mirror of
https://github.com/LukeZGD/Legacy-iOS-Kit.git
synced 2025-01-23 13:41:16 +01:00
LukeZGD
714a6fa603
More updates
- Thanks to Yaya48 (#91) for some of the changes - Update iPwnder32 to 3.2.0 - Use preinstalled bspatch macos - Add some changes from Yaya48 - Let M1 macs proceed with the script but add note that I cannot support it if things break
iOS-OTA-Downgrader
Downgrade/restore and jailbreak iOS devices to signed OTA firmwares
- Linux and macOS are supported by this downgrade script/tool
- Windows users can create a Linux live USB (see Requirements)
- iOS 8.4.1 and 6.1.3 downgrades have the option to jailbreak the install
- For iOS 10.3.3, use TotallyNotSpyware or sockH3lix to jailbreak
- You do NOT need blobs to use this, the script will get them for you
- This script can also restore your device to other iOS versions that you have SHSH blobs for (32-bit devices only, listed under Supported devices)
- Please read the "Other notes" section for tips, frequent questions, and troubleshooting
Supported devices:
- You can identify your device here
- iPhone 5C and iPad mini 3 devices are NOT supported (OTA versions for them are not signed)
- iPhone 5C can still be restored to versions that you have SHSH blobs for
Target Version | Supported Devices |
---|---|
iOS 10.3.3 | A7 devices: |
iPhone 5S | |
iPad Air 1 | |
iPad mini 2 (except iPad4,6) | |
iOS 8.4.1 | 32-bit devices: |
iPhone 4S | |
iPhone 5 | |
iPad 2, iPad 3, iPad 4 | |
iPad mini 1 | |
iPod touch 5 | |
iOS 6.1.3 | iPhone 4S |
iPad 2 (except iPad2,4) |
Requirements:
- A supported device in any iOS version (listed above)
- The IPSW firmware for the version you want to downgrade to
- Links: iOS 10.3.3, iOS 8.4.1, iOS 6.1.3 (ignore the signing statuses in the site)
- The script can also download it for you
- A 64-bit Linux install/live USB or a supported macOS version
- See supported OS versions and Linux distros below
- A Linux live USB can be easily created with tools like balenaEtcher or Rufus
- 32-bit devices - The device needs to be put in kDFU/pwnDFU mode as part of the process. There are a few options:
- Normal method - jailbreak is required. Users must install OpenSSH. Users in iOS 10 (A6/A6X) must also install Dropbear from my Cydia repo
- DFU method - for alternatives, the DFU advanced menu can also be used. See "Other notes" for more details
- A7 devices - jailbreak is not required. The script will assist in helping the user put the device to pwnDFU mode
For Pangu 32-bit users:
- For 32-bit users using Pangu and normal method, install the latest untether for your iOS version here
Usage:
- Download iOS-OTA-Downgrader here and extract the zip archive
- Plug in your iOS device
- Open a Terminal window
cd
to where the zip archive is extracted, and run./restore.sh
- You can also drag
restore.sh
to the Terminal window and press ENTER
- You can also drag
- Select options to be used
- Follow instructions
Supported OS versions/distros:
- Ubuntu 18.04, 20.04, 20.10, 21.04; and Ubuntu-based distros like Linux Mint
- Arch Linux and Arch-based distros like EndeavourOS
- Fedora 32 to 34
- Debian Buster, Bullseye, Sid; and Debian-based distros like MX Linux
- openSUSE Tumbleweed, Leap 15.2
- macOS 10.12 to 11
Other notes:
- If something in the process does not work for you: try unplugging/replugging the device, switching between different USB ports/cables, also try USB 2.0 ports
- IPSW file integrity will be verified before restoring and/or creating custom IPSW (if custom IPSW is already created, this will be skipped)
- For users having issues with missing libraries/tools: Re-install dependencies with
./restore.sh Install
- Alternatively, delete the
libimobiledevice
orlibirecovery
folder inresources
then run the script again
- Alternatively, delete the
- For A7 devices:
- Do not use USB-C to lightning cables as this can prevent a successful restore
- For Mac users, selecting iPwnder32 instead of ipwndfu is highly recommended for entering pwnDFU mode
- checkm8 ipwndfu is unfortunately pretty unreliable, you may have to try multiple times (Linux users may also try in a live USB)
- If the script cannot find your device in pwnREC mode or gets stuck, you may have to start over by hard-resetting and re-entering recovery/DFU mode
- Use an Intel PC/Mac as entering pwnDFU (checkm8) may be a lot more unreliable on AMD devices
- Other than the above, unfortunately there's not much else I can do to help regarding entering pwnDFU mode.
