Downgrade iOS 12.4.8 to iOS 11.3.1 - iPhone 6 (Without SHSH blobs) [duplicate]

Downgrading or upgrading to a no longer current version of iOS is generally not possible once Apple stops signing the old software, as is needed when iTunes is preparing to install or restore an iOS. This signing window typically is closed within days of a new version shipping.

Putting a newer iOS on older hardware that never even supported that OS is near impossible.

As part of the iOS restore process, iTunes has to check with Apple's servers to 'sign' each install of iOS just like App Store apps must be signed to run. Once a new version comes out, Apple stops signing previous releases to keep everyone running the same iOS version and to prevent you from jailbraking your device again after restoring by forcing you to do an update.

If you had previously Jailbroken your device on iOS 6, it may be possible, providing you have saved your 'SHSH blobs' which can 'sign' the install instead of Apple. See this article for some general information around this topic.

This wikipedia page contains a list of iOS devices & the latest iOS they can support - https://en.wikipedia.org/wiki/List_of_iOS_devices


Note: There is a new method of downgrading/upgrading that doesn't require Apple to be currently signing, and it works on newer devices that aren't present in the first list of my answer below. The tool for it is called futurerestore (codenamed Prometheus). The biggest caveat to this tool is that you must be jailbroken in most cases before initiating the restore (and you only have one shot, so a failed restore will force you to install a signed firmware) (if that signed firmware is also jailbreakable, then technically you get second chances, but it's rare for that to be the case unless there's a bootrom exploit for your device). Right now, the best tutorial for Prometheus is by @iPodHacks142 and is endorsed by the author of Prometheus, @tihmstar. I will be updating this answer later to explain more about it, but I wanted to get this information posted here sooner rather than later.

Other Note: I am missing information about the original Odysseus which allows a few 32-bit iOS devices to downgrade in the iOS 6 and 7 range.

Other Other Note: There is an even newer method of downgrading/upgrading that will allow almost all 32-bit devices (doesn't include the 32-bit devices that can install iOS 10) to go from iOS 9.3.5 firmware to any other iOS 9.X firmware.

Other Other Other Note: There is an new bootrom exploit for A5 to A11 devices called checkm8. It can allow you to install any IPSW as long as valid SHSH blobs are provided (it is unclear if you need a valid APTicket as well, as it's been demonstrated it isn't necessary in some cases).

When I find some time, I will add these to the answer below. My answer is still up-to-date (other than anything having to do with these notes).



In short, unless you have one of the following devices (devices with A4 processors or earlier, hereafter referred to as "pre-A5 devices"), you cannot install anything except for the iOS versions that Apple currently signs:

  • iPhone (1st generation)
  • iPhone 3G
  • iPhone 3GS
  • iPhone 4
  • iPod touch (1st generation)
  • iPod touch (2nd generation)
  • iPod touch (3rd generation)
  • iPod touch (4th generation)
  • iPad (1st generation)
  • Apple TV (2nd generation)

The following subset of devices do not utilize SHSH blobs, and can therefore install any version of iOS at-will:

  • iPhone (1st generation)
  • iPod touch (1st generation)

It is important to note that while all devices listed in the first section do have working bootrom exploits, there are different types of bootrom exploits, and each allow for different levels of boot manipulation.

The following devices can utilize a special bootrom exploit that allows for installing any version of iOS without SHSH blobs:

  • iPhone 3G
  • iPhone 3GS (old bootrom)
  • iPod touch (2nd generation)
  • iPod touch (3rd generation)

The following devices have a different bootrom exploit known as limera1n, which allows installation of any version of iOS as long as valid SHSH blobs are provided:

  • iPhone 3GS (new bootrom)
  • iPhone 4
  • iPod touch (4th generation)
  • iPad (1st generation)
  • Apple TV (2nd generation)


Additional Information

Installing iOS on any device using a bootrom exploit requires you to put your device into a state known as Pwned DFU, which allows you to install custom firmware. You'll also need:

  • SHSH blobs (if required) for your device for the particular version of iOS that you wish to install
  • A valid APTicket (for iOS 5 and above) for your device for that version of iOS
  • The .ipsw for your device for that version of iOS
  • iTunes (version 11.0.5 or earlier for the iPhone 4)

If you do happen to fall into the small group of users that have all of these pieces, consider yourself lucky, as you can use iFaith by iH8sn0w to stitch your SHSH blobs into the firmware to create a custom IPSW that you can use with iTunes after you put your device into Pwned DFU using iREB inside iFaith.



Further Research

Not all instances of the iPhone 3GS are the same. Models manufactured in early 2010 or earlier (old bootrom) have a bootrom exploit that allows for downgrading without SHSH blobs, while newer models (new bootrom) have a separate exploit that allows for downgrading with SHSH blobs.

It is in fact possible to install iOS versions that Apple isn't singing anymore on devices newer than pre-A5 devices in very specific circumstances. The two devices that qualify are the iPhone 4S and the iPad (2nd generation). Using redsn0w, the iPad (2nd generation) can be downgraded to iOS 5 from any newer version, and the iPhone 4S can move from any version of iOS 5.x to any other version of iOS 5.x. Both of these operations require multiple specific sets of valid SHSH blobs and APTickets.

For all devices which contain an SEP chip (Secure Enclave Processor) (i.e. iPhone 5s and beyond), an exploit will be necessary against the chip itself in addition to a bootrom exploit, or else the SEP chip will reject the firmware. You can, however, construct an .ipsw that contains an older version of the SEP firmware so long as that older version is being signed or you have an exploit that allows you to replay the old signature. If the older version is not supported on the version of iOS that you're installing, Touch ID and other SEP-dependent features will be disabled.

You can save SHSH blobs during the signing window and manage them yourself, or you can use iFaith to have them be saved and managed for you with Saurik's Cydia server.

For pre-A5 devices, it is usually possible to extract valid SHSH blobs and APTickets for the current firmware regardless of that firmware's signing status. iFaith was developed to perform this operation. A situation in which this may not be possible would be if you arrived on your current firmware via an OTA (over the air) update.

iH8sn0w has some unreleased downgrade exploits for devices that do not contain an SEP chip.

@unimp0rtanttech (known more commonly as n00neimp0rtant in the jailbreak community) has hinted that he also has some downgrade exploits in the works.

Some iOS OTA (over-the-air) firmware images (for certain versions of iOS for certain devices) are still being signed by Apple. Installation of these images is possible, and there is a tool called OdysseusOTA (a derivation of Odysseus) to do just that. You must be jailbroken to use the tool, because you need to have tfp0 enabled (to bootstrap a custom firmware image in RAM, which requires modification of the kernel's VM region). The tool bootstraps a custom iBSS that manually installs an OTA firmware image fully-signed by Apple.


This answer will be kept up-to-date as much as possible.