iOS 10.3.1 Exploit Can Be Used For Downgrades To iOS 10.2 in the Future

In today's video we're going to quickly discuss about the fact that, according to the developer Luca Todesco, the Kernel Exploit that will be released at a conference in the summer can indeed be used to downgrade back to iOS 10.2 (and Jailbreak) if you've saved your iOS 10.2 blobs. The reason this would work is because you'd be able, according to Luca, to set the nonces on the device. For those of you who don't know, Prometheus (FutureRestore) is able to perform the downgrade in two different ways: Non-Jailbroken (NONCE Collision), where the device has to be restarted until the nonce generated by it matches the nonce inside the SHSH2 ticket you've saved. The NONCE collision is unfortunately pure luck as some devices never generate collisions (and starting with iOS 10.2.1 Prometheus seem to not be able to detect any nonce collisions anymore). The other method is setting a specific nonce (using nonceEnabler) on a Jailbroken device. You would, of course, set the nonce that you have in the blob so that the device automatically generates that specific one and the restore to 10.2 begins.

Luca has not mentioned this, but I guess downgrading to iOS 10.2 by using FutureRestore might still be problematic in the summer. See, by then the latest version will be iOS 10.3.3? or maybe more? The downgrade method requires you to have the IPSW of the latest version and the IPSW of the version you're trying to downgrade to (10.2), the files will combine during the restore and create a sort of custom IPSW (with parts from both versions). One of the thing I recall being used from the latest version is the Baseband and the SEP which I doubt are still compatible to be properly loaded by iOS 10.2 (I might be wrong, but it is a big gap between iOS 10.2 and 10.3.3). So unless this isn't a thing, you might get Touch ID not to work? Maybe even the cellular connection? I don't know, but it is an issue that seem to have came to my mind.




==Resources==
About the exploit: (see this first)
How to save your SHSH2 Blobs
iOS 10.3.2 – Features, Changes, Battery Life
iOS 10 Downgrade – Save Your SHSH2 Blobs on iPhone (No PC)
iOS 11, WWDC 17 & iOS 10.3.1 Jailbreak Info, Save SHSH2
Yalu Jailbreak Forever – How to Resign Yalu Automatically (No PC)

 

Garage Projects iDevice Tips iOS 10 iOS Downgrade No comments
GeoSn0w

About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)

Related posts