Prometheus: Upcoming Tool Will Allow Users to Downgrade or Upgrade to Unsigned iOS Firmware Version

BY Andy

Published 19 Dec 2016

Jailbreak iOS 10

A few days back, well-known hacker and security researcher Luca Todesco announced that he will work on an iOS 10.1.1 jailbreak based on a kernel and root exploit published by Ian Beer from Google’s Project Zero.

We have some more good news for jailbreakers, iOS hacker tihmstar has announced that he will be releasing Prometheus, a tool that will allow jailbreakers to downgrade or upgrade to an iOS firmware version even when Apple stops signing it.

Apple has been using a two-pronged strategy to stay ahead of the cat and mouse game with jailbreakers. It has been releasing software updates to patch security vulnerabilities that could be used for a jailbreak like they did in iOS 10.2, and they also stop signing the firmware files of older iOS versions, to ensure that jailbreakers cannot downgrade back to an iOS version that can be jailbroken. So a tool to downgrade or upgrade to an iOS version that Apple has stopped signing would be quite groundbreaking.

To use the Prometheus tool, you first need to save the SHSH blobs. tihmstar has released a new tool called tsschecker, which saves them in a new format called .shsh2. You can download it from this github link, and use this guide to save the .shsh2 blobs. We will also publish a step-by-step guide shortly.

Update: Auto-tsschecker: The Easiest Method to Save .SHSH2 blobs for Prometheus to Downgrade to Unsigned iOS Firmware Version

The tsschecher is currently available only for 64-bit iOS devices. You will also need a jailbroken device to use Prometheus to downgrade or upgrade to an unsigned iOS firmware. The jailbreak also must have “tfp0” functionality, though “host_get_special_port” workaround would be fine. So a device jailbroken using Pangu 9.1 would be eligible. Tudesco’s web-based Pangu 9.3.3 jailbreak loader also enables it.

tihmstar has also released a teaser video which shows the tool in action:

tihmstar has announced that he will release the Prometheus tool on New Year’s eve. If you’ve a jailbroken device, and have been wondering if you should upgrade to iOS 10.1.1 to prepare for the iOS 10.1.1 jailbreak from Todesco thentihmstar’s tool gives you the solution to stay where you are without worrying about Apple closing the signing window for iOS 10.1.1. You can upgrade to iOS 10.1.1 only when the jailbreak is released. However, it is important that you save the .shsh2 blobs as soon as possible before Apple stops signing iOS 10.1.1 firmware file.

Update:

A reddit user has stepped up and created an online tool called auto-tsschecker that will save you the trouble of executing the commands and instead will automatically save the .shsh2 blobs for you for the currently signed versions. Check our post for more details:

➤  Auto-tsschecker: The Easiest Method to Save .SHSH2 blobs for Prometheus to Downgrade to Unsigned iOS Firmware Version

As always, we’ll let you know as soon as there are more updates. Don’t forget to join our Facebook Fan pagefollow us on Twitteradd us to your circles on Google+subscribe to our RSS feed or our Daily Newsletter for the latest jailbreak news.

Are you excited about the possibility of downgrading or upgrading to an unsigned iOS version? Let us know in the comments below.