Difference between revisions of "Prometheus"

From The iPhone Wiki
Jump to: navigation, search
m (FAQ)
m
Line 2: Line 2:
   
 
== Requirements ==
 
== Requirements ==
* Jailbroken 64-bit device (except iPhone 5s and iPad Air) that generate the same nonce multiple times
+
* Jailbroken 64-bit device (except some iPhone 5s and iPad Air devices) that generate the same nonce multiple times
 
* SHSH2 saved with [https://github.com/tihmstar/tsschecker tsschecker]
 
* SHSH2 saved with [https://github.com/tihmstar/tsschecker tsschecker]
   

Revision as of 22:38, 24 January 2017

Prometheus is a method that can be used to upgrade/downgrade previously signed iOS versions on 64-bit devices.

Requirements

  • Jailbroken 64-bit device (except some iPhone 5s and iPad Air devices) that generate the same nonce multiple times
  • SHSH2 saved with tsschecker

FAQ

This FAQ guide was originally written by tihmstar.

What versions of iOS does it support?

Prometheus is not really limited to any specific version of iOS. Prometheus itself is the idea to restore a firmware by using replayed tickets and upgrading the SEP and baseband. futurerestore allows you to select a version of iOS and an APTicket to use during restore, as well as a baseband and SEP (which will get a fresh ticket and restored). Right now, it only makes sense to restore to 10.x, as the SEP in iOS 10 does not work with iOS 9 (and probably lower). You need to be careful though, because if Apple releases a new version of iOS (say, 10.3) has a new SEP that no longer works with 10.1.1, and they stop signing iOS 10.2, than you can't even really restore to 10.1.1.

Do I need to be currently jailbroken?

If you're jailbroken (with tfp0), you can use the generator method. This allows you to put a generator in NVRAM to force generate a specific APNonce. This makes it really convenient to make the device generate the same APNonce which is also inside your APTicket (in case you know the generator for that nonce).
I personally ran noncestatistics to figure out what nonce is generated the most on my iPhone 5s (this only works with devices that have collisions). Then I requested a ticket for 10.1.1 with that specific nonce while it was signed, and now I can use the reboot-until-nonce-matches method for restoring my iPhone 5s.

Which jailbreaks support tfp0?

As far as I know, iOS 7 and iOS 8 have tfp0. iOS 9.1 by Pangu has host_get_special_port and qwerty's jbme has host_get_special_port. iOS 10.x has tfp0.

What devices are supported?

In theory, all 64-bit devices should be supported. Right now iPhone 7 and iPhone 7 Plus are not supported, but that is something which could probably be fixed with an update. Also there are some bugs in futurerestore, but once everything is ruled out, all 64-bit devices should be supported. Right now, I have no plans to test 32-bit, but i think that the method could work with 32-bit. If someone wants to adjust futurerestore for 32-bit devices, go ahead; source code is on Github.

I saved SHSH2 with the nonces that had collisions on iOS 9 for iPhone 5s/iPad Air, but none are found when on iOS 10. What do I do?

iOS 10 has different colliding nonces to iOS 9. If the nonces you saved SHSH2 cannot be found once you are on iOS 10 and you require the collision method, then you are out of luck and can't use Prometheus.

My device is stuck on "Waiting for device...". What can I do?

This happens if you have saved SHSH2 but it has the wrong boardconfig. To check the boardconfig or more information on this, see this post.

External links