Skip to content

Instantly share code, notes, and snippets.

@HuErr

HuErr/ios_14_downgrade.md

Forked from pharaoh1/ios_14_downgrade.md
Created April 21, 2022 12:49
Show Gist options
  • Save HuErr/e044fce304075dad9ab59604941bb7db to your computer and use it in GitHub Desktop.
Save HuErr/e044fce304075dad9ab59604941bb7db to your computer and use it in GitHub Desktop.
Download ZIP
How to downgrade from iOS 15 to iOS 14
Raw
ios_14_downgrade.md

How to downgrade from iOS 15 to iOS 14

The latest SEP/BB as of right now is iOS 15.0.2, and is partially or fully compatible with iOS 14 depending on your device. See the appropriate section for exact compatibility info.

Prequisites

Notes

  • If the exploit fails even after multiple attempts or your device reboots out of DFU mode, you'll have to start over from the beginning and be quicker next time. (You don't have to redownload anything though, and wiki-proxy can stay running, no need to exit and restart it.) You may have to force restart your device if it's stuck in DFU.

Instructions

Table of Contents
A12 and newer
A11
A10(X)
A9X
A9
A8(X)

A12 and newer

Nope, you can't. At least not until a jailbreak for iOS 15 comes out, but SEP/BB will probably be fully incompatible by then.

A11

IMPORTANT: On the iPhone X, downgrading to iOS 14 will break Face ID and cause other issues (broken RootFS snapshot and OTA updates). The only way to fix it is by restoring to iOS 15.

This very likely also affects A12 and above, but you can't downgrade those devices from iOS 15 currently anyway. It does also apply to upgrading from an earlier version with FutureRestore, though.

There are no issues with iPhone 8(+), Touch ID will work fine.

Compatible versions: 14.3-14.8

Part 1/3: Preparation

  1. Put your device in DFU mode.
  2. Download Cryptic's fork of ipwndfu for A11.
  3. Open the folder in a terminal.
  4. Run python2 ipwndfu -p --patch. (On newer Linux distros, you may have to explicitly install Python 2 from your package manager, e.g. sudo apt install python2.)

Part 2/3: Setting nonce and restoring

The nonce will be set automatically for you, so don't worry about that.

  1. Download and open FutureRestore GUI.
  2. Click "Settings", enable "FutureRestore Beta", then click "Save".
  3. Click "Download FutureRestore".
  4. Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
  5. Click "Next", enable "Pwned Restore" (do not enable "64 Bit Checkm8"), and leave SEP and Baseband on latest.
  6. Click "Next", and then "Start FutureRestore".

Part 3/3: Fixup (iPhone X only)

  1. Once the restore starts looping at "No data to read (timeout)", force restart your device.
  2. When you see the recovery mode screen, press "Exit Recovery".
  3. Go through with setup as usual.
  4. Jailbreak your device with checkra1n.
  5. Open the checkra1n loader app and press "Install Cydia". If it complains about a missing RootFS snapshot, tap "Create".
  6. If you want to use Odysseyra1n, after this finishes tap "Restore System" in the loader (or just force close it when it says "Downloading Base System").

Note that this is not a complete fix, as Face ID will still be broken. Taurine may also have issues jailbreaking with the manually fixed up snapshot, but hopefully that will be fixed in the future.

A10(X)

Requires macOS.

Compatible versions: 14.0-14.8

Part 1/2: Setting nonce

  1. Put your device in DFU mode.
  2. Download ipwndfu and run ./ipwndfu -p in a terminal.
  3. Download Fugu, extract it and run ./Fugu rmsigchks in a terminal.
  4. Download the latest FutureRestore beta (x86_64 = Intel, amd64 = M1), extract it and run the following command in a terminal: ./futurerestore-v2.0.0-test --use-pwndfu --set-nonce -t [drag .shsh2 blob file here] --latest-sep --latest-baseband [drag .ipsw file here] -d (do not include the brackets).

Part 2/2: Restoring

  1. Your device should now be in recovery mode. Run the following command: ./futurerestore-v2.0.0-test -t [drag .shsh2 blob file here] --latest-sep --latest-baseband [drag .ipsw file here] -d (do not include the brackets).

A9(X)

Coming soon...

A8(X)-A9

Requires macOS.

Part 1/2: Setting nonce

  1. Put your device in DFU mode.
  2. Download Eclipsa.
  3. Open the folder in a terminal.
  4. Run make and wait for it to compile. (You need to have Xcode installed.)
  5. Run ./eclipsa.

Part 2/2: Restoring

  1. Download and open FutureRestore GUI.
  2. Click "Settings", enable "FutureRestore Beta", then click "Save".
  3. Click "Download FutureRestore".
  4. Download the desired version's IPSW from https://ipsw.me/ and select it along with your blobs.
  5. Click "Next", enable "Pwned Restore" (do not enable "64 Bit Checkm8"), and leave SEP and Baseband on latest.
  6. Click "Next", and then "Start FutureRestore".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment