Prometheus allows iOS users to upgrade/downgrade even after signing window closed

Thread: Prometheus allows iOS users to upgrade/downgrade even after signing window closed

  1. evilsatan's Avatar

    evilsatan said:

    Default Prometheus allows iOS users to upgrade/downgrade even after signing window closed

    Here’s how to save .shsh2 blobs for Prometheus upgrade or downgrade on unsigned iOS firmware using TSS Saver.

    iOS developer and tinkerer tihmstar is releasing a new tool called Prometheus capable of capturing the necessary information required to downgrade or upgrade to a version of iOS which is no longer being signed by Apple. This tool is apparently set for New Year’s eve release and currently works on 64-bit devices that are already jailbroken.

    With an iOS 10.1.1 jailbreak by Luca Tedesco based on Google’s Project Zero exploit said to be coming soon, this is useful for those still jailbroken on iOS 9.3.3 and are not comfortable enough to jump ship on iOS 10.1.1 until a jailbreak is actually available for that firmware. By saving .shsh2 blobs for iOS 10.1.1 now, they can upgrade to iOS 10.1.1 later when the jailbreak finally drops even if by that time Apple is no longer signing the firmware. Pretty useful!

    The developer has already released a companion tool called tsschecker which basically lets you save .shsh2 blobs required for downgrading/upgrading purposes. Unfortunately though, the level of technical capability needed to actually use tsschecker to save the necessary .shsh2 blobs required to allow Prmoetheus to go to work maybe complex for some, that is where a new online tool aptly named TSS Saver by 1Conan comes into play. This tool basically makes the whole saving of .shsh2 blobs situation a lot more user friendly.

    It’s a web-based tool which simply requires the user to connect the iOS device to the computer, identify some information unique to that device, punch them into the tool, and voila! Not convinced? Allow us to walk you through the process then.

    Step 1: First and foremost, you’re going to need your device’s ECID number. You will need your device, a Lightning cable, and iTunes to do this. Plug your device into the machine via the USB cable and launch iTunes.

    Step 2: Click on the Summary tab in the left-hand pane and then locate the Serial Number on the right-hand pane. Click on the Serial Number until you see ECID.

    Step 3: Right-click on the ECID and copy it directly to the clipboard. Remember, if you’re using macOS Sierra, and have iOS 10, then the ECID you just copied to clipboard should be available across all devices as long as Universal Clipboard is activated.

    It is important to note that TSS Saver requires the ECID to be provided as hexadecimal value for it to be accepted. If you have the ECID as a decimal value, and need it to be hexadecimal, then you can convert it using any of the many online conversion tools available on web.

    Step 4: In addition to the ECID, you’re also going to need your device’s identifier, which you can find using same process as above by clicking on Serial Number until it shows Model Identifier.

    Step 5: Once you have both ECID in hexadecimal and Model Identifier, head over to the following URL to access TSS Saver: tsssaver.1conan.com.

    Step 6: Where it asks for it, paste in the hexadecimal ECID that you managed to extract earlier.

    Step 7: Next, make sure that you select your correct device type and model number as found earlier under the Identifier: section.

    Step 8: With all the required information entered, make sure you tick the “I’m not a robot” check before proceeding.

    Step 9: Finally, hit the Submit button, and hopefully the online tool should do all of the heavy lifting for you and shoot off to capture and save the .shsh2 blobs on your behalf for all firmware versions that are currently being signed by Apple. It will then take you directly to a results page which will give you access to the saved blobs for downloading.

    In case you ever lose your link or downloaded blobs, you can download them once again by visiting the following URL: tsssaver.1conan.com/shsh/”decimal ECID”, where you need to replace “decimal ECID” with the hexadecimal ECID you extracted earlier.

    Alternatively, you can simply head over to the tool’s website and enter the hexadecimal ECID in the Lost your link? section and hit the Get your blobs button to grab the .shsh2 blobs.


    Now we wait for tihmstar to release Prometheus tool!

    [Only registered and activated users can see links. ]

     
  2. evilsatan's Avatar

    evilsatan said:

    Default Re: Prometheus allows iOS users to upgrade/downgrade even after signing window closed

    I know many on here don't JB any more but this is useful info, a bit like back in the day with the original SHSH blobs that Cydia saved automatically for the same reason. It looks likely that iOS 10.2 will be Jailbroken soon so particularly good idea to save those blobs or if you want to chance it upgrade to that now whilst the signing window is open and wait patiently. I'm sticking on 9.3.3 for now as the Pangu JB seems stable and I like the fact I can reboot into non-JB state if needed.

    You can only save blobs whilst the signing window is open for that particular version.

     
  3. Ashley's Avatar

    Ashley said:

    Default Re: Prometheus allows iOS users to upgrade/downgrade even after signing window closed

    I haven't JB in ages and used to love the tinkering about with it.

    What's your main reason for the jailbreak? I used to just do it for barrel and a few other things from cydia.
     
  4. Teajunkie's Avatar

    Teajunkie said:

    Default Re: Prometheus allows iOS users to upgrade/downgrade even after signing window closed

    Crikey I haven't jailbroken since my 4s
    tbh there was no benefit other than a Bluetooth app for my car diag dongle I bought.
    I still have that 4s and as far as I'm aware it's still jailbroken too.

    Not it sure why I would want to jb now but if there's a decent reason I will.
    My decal venture has taken over my dog tag business
    nice to be busy though.
    Instagram and twitter @mrteajunke.
     
  5. Ashley's Avatar

    Ashley said:

    Default Re: Prometheus allows iOS users to upgrade/downgrade even after signing window closed

    I used to also enjoy all the process of doing it but ended up getting bored.

    I remember when they browser based exploit came out, jailbreak.me or whatever and I went into the O2 shop and jail broke all their phones on the display
     
  6. evilsatan's Avatar

    evilsatan said:

    Default Re: Prometheus allows iOS users to upgrade/downgrade even after signing window closed

    Quote Originally Posted by Ashley View Post
    I haven't JB in ages and used to love the tinkering about with it.

    What's your main reason for the jailbreak? I used to just do it for barrel and a few other things from cydia.
    I use it for some UI customisation, App Admin so I can downgrade any app, Browser changer so Chrome is my default, iGotYa which sends me a photo and GPS location if my passcode is entered incorrectly, some patches which protect me against known security flaws in my version, few tools like WiFi Passwords. Annoyingly WiFiFoFum no longer works and I haven't found an alternative yet for quick scanning of wireless channels etc. in use.