Tethered Downgrade Guide By Mineek

discord: Mineek#6323

This tutorial was made in half an hour, its really bad but should get you started on your tethered downgrade adventure!

HUGE THANKS TO galaxy#6181. Without him, I wouldn't have known all this to write a guide!

REQUIREMENTS:

irecovery
futurerestore
pyimg4 (pip3 install pyimg4) (MAKE SURE YOU UPDATED PYTHON AND NOT USING THE BUNDLED ONE!)
Kernel64patcher (https://github.com/iSuns9/Kernel64Patcher)
ldid (https://github.com/ProcursusTeam/ldid)
restored_external64_patcher (https://github.com/iSuns9/restored_external64patcher)
asr64_patcher (https://github.com/iSuns9/asr64_patcher)
libimg4patcher (https://github.com/iSuns9/libimg4_patcher)

Make sure to use the forks listed above.

Downgrade portion:

Grab yourself your ipsw for iOS 15.1
Extract it and grab kernelcache and restore ramdisk (tip: it's the smallest .dmg in the IPSW!)
Put kernelcache and ramdisk.dmp in new folder
Extract the restore ramdisk with: pyimg4 im4p extract -i restore_ramdisk_name.dmg -o ramdisk.dmg

Mount the restore ramdisk:

hdiutil attach ramdisk.dmg -mountpoint ramdisk

patch ASR:

asr64_patcher ramdisk/usr/sbin/asr patched_asr

Patch restored_external:

restored_external64_patcher ramdisk/usr/local/bin/restored_external restored_external_patched

Patch libimg4:

libimg4_patcher ramdisk/usr/lib/libimg4.dylib libimg4.patched

Extract original entitlements from original binaries.

ldid -e ramdisk/usr/local/bin/restored_external >> restored_ents.plist
ldid -e ramdisk/usr/sbin/asr >> asr_ents.plist

Remove the old ones:

rm -f ramdisk/usr/sbin/asr && rm -f ramdisk/usr/local/bin/restored_external && rm -f ramdisk/usr/lib/libimg4.dylib

Resign the binaries:

   ldid -Srestored_ents.plist restored_external_patched
   ldid -Sasr_ents.plist patched_asr
   ldid -S libimg4.patched

chmod the binaries:

  chmod 777 restored_external_patched
  chmod 777 patched_asr
  chmod 777 libimg4.patched

Replace the original binaries with the patched ones:

cp -a restored_external_patched ramdisk/usr/local/bin/restored_external
cp -a patched_asr ramdisk/usr/sbin/asr
cp -a libimg4.patched ramdisk/usr/lib/libimg4.dylib

Unmount the ramdisk:
```
hdiutil detach ramdisk
```

Repack the ramdisk

pyimg4 im4p create -i ramdisk.dmg -o ramdisk.im4p -f rdsk

Extract the kernel:

pyimg4 im4p extract -i kernelcache.release.* -o kernelcache.raw --extra kpp.bin

(If your device does not have KPP which is A10 devices and up do not include --extra kpp.bin)

Patch it:

Kernel64Patcher kernelcache.raw  kernelcache.patched -a

Repack the kernel: (If your device does not have KPP which is A10 devices and up do not include --extra kpp.bin)
```
pyimg4 im4p create -i kernelcache.patched -o kernelcache.im4p --extra kpp.bin -f rkrn --lzss
```
Restoring the device with futurerestore:

(MAKE SURE YOU ARE IN PWNDFU WITH SIGCHECKS REMOVED!)

futurerestore -t blob.shsh2 --use-pwndfu --skip-blob --rdsk ramdisk.im4p --rkrn kernelcache.im4p --custom-latest-beta --custom-latest-buildid 19H12 --latest-sep --latest-baseband original-ipsw.ipsw

bthedorff / ios15_tethered_downgrade_guide Goto Github PK

ios15_tethered_downgrade_guide's Introduction

REQUIREMENTS:

Downgrade portion:

ios15_tethered_downgrade_guide's People

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent