All Macs include a built-in password reset tool that is incredibly easy to use. To get started, you will need to restart your computer. Bypass and reset the password on any Mac in no time.
If you’ve been following all the jailbreak news recently, you may be aware that iOS hacker tihmstar announced that he will be releasing the Prometheus downgrade tool soon. The good news is that he released the tool today and it is now available for download.
Prometheus is a tool that will allow jailbreakers to downgrade or upgrade to an iOS firmware version even when Apple stops signing it. The process of downgrading is not straightforward and requires saved .shsh2 blobs, otherwise you won’t be able to downgrade.
The hacker explains the entire process of downgrading in this video (or you can follow the step-by-step guide here):
Unfortunately, users on Reddit are reporting that Apple has already patched this hack. When using the Prometheus tool, an error will be displayed stating that Apple’s TSS server is down and that the firmware cannot be signed. Additionally, Apple’s TSS page is displaying a “Server not ready” message, which might be due to the fact that they are making changes to block any attempt to downgrade using Tihmstar’s tool.
Prometheus Download
Many non-jailbroken users are still able to update their devices, which is an indication that the TSS server is actually not down, but is blocking any downgrade attempts from the Prometheus tool.
It is no surprise that Apple has patched this hack so quickly, as any attempt to bypass their platform restrictions is frowned upon by the company. We’ve seen many times how responsive Apple has been in patching new jailbreak tools that get released to the public.
Tihmstar hasn’t responded to this news yet, so we’re yet to see an official statement from the hacker and if there’s any workaround to this patch. Stay tuned with us for further updates.
Today hacker tihmstar released his tool Prometheus, which can be used (in some cases), to upgrade or downgrade iOS to currently unsigned firmwares.
The tool is not foolproof however, so in this article I’ll briefly explain what its limitations are and how to follow tihmstar’s guidance on the tool.
First off, I strongly advise you read through my previous article on Prometheus, because it clarifies the main areas of confusion, the requirements to use the tool, and explains in more detail what the tool is. Sql tool for mac.
Background
Prometheus is not a single GUI tool, but a collection of tools including “nonceenabler”, “futurerestore” and “img4tool”. Together, they have the upgrade/downgrade functionality.
Prometheus can be used in two ways. One uses “nonceenabler” and “futurerestore” together. This is more reliable and faster, but requires a jailbreak, and .shsh2 blobs saved with a generator. The second way uses only “futurerestore”, does not require a jailbreak, but uses a probabilistic attack which may take a long time to work (or not work at all). This second way still requires .shsh2 blobs, but saved with a specific nonce and no generator. This only seems to work for certain devices, and may take forever.
Requirements
- A 64-bit device, excluding the iPhone 7(+). Do not bother trying with a 32-bit device or an iPhone 7(+).
- In most cases, a jailbreak on the firmware you are leaving.
(Not be required on some iPhone 5s and iPad Air, when using the nonce collision method). - If using Prometheus with a jailbreak, saved .shsh2 blobs for the firmware you want to restore to, with a generator. The generator is a field within the .shsh2 file, which can be seen by opening it and looking near the end of the document.
- If using Prometheus with no jailbreak, saved .shsh2 blobs for the firmware you want to restore to, created using one (or more) of the 5 specific nonces given out by tihmstar, which have been found to work most often in a probabilistic attack.
- If using Prometheus with a jailbreak, the jailbreak must have “tfp0” functionality (“host_get_special_port” workaround is also fine). This rules out some jailbreaks.
Process
There is some confusion over how to follow tihmstar’s process, as it is not unified. Depending on your situation, you may have to follow more than one video to complete the process. If you have your blobs saved with a generator and have a current jailbreak, follow Steps 1 and 2. If you have your blobs saved with the 5 nonces tihmstar made public, and are attempting the process without a jailbreak, go straight to Step 2.
1) The video below shows you how to use your jailbreak to set a specific nonce on your device. The advantage of this is that once the specific nonce has been manually set (which will match the generator in the .shsh2 files you saved), the restore will be accepted immediately on the first try, as the nonce and .shsh2 generators match.
Therefore, using Prometheus this way is recommended if you have a jailbreak. Follow the above video and set your nonce with “nonceenabler”. Once the nonce is set and the device is in recovery mode (from 0:00 – 10:35 in the above video), you can move onto Step 2.
2) The video below shows how to restore an unsigned firmware onto your device, using the “futurerestore” component of Prometheus.
If you just came fromStep 1and have set your nonce, follow the instructions from the beginning of the video up to 5:53, but ignore any talk about the nonce collision method. At 5:53, pay close attention to what he says. Your device will already be in recovery mode and you must leave out the “-w” flag here. Then continue with the instructions (you will not have to wait through the rebooting stage which the video shows).
If you have no jailbreak and started at Step 2, follow the entirety of the video below to the letter, using one of the most generated nonces. It may take a few minutes, or an unknown amount of time, because you will have to use the nonce-collision method. This is probabilistic and relies on some luck/time. You cannot use your jailbreak to immediately create the right nonce for you.
Prometheus Ios Tool
Together, these two videos cover the whole process of downgrading with Prometheus, using both the “nonceenabler jailbreak method” and the “nonce collision no-jailbreak method”.
SEP and basebands
One last thing to note is what tihmstar says about SEP and basebands, which are two parts of the iOS firmwares you will be working with. The information he gives on this can be found from 0:50 – 2:07 in the second video, and thisapplies to you whichever method you are using. Users of both the “nonceenabler jailbreak method” and the “nonce collision no-jailbreak method” must note this information.
Basically, the SEP and baseband must be taken from a currently signed firmware because they cannot be faked by Prometheus. But SEPs and basebands are not compatible over many iOS versions, so you must use one that is near enough to be compatible. For example, iOS 10.2 is currently signed, so you could use its SEP and baseband. However, you cannot use them to restore to iOS 9 because the gap is too big; they are not compatible. You can use the SEP and baseband from iOS 10.2 to restore to iOS 10.1.1, because they are close enough versions to be compatible.
Prometheus Iphone Tool
In summary: you must always use the SEP and baseband from a signed firmware to use Prometheus, but it must also always be compatible with the version you want to restore to. If the SEP and baseband are not compatible with your target firmware, you cannot restore even if they are signed, and vice versa. The version of iOS you are coming from is irrelevant. The version of iOS you want to restore to, and the signed version of SEP/baseband you have, are relevant.
Here are some likely use-cases: Download snipping tool windows 10.
1) Upgrading from iOS 9.3.3 to 10.1.1. You can use the SEP and baseband from 10.2 to finish the restore. iOS 10.2 SEP and baseband are signed whilst 10.2 is signed. iOS 10.2 SEP and baseband are compatible with 10.1.1 because they are close to each other. The fact that you are on iOS 9.3.3 doesn’t matter, only the destination firmware matters. Possible.
2) Downgrading from iOS 10.2 to 10.1.1. You can use the SEP and baseband from 10.2 to finish the restore. iOS 10.2 SEP and baseband are signed whilst 10.2 is signed. iOS 10.2 SEP and baseband are compatible with 10.1.1 because they are close to each other. The fact that you are on iOS 10.2 doesn’t matter, only the destination firmware matters. (Because there is no jailbreak for 10.2, you can only try this with the nonce collision method). Possible, depending on device (nonce collision method).
3) Downgrading from iOS 10.2 to 9.3.3, you cannot use the SEP and baseband from 10.2to finish the restore. iOS 10.2 SEP and baseband are signed whilst 10.2 is signed, but iOS 10.2 SEP and baseband are not compatible with 9.3.3 because they are not close enough versions to each other. The fact that you are on iOS 10.2 doesn’t matter, but the fact that your signed SEP version is far from your destination firmware does matter. Not possible.
I will put together a hands-on tutorial at a later date which will show the specific steps involved in these two methods. For now though this article should clarify the two methods of using Prometheus, which one applies to you, and whether you can use either one at all. Good luck!