Firmware downgrades are one thing that jailbreakers have used over time to thwart Apple’s makes an attempt to cease jailbreaking. Even when Apple stopped signing firmware, jailbreakers discovered a approach round that by saying .shsh blobs and utilizing them to revive to unsigned firmware. However extra lately, modifications made on Apple’s finish seem to have made even this course of lower than usable.
FutureRestore contributor @Cryptiiiic shared some vital perception into the state of firmware downgrades in a weblog submit printed to their GitHub web page on Tuesday, and it underscores the dire state of affairs that downgraders are up towards within the face of recent safety mechanisms launched in iOS & iPadOS 16, particularly with respect to newer handsets.
Whereas downgrades had been as soon as a straightforward course of requiring only a saved .shsh blob, often known as an Apple signing ticket, the introduction of the Safe Enclave Processor (SEP) made issues a bit extra sophisticated, requiring customers to additionally test SEP compatibility between firmware downgrades earlier than they may reliably proceed. Generally the SEP of a more moderen firmware labored with older firmware, however not all the time.
As much as and together with iOS & iPadOS 15 gadgets, A11 chip-equipped handset customers might use an APNonce Generator to maneuver ahead with downgrades. The FutureRestore workforce seen modifications in how nonce seeds had been encrypted on A12 chip and newer-equipped handsets, however managed to tug off some trickery to make issues work, assuming the person’s SEP labored with the specified firmware downgrade.
Sadly, iOS & iPadOS 16 modified issues as soon as once more, and now there is no such thing as a longer a solution to persist nonce seeds. This successfully breaks the “trickery” we talked about within the above paragraph, and implies that A12 chip and newer-equipped gadgets will not have the ability to downgrade except another workaround might be discovered.
What would occur should you tried anyway? It’s in all probability a good suggestion that you simply don’t attempt…
Based on @Cryptiiiic, utilizing the iOS or iPadOS 16.3.1 Cryptex1 when downgrading to iOS or iPadOS 16.0-16.1.2 could cause failure in addition on the affected handset. Trying a downgrade to iOS or iPadOS 16.2 could look extra promising, nonetheless upon attending to the nation choice display screen, you’d rapidly discover that the machine would freeze and also you wouldn’t have the ability to get any additional.
This all sums as much as one factor: firmware downgrades are more likely to be unimaginable on A12 chip and newer-equipped handsets working iOS or iPadOS 16 for the foreseeable future, and there’s no telling if that may ever change. The one silver lining right here is that A11 chip and older-equipped handsets, I.E. checkm8 bootrom exploit-compatible gadgets, can proceed to downgrade to numerous model(s) of iOS & iPadOS 16 as typical.
Since @Cryptiiiic is the true professional on every part happening beneath the hood right here, we extremely advocate studying their full weblog submit to higher perceive all of the gears and cogs that make FutureRestore work and the way issues have modified over time, as much as and together with iOS & iPadOS 16. There, you may have the ability to study extra about why issues have gotten to the purpose they’re.
So for now, it seems to be like firmware downgrades on iOS & iPadOS 16 are lifeless for A12 chip-equipped gadgets and something newer. However if in case you have an A11 chip-equipped machine or older, then you need to be good to go… for now.
What are your ideas on the state of firmware downgrades after studying @Cryptiiiic’s weblog submit? Remember to tell us within the feedback part down under.