- For 32-bit devices:
- To make sure that SSH is successful, try these steps: Reinstall OpenSSH/Dropbear, reboot and rejailbreak, then reinstall them again
- To devices with baseband, this script will restore your device with the latest baseband (except when jailbreak is enabled, and on iPhone5,1 as there are reported issues)
- This script can also be used to just enter kDFU mode for all supported devices
- This script can work on virtual machines, but I will not provide support for them
- If you want to use other manually saved blobs for 6.1.3/8.4.1, create a folder named
saved
, then within it create another folder namedshsh
. You can then put your blob inside that folder.- The naming of the blob should be:
(ECID in Decimal)_(ProductType)_(Version)-(BuildVer).shsh(2)
- Example with path:
saved/shsh/123456789012_iPad2,1_8.4.1-12H321.shsh
- The naming of the blob should be:
- For DFU advanced menu:
- To enter DFU advanced menu, put your iOS device in recovery (A6 only), normal DFU (also A6 only), kDFU, or pwnDFU mode before running the script
- There are three options that can be used for the DFU advanced menu
- Only select the "kDFU mode" option if your device is already in kDFU mode beforehand (example is using kDFUApp from tihmstar)
- For A6/A6X devices, "DFU mode (A6)" option should be used. This will use ipwndfu (or iPwnder32 for Mac) to put your device in pwnDFU mode, send pwned iBSS, and proceed with the downgrade/restore
- For A5/A5X devices, "pwnDFU mode (A5)" option can be used, BUT ONLY IF the device is put in pwnDFU mode beforehand, with an Arduino and USB Host Shield (checkm8-a5)
- For the jailbreak option (iOS 6.1.3 and 8.4.1):
- If you have problems with Cydia, remove the ultrasn0w repo and close Cydia using the app switcher, then try opening Cydia again
- If you cannot find Cydia in your home screen, try accessing Cydia through Safari with
cydia://
and install "Jailbreak App Icons Fix" package from my Cydia repo
- For the jailbreak option (iOS 8.4.1 only):
- Stashing is already enabled and
nosuid
is removed fromfstab
, so no need to install "Stashing for #etasonJB" package
- Stashing is already enabled and
- For users with A5 Rev A (8942) and A5X (8945) devices:
- A5 Rev A devices: iPad2,4, iPad mini 1, iPod touch 5
- A5X devices: iPad 3
- The jailbreak option might not work on A5 Rev A devices (see issue #70)
- For users that downgraded without jailbreak option, and have manually jailbroken with the EtasonJB app, it is recommended to install "EtasonJB Disable Bootloop Protection" from my Cydia repo
- For users that downgraded with the jailbreak option, and to users that have installed "EtasonJB Disable Bootloop Protection", your device might take a very long time to boot, possibly 20 minutes or more
- My Cydia repo: https://lukezgd.github.io/repo/ - for installing Dropbear, Jailbreak App Icons Fix, EtasonJB Disable Bootloop Protection
Tools and other stuff used by this script:
- cURL
- bspatch
- ipwndfu
- iPwnder32
- irecovery
- libimobiledevice
- imobiledevice-net (macOS)
- idevicerestore
- ipsw tool from OdysseusOTA/2
- Python 2 (for ipwndfu, rmsigchks, SimpleHTTPServer)
- tsschecker
- futurerestore 152 (32-bit)
- futurerestore 251 (Linux) (A7)
- futurerestore 245 (macOS) (A7)
- kloader
- kloader5 for iOS 5
- kloader_hgsp for iOS 10
- partial-zip
- 32-bit iBSS patches are from OdysseusOTA, OdysseusOTA2, alitek12, gjest
- A7 iBSS and iBEC patches are from MatthewPierson
- EtasonJB
- p0sixspwn
Languages
Shell
100%