ONE Jailbreak Ad

Compile futurerestore dev or main branch on macOS

Promotion image of Compile futurerestore dev branch article.

FutureRestore is a hacked version of idevicerestore, offering the capability to manually designate SEP and Baseband for the restoration process. This functionality enables the restoration of unsigned firmware onto devices, contingent upon the availability of a backup of the APTicket (SHSH Blobs). Additionally, it can replicate all the unique conditions of the APTicket, such as ECID, APNonce, and Board ID.

The latest version of futurerestore v194, was released in 2021. Despite this, the software remains under active development, with several branches present in the official GitHub Repository. The most current versions are FutureRestore Dev and FutureRestore main. However, it's worth noting that no compiled versions are available on the release page. Therefore, it is advisable to learn how to compile FutureRestore from its source code.

FutureRestore remains a viable option for downgrading, allowing users to revert, for instance, from iOS 16.7.x to iOS 16.6.1 on checkm8-compatible devices, provided that SHSH blobs have been saved. To execute this process, it's necessary to compile the 'dev' branch of FutureRestore, compile 'gaster', exploit checkm8, and set the nonce accordingly.

futurerestore 2.0.0-test screenshot from terminal app.

When considering downgrading iOS using FutureRestore, relying solely on SHSH2 blobs for your iPhone is insufficient. Equally crucial is the SEP and Baseband Compatibility, as it determines the success of the iOS downgrade process. It's essential to note that not all iOS releases align with the currently running firmware. Consulting the SEP and Baseband Compatibility List for FutureRestore downgrades can significantly enhance your chances of success. Please beware that downgrades from iOS 17 are not possible.

How to compile futurerestore dev on macOS

To compile futurerestore dev or main branch on macOS it's required to install cmake and some other components to make it work. The easiest way to do it is by utilizing Homebrew Package Manager for macOS. If you haven't already, use this command to install Homebrew.

Step 1. Open the terminal app and execute the following command.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Step 2. Install the required components through brew command.

brew install "openssl" "libpng" "libzip" "libimobiledevice" "autoconf" "automake" "autogen" "libtool" "cmake" "coreutils"

Step 3. Create a folder and open it in the terminal app.

mkdir ios-downgrade && cd ios-downgrade

Step 4. Clone the futurerestore dev or main branch to the new folder.

git clone https://github.com/futurerestore/futurerestore.git --branch dev --recursive

Step 5. Open the futurerestore folder in the terminal app.

cd futurerestore

Step 6. Check your system architecture executing the uname command.

uname -m

Step 7. From Cryptic's CDN, click either x86_64 or arm64, based on your architecture, and download the macOS_arm64_Release_Latest.tar.zst file.

curl -C - -0 -o macOS_x86_64_Release_Latest.tar.zst "https://cdn.cryptiiiic.com/deps/static/macOS/x86_64/macOS_x86_64_Release_Latest.tar.zst"

Step 8. Extract the macOS_arm64_Release_Latest.tar.zst file.

zstd -d macOS_arm64_Release_Latest.tar.zst

Step 9. Open the dep_root folder with the cd command.

cd dep_root

Step 10. Extract the macOS_arm64_Release_Latest.tar archive to the actual folder.

tar -xvf ../macOS_arm64_Release_Latest.tar

Step 11. Navigate up in the folder hierarchy to futurerestore.

cd ..

Step 12. Compile futurerestore dev or main branch. Modify -DARCH= when required.

./build.sh -DARCH=x86_64 -DNO_PKGCFG=1

Step 13. Check that you have a futurerestore binary at cmake-build-release/src.

Available commands

Usage: futurerestore [OPTIONS] iPSW

General options:
  -h, --help				Shows this usage message
  -t, --apticket PATH		Signing tickets used for restoring
  -u, --update				Update instead of erase install (requires appropriate APTicket)
              				DO NOT use this parameter, if you update from jailbroken firmware!
  -w, --wait				Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable)
  -d, --debug				Show all code, use to save a log for debug testing
  -e, --exit-recovery		Exit recovery mode and quit
  -z, --no-restore			Do not restore and end right before NOR data is sent
  -c, --custom-latest VERSION		Specify custom latest version to use for SEP, Baseband and other FirmwareUpdater components
  -g, --custom-latest-buildid BUILDID	Specify custom latest buildid to use for SEP, Baseband and other FirmwareUpdater components
  -i, --custom-latest-beta	Get custom url from list of beta firmwares
  -k, --custom-latest-ota	Get custom url from list of ota firmwares
Options for downgrading with Odysseus:
  -3, --use-pwndfu			Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already
  -4, --no-ibss				Restoring devices with Odysseus method. For checkm8/iPwnder32 specifically, bootrom needs to be patched already with unless iPwnder.
  -5, --rdsk PATH			Set custom restore ramdisk for entering restoremode(requires use-pwndfu)
  -6, --rkrn PATH			Set custom restore kernelcache for entering restoremode(requires use-pwndfu)
  -7, --set-nonce			Set custom nonce from your blob then exit recovery(requires use-pwndfu)
  -7, --set-nonce=0xNONCE	Set custom nonce then exit recovery(requires use-pwndfu)
  -8, --serial				Enable serial during boot(requires serial cable and use-pwndfu)
  -9, --boot-args			Set custom restore boot-args(PROCEED WITH CAUTION)(requires use-pwndfu)
  -a, --no-cache			Disable cached patched iBSS/iBEC(requires use-pwndfu)
  -f, --skip-blob			Skip SHSH blob validation(PROCEED WITH CAUTION)(requires use-pwndfu)

Options for SEP:
  -0, --latest-sep			Use latest signed SEP instead of manually specifying one
  -j, --no-rsep				Choose not to send Restore Mode SEP firmware command

Options for baseband:
  -1, --latest-baseband		Use latest signed baseband instead of manually specifying one
  -2, --no-baseband			Skip checks and don't flash baseband
                   			Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads)
Author Photo
Written by

Kuba has over 20 years of experience in journalism, focusing on jailbreak since 2012. He has interviewed professionals from various companies. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment

Latest Posts

Legacy iOS Kit

Legacy iOS Kit: Download and learn how to downgrade iPhone

iOS-OTA-Downgrader, also known as the Legacy iOS Kit, stands out as the all-in-one solution for restoring/downgrading, preserving SHSH blobs, and jailbreaking legacy iOS devices. With support for A5/A6/A7/A8/A9/A10 iDevices...

Firmra1n

iOS Downgrader for iPhone 6 - iPhone X: Firmra1n

I tested Firmra1n Downgrade Tool for iOS and I like to share with you my opinion about the app. In fact it's a great UI to automiatize the process utilising futurerestore, gaster, and sshpass to downgrade checkm8 devices to older iOS firmware. A few clicks...

Limefix SEP Utility

Limefix Utility can downgrade iOS 15 from A9 to iOS 10

In 2020, the Pangu Jailbreak Team divulged insights from a security conference, shedding light on the Secure Enclave Processor (SEP) and a vulnerability they uncovered namely BlackBird. This vulnerability, when combined with checkm8 is an unpatchable SecureROM...