Futurerestore is a tool that allows users to upgrade, downgrade, or re-restore their iOS devices to an unsigned firmware through the usage of SHSH2 blobs. This guide will teach you how to use Futurerestore in order to upgrade, downgrade, on re-restore to an unsigned firmware.
Before continuing, keep in mind that this guide is based off of this one, and contains informtaion that can change your device's behavior, or even damage it. With that in mind, please ready the guide fully, as no one but you will be held responsible for any damage caused to your device.
Before you begin following this guide, keep in mind that:
- iOS 12.4.1's SEP and Baseband are fully compatible for upgrading, downgrading, and restoring. This means that any device is able to upgrade, downgrade, or re-restore to any unsigned firmware above iOS 12.2, and that A7-A8(X) devices are forever "downgradeable" as long as you have a jailbreak with blobs saved, or nonce collisions.
- Using iOS 12.4.1's SEP and Baseband to downgrade to an unsigned version below iOS 12.2 can result in the appearance of the "fortnight bug", a bug that makes your device not function correctly 2 weeks prior to using Futurerestore.
- If you're a Windows user, make sure iTunes and its drivers are installed correctly by installing iTunes from Apple's website. This is critial to you as you want to avoid having the Microsoft Store version of iTunes.
- If you're a Windows user, avoid having a 32-bit system, as Futurerestore does not work on 32-bit Windows.
- If you're planning to backup your device in order to use that backup after using Futurerestore, note that said backup must not include any jailbreak data. Modern jailbreaks have an option to "uninstall" or remove the jailbreak (known as "Restore RootFS"), and there are many tools out there that can delete your jailbreak without losing data.
In order to upgrade, downgrade, or re-restore to an unsigned fimrware using Futurerestore, first there are things you need, such as:
- Futurerestore's latest release. (of course)
- Your SHSH2 blob from TSSSaver or shsh.host.
- An IPSW from ipsw.me containing the SEP and Baseband that is compatible with the version you're tryinng to upgrade, downgrade, or re-restore to.
If you're unsure as to which SHSH2 blob you should use, use the one inside the noapnonce folder in TSSSaver or shsh.host. If that blob does not work when using Futurerestore, use blobs saved with an specific APNonce.
If the IPSW containing the SEP and Baseband that is compatible with the version you're trying to upgrade, downgrade, or re-restore to is unsigned...
You'll need to extract your SEP and Baseband from the IPSW. However, these files are different across all IPSWs (in most cases). That's why it's recommended to use r/Jailbreak's Telegram Bot in order find the right SEP and Baseband files for your device.
You can run /sepbb when using the bot in order to find the correct SEP and Baseband files for your device.
When you have these file names, use extract.me in order to extract your SEP, Baseband and the BuildManifest.plist file from the IPSW you downloaded.
Once you have these nessecities, it's a good practice to put them in a folder named futurerestore, which should be created on your desktop as you'll refer to this folder very often.
Your nonce generator is a 16-character string used by Apple in order to authenticate a legitemate restore with their servers and your device. This makes SHSH2 blobs a critical component, as they are essensially what will allow you to upgrade, downgrade, or re-restore to an unsigned fimrware.
In order to find your nonce generator:
- Open your SHSH2 blob from TSSSaver or shsh.host with any kind of text editor.
- On Windows) Press
Ctrl + F, or (On macOS) PressCommand + F, then search for the word "generator".
Next to, or underneath the word "generator", you'll find your nonce generator. Copy your nonce generator, create a text docmuent inside your futurerestore and save it in said document. You'll use this string later.
If you decide to use blobs with an specific APNonce, you'll find that these SHSH2 blobs don't include a nonce generator. Do not panic. This is normal. If you're tying to figure out what the nonce generator for these blobs is, check the tables below.
Devices with an A9 chip and below
Try copying the provided APNonce, hit Ctrl + F or Command + F and see if it matches with one of your blobs.
| APNonce | Generator |
|---|---|
| 603be133ff0bdfa0f83f21e74191cf6770ea43bb | 0xbd34a880be0b53f3 |
| 352dfad1713834f4f94c5ff3c3e5e99477347b95 | 0x9d0b5b5ff92fff23 |
| 42c88f5a7b75bc944c288a7215391dc9c73b6e9f | 0x4bb8834ba6444b50 |
| 0dc448240696866b0cc1b2ac3eca4ce22af11cb3 | 0x698337f5a79c3292 |
| 9804d99e85bbafd4bb1135a1044773b4df9f1ba3 | 0xedeeb72d7575e360 |
Devices with an A10 chip and above
Try copying the provided APNonce, hit Ctrl + F or Command + F and see if it matches with one of your blobs.
| APNonce | Generator |
|---|---|
| 15400076bc4c35a7c8caefdcae5bda69c140a11bce870548f0862aac28c194cc | 0xbd34a880be0b53f3 |
| 833e50b9c6a4fbfbdc51144a60b4cf25be3a0a4742ca2b7bd6f5ec06905443ac | 0x9d0b5b5ff92fff23 |
| d8f682df87d812c372491b613d59795a80383f439587c0bb511ccf6865eb87cc | 0x4bb8834ba6444b50 |
Once you find an APNonce that matches your blob, copy the provided nonce generator, create a text docmuent inside your futurerestore and save it.
