A few days back, well-known hacker and security researcher Luca Todesco announced that he will work on an iOS 10.1.1 jailbreak based on a kernel and root exploit published by Ian Beer from Google’s Project Zero.
We have some more good news for jailbreakers, iOS hacker tihmstar has announced that he will be releasing Prometheus, a tool that will allow jailbreakers to downgrade or upgrade to an iOS firmware version even when Apple stops signing it, this would be welcome news for the jailbreak community, allowing movement between firmwares for which you have saved your blobs, even after Apple’s signing windows have closed.
Prometheus tool however will only work if you have SHSH blobs saved for the particular version of iOS you are downgrading or upgrading to, as they are an essential part of the process. It is also important to note that the blobs should be saved in the .shsh2 format in order to work with the Prometheus tool. You can do so by using the tsschecker tool. A full guide on how to use the tsschecker to save SHSH blobs is available on Reddit here.
Prometheus tool is going to be super useful for users, especially those who want to be able to upgrade to iOS 10.1.1 when its jailbreak is released, while currently remaining on jailbroken iOS 9. With this tool they can save the blobs for iOS 10.1.1 without installing it and upgrade from an earlier version to iOS 10.1.1 once a jailbreak is made available. This however won’t work for users wishing to go from iOS 10.2 to iOS 10.1.1 after the signing window closes as the device needs to be jailbroken before it can go from an one version to another version that is no longer being signed by Apple.
Tihmstar has said that although 32-bit support is possible, Prometheus will initially be just for 64-bit devices. However, as I mentioned briefly in a previous post, several downgrade tools for 32-bit devices already exist, such as tihmstar’s OdysseusOTA2, Dayt0n’s Odysseus, and geeksn0w’s Beehind, so you could try those instead.
As with all downgrade tools, many caveats apply. Some of Prometheus’ requirements are as follows:
- 64-bit only, at least initially.
- Needs a jailbreak on the firmware you are leaving, to get to the one you are aiming for. (This may not be required on some iPhone 5s and iPad Air, but don’t count on it). To attempt to use Prometheus on these devices without a jailbreak, you must save .shsh2 blobs with an specific nonce, which complicates the process. Some guides can be found which show how to do it however, so feel free to try it if you’re feeling optimistic.
- Your jailbreak must have “tfp0” functionality (“host_get_special_port” workaround is also fine). This rules out some jailbreaks, so you’ll have to get lucky. Pangu for iOS 9.1 had it, and Luca’s JailbreakMe for 9.3.3 also enables it, but as the latter is semi-untethered it remains to be seen whether it will work as rebooting the device is part of the downgrade process.
- You must have .shsh2 blobs for the firmware you want to go to saved with tsschecker.
Tihmstar has elaborated further on the workings of the tool, and also posted a teaser/explanation video which shows the first steps of using it, which you can watch below.
tihmstar has announced that he will release the Prometheus tool on New Year’s eve. If you’ve a jailbroken device, and have been wondering if you should upgrade to iOS 10.1.1 to prepare for the iOS 10.1.1 jailbreak from Todesco thentihmstar’s tool gives you the solution to stay where you are without worrying about Apple closing the signing window for iOS 10.1.1. You can upgrade to iOS 10.1.1 only when the jailbreak is released. However, it is important that you save the .shsh2 blobs as soon as possible before Apple stops signing iOS 10.1.1 firmware file.
No final date for Prometheus’s release has been revealed yet, however it is expected to get released around the new year’s eve.