Prometheus Guide: Introduction

By , Feb 22, 2017

This is an introductory article which explains how to follow our two-part guide on using the Prometheus downgrade tool.

Before attempting either Part 1 or Part 2 of the guide, everyone should read this article. It explains whether the guides apply to you, and if they do, which ones you should follow, as well as making sure that you fulfil the requirements for them to work.

Now that the Yalu jailbreak has been released and has reached a reasonably stable state, many people have been asking how they can make the jump to iOS 10.2 to use the tool, having remained on a lower firmware until now in order to keep their existing jailbreak. Of course, it is traditionally not possible to move to an unsigned firmware like iOS 10.2, but as we have reported several times recently, the release of tihmstar’s suite of tools called Prometheus has changed this.

Some users will now be able to move to iOS 10.2 even though the signing window has closed, so long as they meet certain requirements.

Before you begin, please read the list of things to bear in mind below. You must be sure that you want to do this, and that it applies to you, before you start. Not everyone can use the Prometheus tools.

Things to consider

Do you satisfy all the requirements? Look at the section Requirements below and check that you have ticked all the boxes to make this possible.

  • Do you want to upgrade to iOS 10.2? If you are already jailbroken on a lower firmware, consider whether you actually want to move. The iOS 10.2 jailbreak currently requires you to re-sign the application with your computer every seven days, unless you have a developer account. It is also semi-untethered, meaning you have to run the jailbreak app every time you reboot. If you are on an untethered jailbreak already with no certificate needed, decide whether this is worth the upgrade. In addition, not all tweaks are updated and working yet. If you are already jailbroken, you can also perform this process at a later date, there is no rush.
  • There is a small amount of risk involved. Whilst many people, including myself, have successfully used the tool, the process is fairly complicated, and if an unlikely problem occurs halfway through the restore you might be forced to upgrade to iOS 10.2.1. This would mean no iOS 10.2 jailbreak for you, and losing the jailbreak you already had to begin with. If followed carefully the instructions should not allow this to happen, but proceed at your own risk.

Requirements

If you do not satisfy ALL the criteria, you cannot upgrade with Prometheus.

  • A 64-bit iOS device, excluding the iPhone 7 and iPhone 7 Plus.
  • A jailbreak on your 64-bit device with tfp0 enabled, unless you have an iPhone 5s or an iPad Air which is ALSO on a firmware which has nonce collisions. All other devices must have a jailbreak, do not ask about other devices without a jailbreak.
  • If you have an iPhone 5s or iPad Air on a firmware which has nonce collisions, for example iOS 10.3 b1, iOS 10.2, iOS 9.3.3, you must also know which nonces collide for your specific device. If you have one of these devices, and you know which nonces collide for it on your current firmware, you must also have saved blobs for those nonces for iOS 10.2, while it was still signed. As you can see, this is quite a specific set of circumstances, so if you don’t know what all of that means, assume you haven’t done it and that you just need a jailbreak.
  • Valid blobs saved for your 64-bit iOS device for the firmware you want to go to (likely iOS 10.2). The blobs must be .shsh2 files in order to use the jailbreak method, and must have been saved when the destination firmware was still signed (you can check if your blobs are valid using TSS Saver).
  • Access to a Mac or Linux computer, or a Windows computer running Mac or Linux inside a VM. This cannot be done on a normal Windows installation yet. If you only have Windows, I recommend a free trial of a VM software, and a copy of Ubuntu, also free.
  • The IPSW file for your exact device model, for a currently signed firmware. This is needed for the SEP and baseband. We will be using iOS 10.2.1 for this purpose.
  • The IPSW file for your exact device model, for the unsigned firmware you want to restore to. We will be using iOS 10.2 for this purpose.
  • The Prometheus tools, namely futurerestore and nonceEnabler. Nonce collision method users do not need nonceEnabler, most people will.
  • Time and patience.

How to use Prometheus to move to an unsigned firmware

If you fulfil the requirements and have the files ready, you can move onto the guides. There are two guides, some people must follow one, the majority must follow both:

NonceEnabler Method:

If you currently have a jailbreak and you want to move to a different firmware with Prometheus’ nonceEnabler method, you must follow Part 1 & Part 2 of the guide. This is the recommended method, and the one most people will use Prometheus for.

Nonce collision Method:

If you currently have no jailbreak, and you want to try to move to a different firmware with Prometheus’ nonce collision method, do only Part 2 of the guide, skip Part 1. Remember, this will not work except in certain cases; check the Requirements carefully before wasting your time.

