is not yet clear how many iP6 are really vulnerable to it, and to make use of this method you would have to run “noncestatistics” on your device and save blobs with your own individual repeating nonces, but in theory it could allow some iP6 devices to upgrade/downgrade with Prometheus without a jailbreak in the future.

Have you re-saved your iPhone 7(+) blobs with TSSChecker? Are you going to find out if your iPhone 6 is susceptible to a Prometheus downgrade without a jailbreak? Let me know below.

  • bln

    what does the mean with:
    Internal Name/Model | Board Configuration
    where to find?

    • Download “Battery Memory System Status Monitor” to find the information on the “system” tab

      • bln

        ok thanks found it already in the wiki pag 🙂

    • Joaquim Barbosa

      As Joshua Combs says, the easiest way to find your Board Config for sure is to download BMSSM from the App Store. Look in the “System” tab in the app, and you will find it under “Device – Model”. For example: “N53AP”. Hope this helps!

  • Clinton Braun

    Mine saved again and are exactly the same SHSH2 blobs as before. The file as noted by my PC is said to be the same. Im not sure if this is correct. Im sure that if there were changes that the file would not be the same?

    • Joaquim Barbosa

      It’s possible that the files are the same size, and are still not the same. I would keep the newer ones just to be sure.

  • Mark

    when i use tsssaver it just takes me back to the files i donwloaded a month ago (based on the date of directory). how do i resave them again?

    • Joaquim Barbosa

      It doesn’t do that for me, perhaps try again from the start page?


      • Diego Milano

        It does the same for me, that’s odd. I used the “Lost your link?” feature though, since I don’t have any way to get the

        Internal Name/Model | Board Configuration.

    • Platini2000

      here to Always the same date! no resave! look into this?

  • Evan

    does one just run that standard command to get .shsh2 ?

    whatever it corrected, apnonces or generating it or whatever, is that bundled into the one command you run to save the blob?

    • Joaquim Barbosa

      Check out my article on “how to save .shsh2 with TSSSaver”, that will show you how to do it in depth. TSSSaver has been updated with the corrections, so using that will do everything you need. Cheers!

      • Evan

        thx but its saying not signed for 10.2, 7+

        when I try like 3 or 4 apnonce lines on top of the normal one

        can you confirm you are still able to save apnonces?

        I dont get it,

      • Joaquim Barbosa

        For iP7+ you’re probably better off saving with no nonce, so that you have a generator/nonce pair instead. That is more useful for your device. Blobs with specific Nonces are used for nonce collisions which iP7+ is not vulnerable. Doesn’t solve your problem, but works around it. Can you save blobs with a generator, that is, with no nonce specified?

  • bln

    thank 🙂

  • Natalie

    So, let me get this straight, “iPhone 7(+)” means both iPhone 7 and iPhone 7 Plus models? And the SHSH2 files that I saved a week or so ago are useless? And the fact I’m now on the latest iOS beta means I can’t downgrade at all if a tool comes along?
    Just making sure this isn’t for Plus models only as it’s a tad confusing 😉

    • Joaquim Barbosa

      Hi, iP7(+) means iPhone 7 and iPhone 7 Plus. The files are not useless exactly as they are still valid .shsh blobs. They are just not valid for use with Prometheus, so yes, no downgrades possible I’m afraid. A jailbreak for iOS 10.1.x came along already, but if you had wanted that you probably would not have upgraded to a beta. You can downgrade from a beta to iOS 10.2 if you like, though I do not know of any 10.2 iP7(+) jailbreak tool coming soon. Hope this helps!

      • Natalie

        I had an issue with the Jailbreak. Whenever I transferred the file to my iPhone and opened the app, it would just crash without adding Cydia. I searched for it, plugged it into the computer to see if was on the app list in iTunes, nothing. I deleted it and clicked erase all content and settings, then Cydia was magically there but no way of opening it. So I just thought F#ck it you know? lol. This’ll probably be the last Jailbreak anyway and as someone who’s been jailbreaking since 1.0 days, I haven’t needed a JB much in the last few years besides Tetherme. It was a fun ride.
        Is there any way to check the blobs that work with Prometheus? the checker on the TSS site says the same thing for my 10.2 blob as it does for my 10.1.1 blob.

      • Joaquim Barbosa

        Ah, I see! That’s a shame…
        Interesting that you only really use TetherMe too. Yes, blobs for Prometheus can be checked using tihmstar’s “img4tool”, I’m thinking of doing a how-to on it. If you would like me to do so, I can put up a guide. Thanks for reading!

      • Natalie

        Just saw your latest post, Great guide, it was perfect. I’ve commented on the post too as my 10.1.1 blobs say valid. I’ll see if anyone can reply and help.

  • Iyadove

    Please help me: i have iphone 6 on ios 10.1.1 (Jailbroken using Yalu) and i want to update to 10.2 (i didnt save shsh files) ! Is there any hack or any bypass to upgrade to unsigned ios version without shsh blobs since my phone has cydia installed ?