There have been a lot of good news in the jailbreak community lately, first Project Zero released iOS 10.2 vulnerability details, this vulnerability can be said that the production iOS10.1 ~ iOS 10.1.1 jailbreak tool is the best finished product, in addition to jailbreak tool , tihmstar also recently announced Prometheus downgrade tools upcoming news, this tool can do? When Apple stops signing  iOS 10.1.1 certification, you still can saved the firmware through Prometheus and SHSH2 files, without going through the Apple authentication server directly back to iOS 10.1.1.

Will be a lot of people do not know about  SHSH2, which has anything to do with the SHSH? In fact SHSH2 considered to be an upgraded version, SHSH only save ApImg4Ticket, BBTicket, and SHSH2 more powerful, and the other also more Generator.

Due to iOS authentication API has changed, resulting in nonce can not be obtained from the Apple authentication server, is still retained in the sign, can not be used before the tools used to obtain a small red umbrella old SHSH file, because this method is not included Nonce value, the same as there is no effect.

Therefore, tihmstar introduced the latest save scripting tool tsschecker, can be used to obtain the device SHSH2 file, but this script tool which saved SHSH2 file does not include Nonce only Generator, this string of values ​​can be used in Prometheus downgrade tools, Use Generator and SHSH2 files to generate the most critical “APNonce”, so that with the SHSH2 file, follow-up can be free to upgrade the work.

The Prometheus downgrade tools currently only support 64-bit devices, as 32-bit devices are not supported, there have been previously for 32-bit device launched 0dysseusOTA downgrade tool, so this can only allow 64-bit devices Use, so 32-bit devices do not need to backup SHSH file, because it has been stuck in the iOS 9 liters do not go up, if you want to jailbreak can be considered quickly replaced..


Currently, we are looking at the second half of December or January next year. Tihmstar in the past published over the relegation tool in the jailbreak sector can be considered a well-known legend, and even the film are ready, the text under the instructions are also ready to finish, we wait for the tools to launch static, Mr. will also publish a detailed graphic teaching to tell you how to operate the demotion method.

If the current iOS jailbreak users are also recommended to back up the APTicket file, follow-up if the problem can also be returned through the tool, according to previous experience, such as the preservation of APTicket SHSH can be regarded as falling back to iOS9 jailbreak version.

Jailbreak folder location: “/ System / Library / Caches / apticket.der”
And finally for everyone to fill SHSH and APTicket, the two in the end what is the role.

What is SHSH and APTicket?

APTicket is the latest from iOS5 security check introduced by Apple, the most important feature is to prevent iPhone, iPad, iPod user equipment to verify the demotion restrictions, and now only Apple Server can have to send and unlock the APTicket key.

Right now you can save your SHSH blobs for iOS 10.1.1 firmware that in case of jailbreaking iOS 10 upgrade or roll back to this particular version of the software. Recall that in iOS 10.2 Apple developers have closed most of the vulnerabilities to access the kernel, so it will not support the possibility of hacking.
Attention! Digital certificates are stored via TinyUmbrella utility or savethemblobs, will not work in Prometheus.

How to save certificates .shsh2 using tsschecker:

Step 1: Download tsschecker utility, then unzip the downloaded file by double-clicking on it (There is a version for the Mac, Windows and Linux).

Step 2: Create a folder on your desktop called TSS and place the uncompressed file named «tsschecker_macos» inside.

Step 3: Open TextEdit and connect the device to your Mac.

Step 4: Open iTunes and go to the connected devices.

Step 5: You will find detailed information about your device. For example, MODEL – iPhone7,2, ECID – 1234A5678B912 (can be found in the serial number field if you click on it).
Step 6: Now we need to copy both sides of the information in the TextEdit file and MODEL, and ECID.

Users/USERNAME/Desktop/TSS/tsschecker_macos -d MODEL -e ECID -i 10.2 -s

/Users/USERNAME/Desktop/TSS/tsschecker_macos -d MODEL -e ECID -i 10.1.1 —buildid 14B150 -s

/Users/USERNAME/Desktop/TSS/tsschecker_macos -d MODEL -e ECID -i 10.1.1 —buildid 14B100 -s

/Users/USERNAME/Desktop/TSS/tsschecker_macos -d MODEL -e ECID -i 10.1 -s

Step 8: Now we need to replace the words written in capital letters on the personal information. For example, Username (user computer) is replaced by joebloggs. It must be done in all four lines. Thus, in the end, instead of USERNAME, MODEL and ECID each personal information should appear.

Step 9: Now we need to open Terminal from / Applications / Utilities, or by using Spotlight.

Step 10: Copy each line of TextEdit in the terminal and press the Enter key to save.
When you do this for all rows, certificates .shsh2 format will be saved. This digital certificates for iOS 10.2, iOS 10.1.1 and iOS 10.1.

Step 11: If you want to further protect yourself, you can once again perform the command by adding a parameter apnonce. Your chances of rollback will be significantly increased in the future. But before you overwrite files previously saved shsh need to move from the folder / Users / username. There they are near papkmi “Documents” and “Downloads”.

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn