Donnerstag, 15. September 2016

Prometheus FAQ

Hello everyone,

many people have asked me lots of questions about my upcoming tool called prometheus.
This post intends to answer common questions:

Q: When prometheus will be released?
A: Planned releasedate is 31.12.16

Q: Will that work on Windows/Linux?
A: I plan to release a compiled commandline tool for OSX and linux. Windows is not planned at the moment. But i also plan to release all my sourcode so you could compile yourself.

Q: Will you make a GUI?
A: I might make a GUI for OSX. Not sure about anything else. It depends a lot on how much time i have.

Q: Does prometheus work with my device?
A: Yes, prometheus technically works with every iOS device. Because this is the first downgrade tool for 64bit i'm mostly focusing on that now. I haven't tested this with 32bit devices, but if there will be any issues i will look into that once i'm done with 64bit.

Q: Does that work with iOS XYZ?
A: So far i belive it works with all iOS versions up to iOS 10.0. I have only tested on iOS 9 and iOS 10, but there is no reason why it wouldn't work on iOS 8 for example. In case Apple changes something now, i will let you know about that, but at the moment all iOS versions should be compatible.

Q: Can i use this to upgrade to an iOS version which is not signed anymore?
A: Yes. Prometheus can not only be used for downgrading, but also for upgrading your device similar to odysseus. This means you can go from iOS 7 to iOS 9 even if only iOS 10 is signed at the moment.

Q: Do i need SHSH blobs / APTicket?
A: Yes. Prometheus heavily depends on APTickets and more important on the ApNonce inside the APTicket. This means that even if you have a valid APTicket, there is a chance this cannot be used (yet?) for downgrading.

Q: I savend my APTicket with savethemblobs/TinyUmbrella/ .... can i use those with prometheus?
A: It depends. Technically it doesn't matter what tool you use to save your APTicket, but what really matters in case of prometheus is the ApNonce. This is what decides if that APTicket can be used or not for downgrading with this method. I don't want to go into details right now, but once prometheus is released i'll explain in detail what conditions need to be met to downgrade, what is possible and what is not.

Q: My APTicket can't be used for prometheus. Does that mean i should delete it, throw my phone away, sell my house and leave my children?
A: NO! Don't ever delete you APTickets! Even if you can't use them with prometheus right now, you never know whether it'll be possible to use them in future with prometheus or a different downgrade tool. Prometheus goes an unusual way, which allows you to do very cool stuff on the one hand, but on the other hand it's usecase is very limited. There is a good chance that there will be different tools in future which can use your APTickets even if they can't be used right now.

Q: Do i need a jailbreak?
A: This is one of the things which excite me the most about prometheus. There are usecases where you can downgrade without the need of a jailbreak! I don't know all of these, but what i've seen so far hints that it's device specific whether you need a jailbreak or not. I've seen noncecollisions on iPhone5s and iPad Air. All devices which have noncecollisions are technically eligable for downgrading without jailbreak, but you need more! There are a few things you need to do to take advantage of these nonce collisions.
1. First you need to figure out what ApNonce is generated the most often. It doesn hurt if you write down the Top 5 nonces.
2. Second you need to request an APTicket for that nonce while apple still signs the iOS version you want to downgrade to.
You can do that with "tsschecker -d DEVICE -l -e ECID -s --apnonce NONCE"
For example: "tsschecker -d iPhone6,2 -l -e 6537582623 -s --apnonce 603be133ff0bdfa0f83f21e74191cf6770ea43bb"
3. Then when that version isn't signed anymore you will be able to downgrade.

Q: Will i still be able to use prometheus when i upgrade to iOS 10?
A: With every update introduced there is a chance that something changed which has influence on how nonces are generated. If your device does generate noncecollisions, you can do the following while the old version is still signed:
1. Update your device (only if you actually want this).
2. Use noncestatistics tool to figure out what nonce is generated the most often.
3. Request an APTicket for that nonce for the older version (iOS 9.3.5 for example) while it's still signed.
4. Done
If your device does not generate any collisions it doesn't matter what iOS version it's on as you'll need a jailbreak for downgrading.
(Unless apple updates stuff which makes prometheus not work on newer iOS, but we can't know about that until a jailbreak is released)

Q: What can i do right now to be able to donwgrade in future?
A: This is a very good question! At the time of writing iOS 10.0.1 is the latest version, but iOS 9.3.5 is still being signed.
What you should do no matter if you have collisions or not is to request APTickets for your device for iOS 9.3.5 (if you want to downgrade to 9.3.5 later) for the following ApNonces:
603be133ff0bdfa0f83f21e74191cf6770ea43bb
352dfad1713834f4f94c5ff3c3e5e99477347b95
42c88f5a7b75bc944c288a7215391dc9c73b6e9f
0dc448240696866b0cc1b2ac3eca4ce22af11cb3
9804d99e85bbafd4bb1135a1044773b4df9f1ba3
One of them should be enough, but it doesn't hurt to get APTickets for all of them. Better have saved a ticket too much than having you ticket you can work with.
If your device generates collisions, you should also save tickets for the nonce generated the most often.

Q: What are these nonces on your blog and why do i have to request APTicket for those?
A: I'll tell you more about that once prometheus is released, but right now it is enough to know that if you have APTickets for those nonces, you will be able to downgrade in futre by using a jailbreak.
(Unless apple does significant changes)

Q: My device generates collisions, do i still need to save APTickets for those nonces?
A: Yes, i would recommend so. It doesn't hurt and you'll be grateful in future when you decide to downgrade.



More questions?
Just send me a mail to tihmstar@gmail.com or ask on twitter @tihmstar :)

greets
tihmstar