In today's video I am showing you how to use prometheus (FutureRestore) to downgrade from iOS 10.2.1 or iOS 10.3 back to iOS 10.2 or iOS 10.1.1 if you have saved your blobs. This tutorial requires you to have the SHSH2 files already saved from the timeframe when iOS 10.2 / 10.1.1 used to be signed. Normally, there are two different prometheus downgrade methods, the first one involves a patch, nonceEnabler, that can be used on an already Jailbroken device, and the second one, the one we also demonstrate in this video, uses the NONCE Collision.
What is Nonce Collision?
A NONCE is a random string generated by the device after every reboot. When saving your blobs, inside the blob you also capture the a random NONCE generated using your ECID. In order to be able to start a downgrade, the NONCE generated by the device has to match the one inside the blob – definitely not easy. With nonceEnabler you can set what nonce the device should generate, but because you don't haver a Jailbreak, and you can't use nonceEnabler patch, you need to attack the device by rebooting multiple times, in fact, rebooting every time the nonce generated doesn't match. Don't worry, FutureRestore tool will take care of that for you, so if your device starts rebooting randomly while Prometheus runs, it is normal.
Unfortunately according to @tihmstar, the creator of Prometheus method, not all devices can be attacked this way (as not all devices produce collisions). For some devices works, for some it doesn't. For some devices it takes less time, some simply never work as all devices are unique despite being the same model. This method involves a CFW (Because we use the Baseband and the SEP of a signed version combined with the rest of the files from iOS 10.2 or 10.1.1), so the chances are limited, unfortunately this is as good as we can get.
Check your SHSH2: https://goo.gl/heeUmz
Follow Me on Twitter: https://twitter.com/FCE365
Follow @tihmstar: https://twitter.com/tihmstar
iOS Downgrade Playlist: https://goo.gl/bzewAo