Thursday, January 9, 2025
Google search engine
HomeMobileJailbreakGuide to futurerestore: Introduction

Guide to futurerestore: Introduction

This is an introductory article which explains what futurerestore is and how it works, as well as how to follow our futurerestore guides to upgrade/downgrade your device.

Before attempting any of the guides, everyone should read this article. It explains whether the guides apply to you, and if they do, which ones you should follow, as well as making sure that you fulfil the requirements for it to work. Not everyone can use futurerestore.

What is futurerestore?

The futurerestore tool was originally developed by tihmstar, though it contains many pre-existing internal components from other authors, and the most recent working versions are maintained by other developers. It is a command-line tool which can upgrade, downgrade, and restore Apple devices (iOS, iPadOS, and tvOS). It mainly uses Apple’s stock restoring infrastructure, (as used by iTunes, Apple Configurator, and more recently Finder) for device restores, but is more configurable and adds options for restores which would not be permitted by Apple’s own tools.

Why is it useful?

Jailbreaks only work on certain firmware ranges, and are patched in later firmwares. So you need to be on a certain firmware to use a given jailbreak. Apple only lets you update your device to the newest firmware, not downgrade, nor upgrade to somewhere between your current firmware and the newest firmware. If you are on 13.5 and the newest firmware is 14.5, you cannot move to 13.4, nor 14.4, only 14.5, using Apple’s methods. They enforce this rule by “signing” firmwares. When you attempt to restore your device, a check is made with Apple to see whether the firmware you are moving to is currently “signed” by them. If it is, the restore completes. If not, it fails. Once a firmware is no longer the newest (when a newer one has been released by Apple), they un-sign the older one, and sign the new one, forcing users to restore to the new one only.

With futurerestore a user can “trick” the signing check, allowing a restore to an unsigned firmware to complete. It does this by forging elements of the verification process, creating the impression that the destination firmware is signed, when it is in fact not signed by Apple. If you wanted to move to 14.3 in order to jailbreak there, but Apple had unsigned it and was signing only 14.5, futurerestore could fool the checks and initiate the restore to 14.3 anyway. There are additional caveats and requirements, but that is the gist of it: futurerestore is a tool which allows jailbreakers to move to their desired firmwares without obeying Apple’s draconian rules.

How does it work?

I’ve mentioned above how futurerestore hijacks the stock restore process whilst bypassing checks to restore devices, but here are some further details. Bear in mind, futurerestore has several modes and there are some special cases, but in general, the following steps would take place. A user would download the full firmware file for the firmware they wanted to move to. They would also normally have saved SHSH blobs for the destination firmware. These are what futurerestore uses to trick the restore process into thinking the restore is valid, even on unsigned firmwares. The user would then connect their device to their computer and run the futurerestore tool via a command. They will specify their blob, the destination firmware and often, but not always, various other required files too (think SEP and baseband for those who are familiar). If all goes well, futurerestore will use our blob to validate the restore, use the various other required files to pass any signing checks which we cannot fake with our blob, and then finally use the destination firmware file to restore onto the device.

Can I use futurerestore?

Not everyone can use futurerestore. What you will need depends on which destination firmware, device, jailbreak availability, and futurerestore mode you are using. In the most common case you will need to have saved .shsh2 blobs for your destination firmware (and you must have saved them while that firmware was still being signed by Apple), and a way to set a generator on your iOS, iPadOS, or tvOS device. The way to set that generator will nearly always be a jailbreak on your starting firmware, though a generator-setter or other unusual methods can be used too in rare cases.

For more details read the Types of futurerestore section below, but remember: unless you are in a few very rare scenarios, you will need a current jailbreak and saved blobs to use futurerestore. If you don’t have them, be prepared for disappointment. Start saving blobs now for all current and future firmwares for all devices so you can use futurerestore next time!

Types of futurerestore

Below are the different futurerestore modes which exist, in order of decreasing usefulness to the average user. Check if you meet the eligibility criteria for any of the modes, and proceed from there.