Guides

Good luck, I hope your restore is successful! Please don’t ask eligibility questions unless you have read this article carefully first. If you have a question which is not answered in the article, let me know in the comments!

  • Share:
  • Follow:

  • Rafly Firdaus B

    I don’t have ios 10.2 blobs file saved. Im never upgrade to ios 10 :(. I’m comfortable on ios 9.3.3 jailbroken. Am i posibbly to get ios 10.2 jailbroken on my iphone 5s ios 9.3.3 jailbroken? Haha

    • Joaquim Barbosa

      I’m afraid not. Start saving blobs for all future iOS versions, you never know when you might need them. At least you’ve got your iOS 9.3.3 jailbreak!

  • Jörg Witthaus

    hey i am jailbroken on ip7 with 10.1.1.
    I would like to restore and stay on 10.1.1.
    now I have two different shsh2 blobs for 10.1.1 saved.
    can you tell me how to handle that?

    • Joaquim Barbosa

      I don’t know if that’s a good idea. Firstly, I think the iP7 has problems with futurerestore, it may not even work at all. Secondly, restoring like this would break your Touch ID because it uses the iOS 10.2.1 SEP, and that is not compatible with iOS 10.1.1.

      I advise you not to try, and just stick with your current jailbreak. Why do you want to restore to the same iOS version? Perhaps Cydia Eraser will be updated at some point and you can use that instead… Thanks for reading!

      • Jörg Witthaus

        ok thank you. I want to restore because i have spontaniois reboots every day without any tweaks installed. I will let it be and wait for cydia eraser

      • Joaquim Barbosa

        You could uninstall all tweaks (done), delete the Yalu app and signing profile, and then reboot to stock. Just use your phone as stock until the final version comes out, that should help with the reboots, you just won’t have your tweaks for a while…

  • Joe

    Off-topic but I’m hoping someone with the iDB team can help. I have an ip7 running 10.0.3. What would you guys do if you were in my situation? Is it worth it to hold out for a stable ip7 JB (assuming one ever comes) or should I update to 10.2.1? Are the improvements from 10.2.1 from 10.0.3 significant or negligible? I can pretty much handle stock but I really, really miss activator

    • ronnie

      Don’t mean to sound like a dick. But no one can answer that for you. It’s a gamble you’ve gotta take. Everyone always “recommends”
      Being on the lowest possible version if that’s of any help… Otherwise balls in your court bro.

    • Joaquim Barbosa

      Stay on 10.0.3. Stable iOS 10 is coming for iP7, but you have to wait patiently. iOS 10.2.1 is NOT coming. Cheers!

  • Natalie

    Again, lacking the iPhone 7. Why you do this to us Apple? Just let us downgrade if we see fit, just exclude old iOS version from warranty until they are updated ;w;

  • ronnie

    Joaquim How are you finding 10.2 vs 933? I’m still deciding if I should update – my main concern is the 7 day signing. Have heard of people entering airplane mode & “winding back the clock”

    • ronnie

      PS. great guide!!

    • Joaquim Barbosa

      The 10.2 jailbreak is very stable, except on the iPad Air 2. On my SE and iP5s it is at least as good as the 9.3.3 one. Obviously the mach_portal 10.1.1 jailbreak is not very stable. I think 10.2 is worth the jump, but I am waiting for a solution to 7-day signing first, which I think is coming. It wouldn’t be that annoying to re-sign every 7 days though if you wanted to make the jump. Apparently you can change system date back to re-run the jailbreak app (as you mention), though I would probably just re-sign instead to avoid problems, or wait for a solution to 7-day signing. Cheers!

      • ronnie

        Thanks! Did you wipe your phone first before performing the 10.2 Prometheus update? Thanks.

      • Joaquim Barbosa

        No need, the phone will be wiped by the Prometheus process anyway. It is the same as a full restore.

      • ronnie

        Appreciate your help. Will give the upgrade from 933 to 102 this afternoon

      • ronnie

        Successfully upgraded from 933 > 102 without any issues! Thank you for a very simple and clear guide. How do you suggest I uninstall Homebrew? As I don’t really ned it do i? Thanks.

      • Joaquim Barbosa

        Glad you got it done! All the Homebrew folders are self contained, anything else is just a symlink. The installation folders are listed in terminal when you install. I think they can be seen in Step 11 of the guide but can’t remember exactly. If that doesn’t help, try the Homebrew website for uninstallaton instructions. Also, remember to delete the file/folder copied in Step 15. Let me know if this doesn’t suffice. Thanks.

  • Mark S

    This is very nice. However something should be provided clearly spelling out which jailbreaks on which firmwares had tfp0. I would think most people are in the dark about this. They could probably easily be excluded from spending time trying to figure it out individually. For example I’m on 9.0.2 on a 6+ and used Pangu. If this doesn’t have tfp0 then where do we find this patch mentioned in part 1?

    • Joaquim Barbosa

      Hi Mark. The trouble is that the information is not very easily available in my experience. However, I think in your case, a patch is required (9.0.2). Bear in mind, I have not tested this patch, and have not investigated how to apply it, it will be up to you to figure it out. I have however seen reports of it working for users on 9.0.2, who upgraded with Prometheus after applying it. It is called cl0ver:

      https://github.com/Siguza/cl0ver

      • Mark S

        Thank you. Good to know that this is a mess for some of us.

      • Joaquim Barbosa

        Reading the GitHub, it seems it should be doable, depending on what device you have and your tech savvy. Let me know how it goes!

    • Barklee Sanders
  • mm. i have 5s 10.2.1. can i use it for downgrade and more jailbreak?

    • Joaquim Barbosa

      It depends if you have the right blobs saved for iOS 10.2. Do you have iOS 10.2 blobs? If you have blobs saved with colliding nonces you can upgrade to iOS 10.3 b1, and then use my Prometheus guide (part 2 only) to downgrade to iOS 10.2. If you don’t have the right blobs saved, this will not work however…

      • no 🙁

      • Joaquim Barbosa

        Unlucky! Start saving them now for the future…

  • mdk35

    I have tried to use future restore on 2 different iMacs, a vm mac and now vm linux. All these systems gave me the exact same code. I am using a iPhone 6 with n61ap, and it is on ios 9.0.2. I set the nonce using cl0ver and nonceEnabler and have even used nvram patcher, setting the nonce is a succes. I have also checked the shsh2 blob and it is valid. But when i run future restore it gives me the same error code over and over again errorcode=-11. Also, i have read almost all the Issues regarding this and the solutions and it still won’t work. Can anyone help ?

    • Joaquim Barbosa

      Hi, yes this is the only error I have seen which I haven’t been able to fix yet. Another user also had it. What macs did you use and were the VMs run on those Macs too?

      • mdk35

        thanks for the reply, i used one mac on os sierra, the other one was on a older version. I used vmware on my windows 10 laptop to run mac os sierra and the latest ubuntu. All of them returning the same error (-11). I hope this helps.

      • Joaquim Barbosa

        Hi, I asked tihmstar but he is busy at the moment, so no luck I’m afraid. This error seems to be affecting a few people, and none of them seem to have solved it. You don’t seem to have anything in common either except for 6(+) models.

        Please let me know if you manage to fix it, and I’ll write again if I hear of a solution. Sorry not to be more help.

  • Luke

    I’m currently on 9.3.1, jailbroken, iPhone 6s. No blobs saved (I missed the signing window). Is there any way for me to go to 10.2, or should I just stay where I am to keep my jailbreak? Thanks.
    I did read the guide but I just want to confirm anyway

    • Timonline

      Sadly your can’t go to 10.2 without the blobs, however can you contact me on twitter @timourrashed. I need your help since you have an iOS 9.3.1 on iPhone 6S

  • Darwin Holmes

    Question: Are my Nonce’s enabled or do I need to treat my phone as if it is a non-jailbroken device.
    Issue: My iphone is stuck on white screen of death(WSOD). It started when i was using my phone as a hotspot for my windows laptop and my phone’s springboard was really laggy/glitchy(missing icons on dock etc and freezing up etc) so I gave it a hard reset and have been stuck on the WSOD ever sence. Strangely the phone was still functioning as a hot spot despite being on WSOD. When i connect my phone to itunes it asks me to unlock phone from device itsef(I have a pincode set and fingerprint as well) but cannot enter passcode etc because of WSOD. I have tried numerous methods of rebooting device to no avail,
    Device: Iphone 6s 64gb Silver
    FirmWare: IOS 10.2
    Blobs: shsh2 blobs for 10.2 Using tss checker web tool.
    Jailbreak: Yalu beta 4-7. I started on beta 4 then upgraded whenever I needed to resign/re-add the tool each week via cydia impactor . Last tool used was Yalu beta 7.
    Please can someone point me in the right direction? Will i be able to use Promethius tool from 10.2>10.2 without having to generate random nonces?