Your device's NVRAM already contains a nonce generator, however, that needs to change, otherwise the restoration process will fail, since the nonce generator of your device needs to match with your SHSH2 blob.
In order to change your device's current nonce generator, you can use a modern jailbreak tool, such as unc0ver or Chimera, in order to to specify your nonce generator provided by your SHSH2 blob.
In order to change, or set your nonce generator provided by your SHSH2 blob file:
- Open your modern jailbreak app.
- Find a text field with the words "generator".
- Within that region, type in your string that you saved from your SHSH2 blob.
- Hit "Done", then hit "Jailbreak".
This should change the nonce generator on your device's NVRAM, and you're now ready to use Futurerestore. Note that if you turn off your device, or it powers off for any reason, you will need to set your nonce generator again.
You're finally ready to upgrade, dowgrade, or re-restore using Futurerestore. However, before you begin, you should keep in mind that:
- Failing to disable "Find my iPhone/iPad/iPod" and/or having NO PLS Recovery installed can cause Futurerestore to not upgrade, downgrade, or re-restore your device to an unsigned firmware.
- If your device is put on "Recovery Mode", do not panic. This is entirely normal.
- If you recieve any pop-up from iTunes attempting to update/restore your device, ignore them and close iTunes.
There are 2 ways you can use Futurerestore in order to upgrade, downgrade, or re-restore your device to an unsigned firmware. This guide will explain both.
This method is used when the latest iOS released version contains an SEP and Baseband that is fully compatible with the version you're trying to upgrade, downgrade, or re-restore to. This method is consider to be the most common, and it is used by many.
In order to upgrade, downgrade, or re-restore using this method:
- Open Command Prompt/Terminal.
- Drag Futurerestore from your
futurerestorefolder onto your terminal, then type-t. - Drag your SHSH2 blob from your
futurerestorefolder onto your terminal. - Type
--latest-sep --latest-baseband, then drag your IPSW from yourfuturerestorefolder onto your terminal.
In the end, your result should look something like this:
$ futurerestore -t [Your SHSH blob] --latest-sep --latest-baseband [IPSW]
For iPods and Wifi-Only iPads, do not specify a baseband:
$ futurerestore -t [Your SHSH blob] --latest-sep --no-baseband [IPSW]
Once you are sure that you have the right command, hit Enter and the process should begin.
This method is used in case the latest iOS release contains an SEP and Baseband that is incompatible with the version you're trying to upgrade, downgrade, or re-restore to. This method comes in handy when the IPSW that contains the compatible SEP and Baseband is unsigned by Apple.
In order to upgrade, downgrade, or re-restore using this method:
- Open Command Prompt/Terminal.
- Drag Futurerestore onto your terminal from your
futurerestorefolder, then type-t. - Drag your SHSH2 blob from your
futurerestorefolder onto your terminal. - Type
-s, then drag your SEP from yourfuturerestorefolder onto your terminal. - Type
-b, then drag your Baseband from yourfuturerestorefolder onto your terminal. - Type
-p, then drag yourBuildmanifest.plistfile from yourfuturerestorefolder onto your terminal. - Type
-m, drag yourBuildmanifest.plistfile (again), then drag your IPSW from yourfuturerestorefolder onto your terminal.
In the end, your result should look something like this:
$ futurerestore -t [Your SHSH blob] -s [SEP] -b [Baseband] -p [BuildmManifest] -m [BuildManifest] [IPSW]
For iPods and Wifi-Only iPads, do not specify a baseband:
$ futurerestore -t [Your SHSH blob] -s [SEP] --no-baseband -p [BuildmManifest] -m [BuildManifest] [IPSW]
Once you are sure that you have the right command, hit Enter and the process should begin.
If you run into any issues or errors when using Futurerestore, please refer to this, which includes documentation of the most common errors you can encouter when using Futurerestore and how to fix them.
Additionally, you can check out this video in case you want a visual for this guide. Do note that the video focuses on downgrading an A12 device, however the methods used are relatively the same as the ones mentioned here.
This guide was updated on September 15th, 2019, and continues to be updated. If you have any questions, head over to r/Jailbreak's Discord Server for support under their futurerestore-help channel.