Downgrading firmware is something jailbreakers have used over the years to thwart Apple’s attempts to stop jailbreaks. Even when Apple stopped signing firmware, jailbreakers found a way around it by saying blobs. shsh and using them to restore unsigned firmware. But more recently, changes made by Apple seem to have rendered even that process unusable.
FutureRestore co-author @Cryptiiiic shared important information about the firmware downgrade status in a blog post published on their GitHub page on Tuesday, highlighting the dire situation users face with downgrading in the face of the new security mechanisms introduced in iOS and iPadOS 16. , especially for new phones.
Once upon a time, downgrading was a simple process requiring only a saved blob. shsh, also known as the Apple Signing Ticket, the introduction of the Secure Enclave Processor (SEP) made things a bit more complicated, requiring users to also check SEP compatibility between firmware downgrades. before they could safely continue. Sometimes the SEP of the newer firmware worked with the older firmware, but not always.
Up to and including iOS devices and iPadOS 15, A11 chip phone users can use the APNonce generator to move forward down. The FutureRestore team noticed a change in how the nonce seed was encrypted on the A12 chip and on newer phones, but managed to pull some tricks to get it working, assuming the user’s SEP was running the desired firmware version.
Unfortunately, iOS and iPadOS 16 have changed things again and there is no longer an option to save nonce seeds. This effectively breaks the “trick”we mentioned in the previous paragraph and means that the A12 chip and newer devices will no longer be able to downgrade unless some other workaround is found.
What happens if you try anyway? It’s probably a good idea that you don’t try…
According to @Cryptiiiic, using Cryptex1 iOS or iPadOS 16.3.1 while downgrading to iOS or iPadOS 16.0-16.1.2 may cause the download to fail on the affected phone. Trying to upgrade to iOS or iPadOS 16.2 might look more promising, however, once you get to the country selection screen, you’ll quickly find your device freezes and you can’t move on.
It all boils down to one thing: downgrading the firmware will probably not be possible on the A12 chip and newer phones running iOS or iPadOS 16 for the foreseeable future, and it is not known if this will ever change. The only positive here is that the A11 chip and older phones that are compatible with IE checkm8 bootrom can continue to upgrade to various versions of iOS and iPadOS 16 as usual.
Since @Cryptiiiic is a real expert on everything that goes on under the hood here, we highly recommend reading their full blog post to better understand all the cogs and cogs that make FutureRestore work and how things have changed over the years, all the way back to iOS. and iPadOS 16. There you can learn more about why things are the way they are.
So for now, it looks like downgrading on iOS and iPadOS 16 is dead for devices with an A12 chip and everything newer. But if you have a device with an A11 chip or older, then you should be fine… for now.
What do you think of the firmware downgrade status after reading @Cryptiiiic’s blog post? Be sure to let us know in the comments section below.