IOS hacker tihmstar has announced the upcoming release of his tool Prometheus. He claims it will be the first tool capable of upgrading and downgrading 64-bit iOS devices to unsigned firmwares.
If successful, this would be welcome news for the jailbreak community, allowing movement between firmwares for which you have saved your blobs, even after Apple’s signing windows have closed.
The first and most important thing to note if you think you may want to use this tool in future is to save your blobs now. The blobs must be saved in a new format called .shsh2, so previously saved blobs will not work. You must save your blobs again using tihmstar’s tool called tsschecker. After downloading tsschecker, save the blobs with it by following a guide. Be warned, whilst not very long and certainly not impossible, this process is not foolproof and requires careful attention.
The news of Prometheus is especially salient to people who are interested in a possible upcoming iOS 10.1.1 jailbreak but who don’t want to jump ship yet and lose their current jailbreak. If you save the .shsh2 blobs for iOS 10.1.1 now, before the signing window closes, you may be able to upgrade from 9.3.3 to 10.1.1 at a later date even if iOS 10.1.1 is no longer being signed. Of course, this is provisional and no foolproof guarantees have been made, but I would recommend saving the blobs anyway as you have little to lose and it doesn’t take long. You may decide later you want to give it a go.
Tihmstar has said that although 32-bit support is possible, Prometheus will initially be just for 64-bit devices. However, several downgrade tools for 32-bit devices already exist, such as tihmstar’s OdysseusOTA2, Dayt0n’s Odysseus, and geeksn0w’s Beehind, so you could try those instead.
As with all downgrade tools, many caveats apply. Some of Prometheus’ requirements are as follows:
64-bit only, at least initially.
Needs a jailbreak on the firmware you are leaving, to get to the one you are aiming for. (This may not be required on some iPhone 5s and iPad Air, but don’t count on it). To attempt to use Prometheus on these devices without a jailbreak, you must save .shsh2 blobs with an specific nonce, which complicates the process. Some guides can be found which show how to do it however, so feel free to try it if you’re feeling optimistic.
Your jailbreak must have “tfp0” functionality (“host_get_special_port” workaround is also fine). This rules out some jailbreaks, so you’ll have to get lucky. Pangu for iOS 9.1 had it, and Luca’s JailbreakMe for 9.3.3 also enables it, but as the latter is semi-untethered it remains to be seen whether it will work as rebooting the device is part of the downgrade process.
You must have .shsh2 blobs for the firmware you want to go to saved with tsschecker.
Tihmstar has elaborated further on the workings of the tool, and also posted a teaser/explanation video which shows the first steps of using it, which you can watch below.
The tentative date for its release seems to be New Year’s Eve, so watch this space! However, for those interested in a possible upgrade to iOS 10.1.1 outside of its signing window, you’ll have to have saved your .shsh2 blobs within the signing window and well before NYE to have a chance of using his tool for iOS 10.1.1. Of course, you can always use it for later firmwares, once you’ve started saving your blobs in the correct format.
For some, the process of saving the .shsh2 blobs may be too much hassle or they may not get round to it in time, but even if not, the release of this tool signifies something exciting for the community. After years of devs and bloggers like me telling people to save their blobs just in case, it has been proven again that given enough time, a way can be found to leverage them in an unsigned downgrade/upgrade. Even if the current usages may be limited (as people may not have the correct .shsh2 saved in time, or may not have a jailbreak to move from), the fact that 64-bit devices can be manipulated in this way is news in and of itself. Who knows what other improvements can be made to the process in future?
- Halo Revamped 3DS Update – Perf... — TCPixel has pushed out a new update for Halo Revamped a homebrew application for the Nintendo 3DS! The new update brings Stability updates New maps Up to 8 players! For more info follow the video above and read the description on TCPixel’s [...]
- PSVita 3.63 owners get ready for home... — PSvita owners that have updated to the latest 3.63 firmware have been waiting for something useful to come out to make their doorstop of a console come back to life.Today we bring you hidden applications! A tool released by Idumpvitastuff. This tool leverages psvimgtools which is another tool that was released by Yifan Lu and allows you to [...]
- Nintendo Goes On a Copyright Strike F... — It seems that Nintendo has employed or is in the works with the Belgian Anti-Piracy Federation which has gone on a copyright frenzy on youtube. Various content creators have received one or multiple copyright strikes on youtube and have had their videos completely removed; some users have also been completely shut down! Users affected include ModzLink [...]
- Smealum Updates Homebrew Payload for ... — Firmware 11.3 was released recently by Nintendo. Along with the release the homebrew launcher was temporarily broken as the current payloads were no longer working. Smealum has been hard at work patching up the payloads to allow execution on 11.3 firmware. This proves that smealum is a talented hacker and if a challenge is posed [...]
- ps4relink – PS4 Remote Play on ... — Yesterday a revolution happened and we are now able to use Adrenaline on innactivated PSvita consoles. Today something similar is being released which allows us to use our PSvitas for remote play from a PS4 console. Hacked Vitas running on firmware 3.60 do not have PSN access, and are therefore losing access to several services [...]