As of Nov 17th 2019, I was able to FutureRestore to an unsigned firmware (iOS 13.1.3) from 13.2.2 on both my iPhone X and iPhone 7 after the Apple signing window for 13.1.3 was closed. These steps would normally be used if the boot nonce generator code of your device does not match the generator code of your saved .shsh2 generator code (e.g. 0x1111…) from the blob of the iOS version you are attempting to upgrade/downgrade to. Your specific device APnonce (.shsh2) blob file must be saved for the iOS version you are attempting to upgrade/downgrade to. The current Apple-signed SEP and baseband (.bbfw) must be compatible with the iOS version you are attempting to upgrade/downgrade to. Uses the checkm8-nonce-setter app which must be done on macOS Mojave (and below) and checkm8-nonce-setter is known only to support iPhones 5s, 7, 7+, X, iPads Air1, Mini2, 6th Gen, Mini3, 7th Gen, and iPod 7th Gen.
1. Download & install GIT on macOS Mojave (and below).
2. Download checkm8-nonce-setter, futurerestore, the iOS Restore (.ipsw) image that you want to go to from ipsw.me, your .shsh2 APNonce blobs for the applicable iOS version you attempting to upgrade/downgrade to from TSS Saver, and the currently signed SEP(.imp4), baseband (.bbfw), and buildmanifest (.plist) files via extract.me (see this video for more detail). There may be several versions of the SEP/baseband files; this may help in selecting the correct SEP/baseband (scroll down to Option 2, step 4 here). It helps if these 7 items are all put into the same folder: (checkm8-nonce-setter folder, futurerestore, ipsw, shsh2, im4p, bbfw, buildmanifest.plist).
3. Disable Find My iPhone (or other iDevice)
4. Plug device into mac
5. Enter DFU Mode (for iphone 7) or (video for iphone X, among many others). Harder than it seems...follow these tutorials exactly.
6. Set Nonce (video tutorial)
- type “cd” in Terminal, space
- drag checkm8-nonce-setter folder into terminal, enter
- type “ ./main.sh ”, enter
- type y, enter
- paste your nonce generator code that you are going to (e.g. 0x1111111111111111), enter. When complete, keep terminal window open. It may take 30-60 seconds to complete, will look like this if successful.
7. Once nonce set, run futurerestore in Terminal:
a. drag futurerestore into terminal, space
b. -t space
c. drag BLOB file (.shsh2) space
d. -s space
e. drag SEP (.im4p) space
f. -b space
g. drag baseband file (.bbfw) space
h. -p space
i. drag buildmanifest file (.plist) space
j. -m space
k. drag buildmanifest file (.plist) space
l. drag iOS Restore image (.ipsw) space
m. enter
Should look something like this:
/Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/futurerestore -t /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/6215805922807078_iPhone9\,1_d10ap_13.1.3-17A878_xxx.shsh2 -s /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/sep-firmware.d10.RELEASE.im4p -b /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/Mav16-7.11.01.Release.bbfw -p /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/BuildManifest.plist -m /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/BuildManifest.plist /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/iPhone_4.7_P3_13.1.3_17A878_Restore.ipsw
Downloads & Notes:
- GIT
- checkm8-nonce-setter
- futurerestore
- .shsh2 (BLOB) comes from your saved noapnonce .shsh2 file of the firmware you are going to.
- .im4p (SEP) comes from currently signed IPSW, obtain via ipsw.me / extract.me
- .bbfw (Baseband) comes from currently signed IPSW, obtain via ipsw.me / extract.me
- .plist (buildmanifest) comes from currently signed IPSW, obtain via ipsw.me / extract.me
- The correct version of SEP & bbfw for your device are obtained here (scroll to OPTION 2, step 4).
1. Download & install GIT on macOS Mojave (and below).
2. Download checkm8-nonce-setter, futurerestore, the iOS Restore (.ipsw) image that you want to go to from ipsw.me, your .shsh2 APNonce blobs for the applicable iOS version you attempting to upgrade/downgrade to from TSS Saver, and the currently signed SEP(.imp4), baseband (.bbfw), and buildmanifest (.plist) files via extract.me (see this video for more detail). There may be several versions of the SEP/baseband files; this may help in selecting the correct SEP/baseband (scroll down to Option 2, step 4 here). It helps if these 7 items are all put into the same folder: (checkm8-nonce-setter folder, futurerestore, ipsw, shsh2, im4p, bbfw, buildmanifest.plist).
3. Disable Find My iPhone (or other iDevice)
4. Plug device into mac
5. Enter DFU Mode (for iphone 7) or (video for iphone X, among many others). Harder than it seems...follow these tutorials exactly.
6. Set Nonce (video tutorial)
- type “cd” in Terminal, space
- drag checkm8-nonce-setter folder into terminal, enter
- type “ ./main.sh ”, enter
- type y, enter
- paste your nonce generator code that you are going to (e.g. 0x1111111111111111), enter. When complete, keep terminal window open. It may take 30-60 seconds to complete, will look like this if successful.
7. Once nonce set, run futurerestore in Terminal:
a. drag futurerestore into terminal, space
b. -t space
c. drag BLOB file (.shsh2) space
d. -s space
e. drag SEP (.im4p) space
f. -b space
g. drag baseband file (.bbfw) space
h. -p space
i. drag buildmanifest file (.plist) space
j. -m space
k. drag buildmanifest file (.plist) space
l. drag iOS Restore image (.ipsw) space
m. enter
Should look something like this:
/Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/futurerestore -t /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/6215805922807078_iPhone9\,1_d10ap_13.1.3-17A878_xxx.shsh2 -s /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/sep-firmware.d10.RELEASE.im4p -b /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/Mav16-7.11.01.Release.bbfw -p /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/BuildManifest.plist -m /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/BuildManifest.plist /Users/mojo_br/Desktop/13.1.3\ jb/jb13/13.1.3/iPhone_4.7_P3_13.1.3_17A878_Restore.ipsw
Downloads & Notes:
- GIT
- checkm8-nonce-setter
- futurerestore
- .shsh2 (BLOB) comes from your saved noapnonce .shsh2 file of the firmware you are going to.
- .im4p (SEP) comes from currently signed IPSW, obtain via ipsw.me / extract.me
- .bbfw (Baseband) comes from currently signed IPSW, obtain via ipsw.me / extract.me
- .plist (buildmanifest) comes from currently signed IPSW, obtain via ipsw.me / extract.me
- The correct version of SEP & bbfw for your device are obtained here (scroll to OPTION 2, step 4).
Attachments
Last edited:
