Downgrading iOS 12.1.4 Devices for an iOS 12 Jailbreak
For users that want complete control of their iOS device, Jailbreaking their device is a key necessity. However the possibility of a Jailbreak for a currently signed iOS version is very rare.
Are you on the latest iOS version viz. iOS 12.1.4 and wondering what you could do to prepare your device for the latest jailbreak that supports jailbreaking iOS 12 devices?
Turns out that the latest signed iOS version is 12.1.4 and it does not have a public jailbreak available (yet!). However, looks like iOS 12.1.1 beta 3 is still being signed by Apple.
Just to be sure that it is still signed, take a look at https://tsssaver.1conan.com/isitsigned.php. It indicates that iOS 12.1.1b3 is still signed.
iOS 12.1.1b3 is vulnerable to the kernel exploit and since it is still signed, that gives us an additional opportunity to downgrade/restore to this version and then jailbreak our device. This means that even if you are currently on iOS 12.1.4, you can downgrade your device to 12.1.1b3 and later use a jailbreak like unc0ver.
The beta iOS firmwares can be downloaded from https://www.theiphonewiki.com/wiki/Beta_Firmware. In my case am using the device iPhone 6 Plus.
I am going to downgrade my iPhone 6+ device to iOS 12.1.1b3. In my case, I am using iTunes version 126.96.36.199. (If you are a mobile pen tester you’d know why I am on this version — https://support.apple.com/en-in/HT208079)
In my case, since this is a test device and I do not really care about the data on it, I will chose to format the device while downgrading it to the older version. On a Mac device, hold down “option” key and click on “Restore iPhone” button.
When prompted to erase and restore click “Restore”.
iTunes will go through a series of steps before it restores the device to iOS 12.1.1b3
Once the device restarts and you go through the normal iOS preliminary configuration steps, observe that it is now running iOS 12.1.1.
Once you downgrade your device, if your device is supported, you can use Pwn20wnd’s tool — uncover to jailbreak the device.
It can be downloaded here: https://github.com/pwn20wndstuff/Undecimus/releases.
Ready to learn more from our mobile security expert, Dinesh Shetty? Check out Security Innovation's Center of Excellence: