Difference between revisions of "Odysseus"

Odysseus is a tool by xerub to downgrade/upgrade/restore specific 32-bit devices to specific firmwares. This method only works if you are jailbroken, have valid SHSH Blobs and a valid APTicket.

How it works

It uses a tool included in winocm's ios-kexec-utils called kloader. kloader is a CLI that you can run on an iOS device which loads an (decrypted) image. It allows you to bootstrap a pwned iBSS and then initiate a restore using idevicerestore with a custom IPSW, which allows you to downgrade/upgrade/restore to the firmware of your choice. There are firmware bundles that allow you to restore each device to each iOS. If the bundle for the device and iOS you want to get does not exist, the downgrade/upgrade cannot happen. Each bundle is made by grabbing the Keys/IVs from the original firmware. They are posted here.

Compatibility

Notes

This only works on some jailbroken 32-bit devices with an untether that has tfp0 enabled. The latest versions of TaiG, Pangu9, Pangu8, Pangu, evasi0n7, and evasi0n all have tfp0 activated. Also, this will *NOT* change your baseband. If you go too far up or down with iOS version, it may be that the version of iOS you restored to does not understand the baseband left behind by the prior version of iOS. If that happens, you will not get past activation and you cannot re-jailbreak the device. As a consequence, the device will remain in activation limbo and you'll have to restore to the currently signed version of iOS.

Without Unofficial Bundles

iPad

iPhone

With Unofficial Bundles

iPad

iPhone

Download

FAQ

This FAQ guide was written by tihmstar.

Q: Do i need shsh blobs for downgrade with odysseusOTA?

A: No, during the process ota blobs are automatically fetched, so you don’t need to have them saved.

Q: Can i downgrade my iPhone4s 8gb to 6.1.3? i always get „could not retrieve device serial number“?

A: It seems like that model is not compatible. I haven’t heard of anyone who successfully downgraded that device.

Q: Can you make a bundle for device X for iOS Y ? thank you

A: No, please stop asking. I’m personally only interested in ota downgrades, that means downgrades, for which saved shsh blobs aren’t required and where baseband can be downgraded. I made some bundles for iPad2 on 6.1.3 and i will make 8.4.1 bundles for the devices which are compatible with odysseusOTA2 and for which i have keys. Beside of those i’m not planning to make any bundles.

Q: Can i use odysseusOTA to bypass icloud lock?

A: No, you need to be jailbroken to put your device in kDFU mode and after downgrade you need to activate your device. That means you do need to know appleID and password in case the device is icloud locked. Neither odysseusOTA nor odysseus will ever support bypassing iCloud lock.

Q: Does odysseusOTA work on iOS X.X.X jailbreak?

A: To put the device in kDFU mode, the tfp0 patch is required. The only jailbreak i know of, which did not have tfp0 enabled was pangu on iOS 7.1.2, though even that jailbreak has that patch enabled if latest untether is installed. Beside of that (i think that) all currently available jailbreaks have tfp0 enabled, which means they are all compatible with odysseus and odysseusOTA downgrades.

Q: What is the difference between odysseus, odysseusOTA?

A: Odysseus is a tool/method, which was developed by @xerub to downgrade devices using @winocm’s kloader. It works by booting decrypted and patched bootloader files and ramdisk to put the device in restore mode. After device is in restore mode, the restore process is the same as in iTunes. Odysseus was initially designed to preserve your current baseband, but it was observed that some baseband/iOS combinations work fine, some don’t. In case the baseband does not work, you will have no service on your phone. An option to create custom ipsws in conjunction with OTA buildmanifests was added to odysseus at a later time. This can, essentially, handle OTA/baseband downgrades, but the process is quite convoluted. In OdysseusOTA i added a feature that allows creating custom ipsw, which fetches ota blobs instead of normal blobs. Those can be used for downgrading, but still require the kDFU procedure, because normal ota blobs are signing a different ramdisk. With ota blobs it is possible to downgrade the baseband, which is otherwise not possible. Technically odysseusOTA can do everything what odysseus can, but i only support ota downgrades, so if you want to downgrade with saved shsh blobs to versions where no ota blobs are signed, please use odysseus.

Q: Does that mean odysseus can’t do OTA downgrades?

A: No, @xerub and i added the OTA downgrade feature at the same time independently. To use @xerub’s ota downgrade method you need to use -bbupdate and -ota parameter and pass a otabuildmanifest.plist (which you can get from TinyUmbrella) when creating the custom.ipsw with the "ipsw“ tool. Even though our methods slightly differ (he uses TU’s buildmanifest.plist, I include the patches in the bundle), after successful downgrading there is no difference for the user.

