It has been confirmed that iOS devices powered by A7 chip like iPhone 5s, iPad mini 2 and iPad Air still have OTA (over the air) update available. So it is possible to downgrade to iOS 10.3.3.
It is possible because A7 devices still on iOS 9 or lower need to go to iOS 10.3.3 first before they can use the OTA update to upgrade to iOS 11. It’s still unknown whether this OTA signing will last or would be closed sometime in the future.
All other devices with Apple A8+ chip powered models can go straight to iOS 11 and since iOS 11.2.6 is the signed version available for now, it eliminates the chance for those iOS devices to downgrade to any iOS versions below iOS 11.
This tutorial only applicable for those lucky ones which still on iOS 11.1.2 or lower in the following iOS devices:
- iPhone 5s (iPhone6,1 and iPhone 6,2)
- iPad mini 2 (iPad4,4, iPad4,5 and iPad4,6)
- iPad air (iPad4,1, iPad4,2 and iPad4,3)
All other devices not listed are discouraged to follow this tutorial since you will end up bricking your devices and be forced to restore to the currently signed iOS version. Please note that if you follow this tutorial, you’ll be doing it at your own risk.
If you have any of those devices and have a valid iOS 10.3.3 .shsh2 blob, then you can follow this tutorial.
This tutorial is written with Windows PC and iPhone 5s (GSM) model for reference.
What you need to prepare:
- You can find the iOS device Model identifier using iTunes.
- Launch the app and go to System tab, there you can see your Device Model.
- A minimum 10 GB of free hard disk space on your desktop.
- Your valid iOS 10.3.3 .shsh2 blob of your device model.
- iOS 10.3.3 .ipsw for your device model.
- You need to sideload the following with Cydia Impactor:
- For iOS 9 sideloaded with Cydia Impactor PhoenixNonce.ipa from https://github.com/Siguza/PhoenixNonce/releases
- For iOS 10 sideloaded with Cydia Impactor v0rtexNonce.zip (rename into v0rtexNonce.ipa) from https://github.com/arx8x/v0rtexNonce/releases
- For iOS 11 sideloaded with Cydia Impactor NonceSet1112.ipa from https://github.com/julioverne/NonceSet112
- Specific BuildManifest.plist for your device model which you can download from https://www.dropbox.com/sh/eg8t2d8ji42imoa/AAAuesf0_kQLM-xVL3Ew4vCla?dl=0
- futurerestore which you can download from https://github.com/encounter/futurerestore/releases
How to Downgrade to iOS 10.3.3 on iPhone 5s, iPad mini 2 and iPad Air
Step 1: Extract downloaded “futurerestore.zip” in a folder on your hard drive named futurerestore (for example D:\futurerestore\) and copy your iOS 10.3.3 .shsh2 blob there. Also copy iOS 10.3.3 .ipsw file in this folder. To make it easier typing the command line later, you may rename the .shsh2 file to “my.shsh2” and iOS 10.3.3 .ipsw file into “restoreto.ipsw”.
Step 2: Open your iOS 10.3.3 .ipsw using 7zip or any zip extractor you have and copy .bbfw and .im4p files into your futurerestore folder. Example; for iPhone 5s (GSM) copy Mav7Mav8-7.60.00.Release.bbfw (in “ Firmware “) and sep-firmware.n53.RELEASE.im4p (in “ Firmware\all_flash “). Other iOS device models will have aslightly different file naming matching SEP with your model and the baseband although all the version is 7.60.00.
Step 3: Open your iOS 10.3.3 .shsh2 as text using Notepad and find your generator key string, something like 0xab12c34d5ef6ab7d.
Step 4: Type that string in PhoenixNonce app or v0rtexNonce or NonceSet1112 app ended with Set or enter. In this process your device may restart on its own—that’s normal. Restart you iOS device then open the app again after to make sure that the values have been correctly written in your device—if the values haven’t been shown yet, repeat this process until the values shown correctly.
Step 5: Connect your iOS device to your computer, make sure iTunes is not running in background and you have stable internet connection. Open normal Command Prompt (no Admin rights) then go to “ D:\futurerestore\ ”. All needed files must be within the same folder before the following command typed
futurerestore -t my.shsh2 –b Mav7Mav8-7.60.00.Release.bbfw –p BuildManifest_iPhone6,1_1033_OTA.plist –s sep-firmware.n53.RELEASE.im4p –m BuildManifest_iPhone6,1_1033_OTA.plist restoreto.ipsw
If you haven’t changed the filenames, the command may look like this:
futurerestore -t 1234567890123_iPhone6,1_n51ap_10.3.3-14G60_a1bcdef234abc567d8e9f012345a6789b01234c5.shsh2 –b Mav7Mav8-7.60.00.Release.bbfw –p BuildManifest_iPhone6,1_1033_OTA.plist –s sep-firmware.n53.RELEASE.im4p –m BuildManifest_iPhone6,1_1033_OTA.plist iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw
You will see a long verbose message after hitting Enter. Do not interrupt this process whatsoever until it’s done, that is command prompt shown again (D:\). The process will continue on your iOS devices until you see the Welcome screen if everything goes correctly.
Be aware that every time the device comes out of Recovery before the process finished—maybe you changed your mind or have invalid blob, the generator key resets. When this happens, you will have to do the process again, you have to repeat from step 3.
You can exit Recovery using the following command
Let us know how it goes in the comments.
Special thanks to Albanus for providing the step-by-step guide. We hope you find it helpful.
Don’t forget to signup for our Daily Newsletter so you don’t miss such articles.