[Jailbreak] Tutorial downgrade from iOS 15.6.1 to iOS 14.6 with sunst0rm
Hi! After reading a few articles on the forums and experimenting with my device. I have successfully downgraded from iOS 15.6.1 to iOS 14.6. I will describe to you the steps below
Video Demo
0. Device Information
Model: Iphone 6s
Identifier: iPhone8,1
BoardConfig: N71mAP
iOS version: 15.6
Chipset: AppleA91. System Requirement
MacOS 10.15+
Python32. Prepare tools and dependencies
2.1 Blobsaver
Use Blobsaver to get signed SHSH certificate
2.2 IPSW
Use ipsw.me to download your ipsw want to downgrade.
2.3 Gaster
Placing the device into pwndfu mode with gaster
git clone https://github.com/0x7ff/gaster
cd gaster
make
mv gaster /usr/local/bin/gaster
gaster pwn2.4 Sunst0rm
Automatic Downgrade for checkm8 devices
git clone https://github.com/mineek/sunst0rm.git
cd sunst0rm
pip3 install -r requirements.txt2.4.1 HomeBrew
Install HomeBrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"Install some libs and dependencies
brew install automake autoconf pkg-config libtool libusb poetry libpng2.4.2 libirecovery
brew install libimobiledevice libirecovery2.4.3 futurerestore
Download lastest futurerestore in
https://github.com/futurerestore/futurerestore/releasesor
https://nightly.link/futurerestore/futurerestore/workflows/ci/mainIn this case I use futurerestore-macOS-RELEASE.zip then
chmod +x futurerestore
mv futurerestore /usr/local/bin/2.4.4 iBoot64Patcher
https://nightly.link/Cryptiiiic/iBoot64Patcher/workflows/ci/mainIn this case I use iBoot64Patcher-macOS-x86_64-RELEASE then
chmod +x iBoot64Patcher
mv iBoot64Patcher /usr/local/bin/2.4.5 Kernel64Patcher
git clone https://github.com/iSuns9/Kernel64Patcher.git
cd Kernel64Patcher
gcc Kernel64Patcher.c -o Kernel64Patcherthen
mv Kernel64Patcher /usr/local/bin/2.4.6 img4tool
https://github.com/tihmstar/img4tool/releasesIn this case I use buildroot_macos-latest.zip then
cd buildroot_macos-latest
cp -r usr/local/* /usr/local/
chmod +x /usr/local/bin/img4tool2.4.7 img4
git clone https://github.com/xerub/img4lib.git --recursive
cd img4lib
make -C lzfse
make COMMONCRYPTO=1then
cp img4 /usr/local/bin
cp libimg4.a /usr/local/lib2.4.8 ldid
brew install ldid2.4.9 restored_external64_patcher
git clone https://github.com/iSuns9/restored_external64patcher.git
cd restored_external64patcher
make
mv restored_external64_patcher /usr/local/bin/2.4.10 asr64_patcher
git clone https://github.com/exploit3dguy/asr64_patcher.git
cd asr64_patcher
make
mv asr64_patcher /usr/local/bin3. Start to downgrade
Currently device is running iOS 15.6.1
3.1 Place device to DFU mode
Press Home + Power for 10s then let Power and keep holding Home for another 10s
3.2 Pwndfu with sigchecks removed
gaster pwn
3.3 Continue in sunst0rm run frist command
python3 sunstorm.py -i 'IPSW' -t 'SHSH2' -r -d 'BOARDCONFIG'If your device is A9 or lower, then YOU NEED to add the --kpp flag. If you have a device A10 or greater, you DO NOT NEED them.
In my case, my device is use A9 so command is :
python3 sunstorm.py -i 'IPSW' -t 'SHSH2' -r -d n71map --kppIf your device does not have baseband such as iPod Touch or Wifi Only iPads pass --skip-baseband to sunst0rm arguments. Example :
python3 sunstorm.py -i 'IPSW' -t 'SHSH2' -r -d 'BOARDCONFIG' --kpp --skip-baseband
We have the result after running
3.4 Continue in sunst0rm run second command
python3 sunstorm.py -i 'IPSW' -t 'SHSH2' -b -d 'BOARDCONFIG' -id 'IDENTIFIER'Following my A9 device example:
python3 sunstorm.py -i 'IPSW' -t 'SHSH2' -b -d n71map --kpp -id iPhone8,1
We have the result after running
3.5 Place device to real DFU mode
At this time, device is now in some sort of “fake/broken” DFU mode. We need to get into the real DFU mode.
Press Home + Power for 10s then let Power and keep holding Home for another 10s3.6 Again Pwndfu with sigchecks removed
gaster pwn
3.7 Boot device
./boot.shIf your device use A10+
./boot-a10.sh
Now device is running iOS 14.6
