It is a downgrade and untethered jailbreak tool to iOS 4-9 that exploited the boot chain of iOS 7 iBoot using @xerub's De Rebus Antiquis.
Operation confirmed with OS X 10.10.5 and MacOS 10.13.5. It may not work in 10.14. Please downgrade to High Sierra.
Please secure about 10 GB of free space.
This tool enables exploit of iBoot.
Therefore your device can be attacked from iBoot.
If you have a blob, downgrade it using it is much safer.
In the case of iPhone 4, it does not matter because it is already pwned by Bootrom vulnerability.
*Downgrade only
iOS 4.3.3 (incomplete), 4.3.5
iOS 5.1.1 (9B206)
iOS 6.0 - 6.1.3
iOS 7.0 - 7.1.1
For iPhone 5, SHSH of either iOS 7.0 - 7.0.6 is required.
But, downgrade target SHSH is unnecessary!
*Downgrade only
iOS 6.0 - 6.1.2
iOS 6.1.4
iOS 7.0 - 7.1.2
iOS 8.0.2
*Downgrade and untethered jailbreak
iOS 9.0-9.3.5
*Downgrade only
iOS 6.1.4 (untest)
The bundle is provided from here.
ipsw download (https://ipsw.me)
Prepare put it firmware (base-ipsw, downgrade-ver-ipsw) in s0meiyoshino.
./install.sh
./make_ipsw.sh [device model] [downgrade-iOS] [base-iOS] [args]
[OPTION]
--verbose : Inject Boot-args "-v"
--jb : Jailbreak iOS (iPhone5,2 9.x only) (BETA)
example: ./make_ipsw.sh iPhone5,2 6.1.4 7.0.4 --verbose
First, put in device "DFU mode".
Then, execute the following.
./restore4.sh
First, put shsh of 7.x in the shsh/ directory.
And, change shsh file name. If you want to downgrade to 6.1.4 on iPhone 5 (Global), it will be as follows.
[ECID]-iPhone5,2-7.0.x.shsh -> [ECID]-iPhone5,2-6.1.4.shsh
Next, put in device "kDFU mode" or "Pwned recovery mode".
Then, execute the following.
bin/idevicerestore -e -w [CUSTOM_IPSW]
This method adds "boot-partition=2" to the nvram variable.
Even if you restore it with OFW in iTunes, it will be in recovery mode as it is.
It can be deleted in the following way.
(1) Booting SSH ramdisk (exploited limera1n/SHAtter or De Rebus Antiquis)
(2) Execution command "nvram -d boot-partition"
(3) reboot and restore
This method adds "boot-partition", and "boot-ramdisk" to the nvram variable.
However, since iOS 9 and later ignore this, if you want to restore it, do as follows.
(1) Restore iOS 9.0-10.3.3
(2) Jailbreak
(4) Execution command "nvram -d boot-ramdisk"
(5) Reboot
@xerub for De Rebus Antiquis
@danzatt for ios-dualboot(hfs_resize etc.)
Roderick W. Smith - for gptfdisk
@iH8sn0w for iBoot32Patcher
@tihmstar for Improvement of iBoot32Patcher, and partialZipBrowser
@nyan_satan for Improvement of iBoot32Patcher and TwistedMind2
@ShadowLee19 for bypass boot-partition and boot-ramdisk value iBoot patch
@JonathanSeals for CBPatcher, disable kaslr patch, and many tips
@Benfxmth for bypass reset boot-partition value iBoot patch, and many tips
@alitek123 for many Odysseus Bundles
@nyanko_kota for Tester on iPhone 4s
@winocm for opensn0w jailbreak patch
@daytonhasty for Odysseus
@libimobiledev for idevicerestore
@planetbeing for xpwn
@axi0mX for ipwndfu
@posixninja and @pod2g for SHAtter exploit