Q: Can you make a downgrade for device X to iOS Y?

A: No, i’m only interested in OTA downgrades, because imo they are *easy* for the user.

Q: Will it be possible to downgrade device XY in future?

A: Right now odysseus’ downgrades are limited to kloader (which only works on 32bit devices) and decrypt keys (which we/I) don’t have for many devices. If we get keys for eg. iPhone 6 in future and if we’ll have something like kloader for 64bit devices, then odysseus will technically be able to support those device. Right now the method is limited to 32bit devices which we have keys for.

Q: Where can i check what ota blobs apple is signing?

A: I made a tool for that, which can be found here: https://github.com/tihmstar/otachecker

Q: Will baseband work if i downgrade from X to Y?

A: If you downgrade with odysseusOTA (and don’t forget -bbupdate) you won’t have any problems with your baseband. For every other iOS version: I don’t know

Q: When will you make a windows tool?

A: I personally don’t like developing on Windows. I tried compiling the tools on windows for a long time and i failed (maybe because i suck). So i gave up and focused my time on other stuff. All tools can be found on my github so if anyone want’s to compile them for windows, please do. Technically it is possible. If you’re on windows you can use a live linux to downgrade your device, i’ve seen a bunch of tutorial how to do that, so google is your friend :P

Q: Can you show us how to make bundles?

A: No. Making bundles involves advanced reverse engeneering and patching low level bootloader (iBSS and iBEC), kernel and dealing with codesigning. This is not as easy as changing some values in a plist. Beside of that i didn’t bother figuring out how to find these patches. What i do is *copying* patches from one device to another, which is also not as easy as it sounds.

Q: Downgrade failed for reason XY i’m using El Capitan, what can i do?

A: I’ve heared there are some issues with downgrading on El Capitan. I’m using Yosimite at the moment and haven’t looked into the issues yet. For now i suggest you downgrading with Yosimite or lower or using a linux.

Q: Will it ever work with El Capitan?

A: Once i upgrade to El Capitan i will be able to answer that question.

Q: Can you make an easy downgrade tool?

A: Really? I made a video tutorial, where you just need to copy and paste stuff. I this is easy! Making a one button GUI has really low priority for me, as there are bunch of other stuff which i’d love to work on instead. Maybe one day i might want to make a gui. But definitly not soon.

Q: What devices/iOS versions are supported by odysseusOTA(2) ?

A: OdysseusOTA supports iOS 6.1.3 for iPhone4,1/iPad2,1/iPad2,2/iPad2,3. OdysseusOTA2 technically can support iOS 8.4.1 for: iPad2,1 iPad2,2 iPad2,3 iPad2,4 iPad2,5 iPad2,6 iPad2,7 iPad3,1 iPad3,2 iPad3,3 iPad3,4 iPad3,5 iPad3,6, iPhone4,1 iPhone5,1 iPhone5,2, iPod5,1. At the time of writing this bundles for iPhone5,1/iPhone5,2 are ready. To check what devices are supported, you should check the description of the videotutorial: https://youtu.be/fh0tB6fp0Sc and there you can find latest download link for odysseusOTA2 along with a list of devices which do have a bundle ready.

Q: When do you release an iOS 8.4.1 jailbreak?

A: I am not working on a jailbreak.

Q: Can i use Ubuntu 32Bit?

A: I did compile the tools on a 64Bit Ubuntu machine so if you want to use my compiled binaries you need 64Bit. But all the tools are on my github (xpwn and idevicerestore) and you can compile them for 32Bit

Q: Will apple stop signing OTA blobs?

A: Probably not, but only apple knows for sure.

Q: Does your tool work in Italy?

A: Yes it does.

Q: I don’t know how to use your tool and i don’t want to buy a Mac.

A: Use the linux version.

Q: Can i make a tool to for odysseusOTA?

A: Please don’t. I don’t mind if someone makes a really nice gui with some images and buttons and stuff like that, but i’m afraid that people will start making broken scripts which simply execute the commands or something like that. The problem with this is when something with those scripts goes wrong it might fuck up people’s devices so they have to restore to latest (maybe not jailbreakable) firmware. Beside of that i will get bunch of email’s saying „XY went wrong please help“ and i will have to spent bunch of time looking for the problem just to realize it’s not even related to my tool.

Links

• Official page
• GitHub
• Unofficial bundles