1) Generator mode

This is by far the most commonly-used way of using futurerestore, and the only way which most users will be eligible for. It works with all devices (even the newest) but generally only works to move to a range of recent firmwares. Below are the requirements to use the generator method with futurerestore.

  • A jailbreak, or at bare minimum a generator-setter, on your starting firmware. This is required to set a known generator on your device before restoring, which will match your saved blobs and allow them to be used.
  • Valid .shsh2 blobs for your destination firmware. There are various requirements for blobs to be valid; read our general and A12+ guides on the subject to find out more. Many tools exist to save blobs. You can take your pick, but the blobs must be saved while the destination firmware is still signed, must be valid, and will probably need to be saved with a generator and/or an Apnonce, depending on your device.
  • Access to a Mac, Linux, or Windows computer. Using a VM (virtual machine) can cause problems.
  • The most recent version of the futurerestore tool.
  • The downloaded firmware file for your unsigned destination firmware.
  • SEP (and possibly baseband) compatibility between any firmware currently signed by Apple and your unsigned destination firmware. In general, SEP and baseband are compatible for a few firmwares either side. For example, if 14.5 is signed by Apple, we will use the SEP (and baseband) from 14.5 with futurerestore, and we can move to a firmware such as 14.3 or 14.4 because they are compatible. We cannot move to 12.4 because the 14.5 SEP (and baseband) are not compatible with 12.4, and there is no firmware currently signed by Apple which is compatible with 12.4. If none of the SEPs (and basebands) which Apple is currently signing are compatible with your destination firmware, you cannot use the generator method with futurerestore. You can check SEP (and baseband) compatibility for recent firmwares, but for a device-specific confirmation, and for older devices, I would still recommend a full search on jailbreak forums.
  • (Optional, but recommended): The downloaded firmware file for a currently signed firmware, which is compatible with your destination firmware as outlined above. This is not always necessary, but can avoid difficulties and is sometimes required.
  • Time and patience, and our iDB guides on how to use futurerestore.

2) Apnonce collision mode

This mode does not require a jailbreak, but does require specific devices and firmwares. If you have a recent device and firmware, and/or don’t have blobs saved with specific Apnonces which are known to automatically recur on your device, this is unlikely to be a method you can use.

  • An A7 device on 9.1-10.2 or 10.3b1 (for Recovery Mode restores), or any A7, A8, or A8X device released after late 2015 on any firmware (for DFU mode restores). These are the only device/firmware combinations which experience nonce collisions. No other devices/firmwares will work with the Apnonce collision mode.
  • Valid .shsh2 blobs for your destination firmware. There are specific requirements for blobs to be valid with this mode; they must have been saved with the specific nonces which your device generates often. You must know which Apnonces collide on your device/firmware, and have saved blobs with those Apnonces, not with a standard generator like you would for Generator mode. Many tools exist to save blobs. You can take your pick, but the blobs must be saved while the destination firmware is still signed, must be valid, and must be saved with a custom colliding Apnonce.
  • Access to a Mac, Linux, or Windows computer. Using a VM (virtual machine) can cause problems.
  • The most recent version of the futurerestore tool.
  • The downloaded firmware file for your unsigned destination firmware.
  • SEP (and possibly baseband) compatibility between any firmware currently signed by Apple and your unsigned destination firmware. In general, SEP and baseband are compatible for a few firmwares either side. For example, if 14.5 is signed by Apple, we will use the SEP (and baseband) from 14.5 with futurerestore, and we can move to a firmware such as 14.3 or 14.4 because they are compatible. We cannot move to 12.4 because the 14.5 SEP (and baseband) are not compatible with 12.4, and there is no firmware currently signed by Apple which is compatible with 12.4. If none of the SEPs (and basebands) which Apple is currently signing are compatible with your destination firmware, you cannot use the generator method with futurerestore. You can check SEP (and baseband) compatibility for recent firmwares, but for a device-specific confirmation, and for older devices, I would still recommend a full search on jailbreak forums.
  • (Optional, but recommended): The downloaded firmware file for a currently signed firmware, which is compatible with your destination firmware as outlined above. This is not always necessary, but can avoid difficulties and is sometimes required.
  • Time and patience, and our iDB guides on how to use futurerestore.

3) Odysseus mode

Not to be confused with the unrelated Odyssey jailbreak, this is another futurerestore mode. Again, this is a less-used and specific mode, and won’t apply to most users.

  • A jailbreak or bootrom exploit (like checkm8) on your starting firmware.
  • A 64-bit device up to and including A11, but not higher, or a 32-bit device.
  • Valid blobs for your destination firmware. Many tools exist to save blobs. You can take your pick, but the blobs must be saved while the destination firmware is still signed, and must be valid. You can also use OTA blobs with this method, a few of which are still signed now (10.3.3 on older devices, for example) and can be saved to this day, if you don’t have blobs saved already.
  • Access to a Mac or Linux computer. Using a VM (virtual machine) can cause problems.
  • A version of the futurerestore tool which has been compiled with libipatcher included.
  • The downloaded firmware file for your unsigned destination firmware.
  • Time and patience, and our iDB guide on how to use this mode.

4) iOS 9.x re-restore bug mode (iDeviceReRestore)

This is a powerful mode, not requiring a jailbreak, though it’s useless for most users. It only works to move to iOS 9.x, and only on 32-bit devices (iPhone 5c and older).

  • A 32-bit device.
  • Valid saved erase or update blobs for your destination firmware, iOS 9.x only.
  • Any starting firmware. iOS 9.x -> 9.x restores can be done from normal mode, iOS non-9.x -> 9.x restores must be initiated from DFU mode.
  • Access to a Mac, Linux, or Windows computer. Using a VM (virtual machine) can cause problems.
  • A version of the futurerestore tool which works on your OS/firmware/device, or the standalone iDeviceReRestore tool.
  • The downloaded firmware file for your unsigned destination firmware.
  • Time and patience, and our iDB guide on how to use this mode.

What now?

All users must first determine if any of the above modes apply to them. Remember, if in doubt and/or on a recent device/firmware, it is likely that you are only eligible for the most common futurerestore mode, Generator mode. If you have a current jailbreak or generator setter, have saved blobs with a generator, and/or have an A12+ device which requires blobs saved with an Apnonce, this is the one for you. If you don’t know if this is you, but have saved blobs somewhat recently using somewhat recent tools, this is also you.

Once you are sure that one of the modes is compatible with your situation the next step is to gather all the files and fulfil all the requirements listed above for your chosen mode. When you have everything you need, and are ready, follow our guides as detailed below:

Generator mode users

If you are eligible for the generator method of futurerestore, you should first double-check this article to make sure that futurerestore works with your device and destination firmware. Then complete:

Guide to futurerestore Part 1: How to set a generator

Followed by:

Guide to futurerestore Part 2: How to use futurerestore to restore to unsigned firmwares

Apnonce collision mode users

If you are eligible for the Apnonce collision method of futurerestore, you can skip Part 1 of the guide and head straight to:

Guide to futurerestore Part 2: How to use futurerestore to restore to unsigned firmwares

Odysseus mode users

If you are eligible for the Odysseus method of futurerestore, follow our specific guide:

How to downgrade devices using futurerestore + libipatcher

iOS 9.x re-restore bug mode users

If you are eligible for the iDeviceReRestore method, follow our specific guide:

How to restore your device to iOS 9.x with iDeviceReRestore

Conclusion

Whew! It seems like a marathon, but it’s really not too bad. Find the mode which applies to you, gather all the required items for that mode, then use the links to the guide(s) above for your mode. Good luck; I hope your restore is successful! Please don’t ask eligibility questions unless you have read this article carefully first. If you have a question which is not answered in the article, let me know in the comments!

Dominic Rubhabha-Wardslaus
Dominic Rubhabha-Wardslaushttp://wardslaus.com
infosec,malicious & dos attacks generator, boot rom exploit philanthropist , wild hacker , game developer,
RELATED ARTICLES

Most Popular

Recent Comments