Research Updated Apr 05, 2024

Compile futurerestore dev or main branch on macOS

Compile futurerestore dev branch

FutureRestore is a hacked version of idevicerestore, offering the capability to manually designate SEP and Baseband for the restoration process. This functionality enables the restoration of unsigned firmware onto devices, contingent upon the availability of a backup of the APTicket (SHSH Blobs). Additionally, it can replicate all the unique conditions of the APTicket, such as ECID, APNonce, and Board ID.

The latest version of futurerestore v194, was released in 2021. Despite this, the software remains under active development, with several branches present in the official GitHub Repository. The most current versions are FutureRestore Dev and FutureRestore main. However, it's worth noting that no compiled versions are available on the release page. Therefore, it is advisable to learn how to compile FutureRestore from its source code.

FutureRestore remains a viable option for downgrading, allowing users to revert, for instance, from iOS 16.7.x to iOS 16.6.1 on checkm8-compatible devices, provided that SHSH blobs have been saved. To execute this process, it's necessary to compile the 'dev' branch of FutureRestore, compile 'gaster', exploit checkm8, and set the nonce accordingly.

futurerestore 2.0.0-test screenshot from terminal app.

When considering downgrading iOS using FutureRestore, relying solely on SHSH2 blobs for your iPhone is insufficient. Equally crucial is the SEP and Baseband Compatibility, as it determines the success of the iOS downgrade process. It's essential to note that not all iOS releases align with the currently running firmware. Consulting the SEP and Baseband Compatibility List for FutureRestore downgrades can significantly enhance your chances of success. Please beware that downgrades from iOS 17 are not possible.

How to compile futurerestore dev on macOS

To compile futurerestore dev or main branch on macOS it's required to install cmake and some other components to make it work. The easiest way to do it is by utilizing Homebrew Package Manager for macOS. If you haven't already, use this command to install Homebrew.

Step 1. Open the terminal app and execute the following command.

/bin/bash -c "$(curl -fsSL"

Step 2. Install the required components through brew command.

brew install "openssl" "libpng" "libzip" "libimobiledevice" "autoconf" "automake" "autogen" "libtool" "cmake" "coreutils"

Step 3. Create a folder and open it in the terminal app.

mkdir ios-downgrade && cd ios-downgrade

Step 4. Clone the futurerestore dev or main branch to the new folder.

git clone --branch dev --recursive

Step 5. Open the futurerestore folder in the terminal app.

cd futurerestore

Step 6. Check your system architecture executing the uname command.

uname -m

Step 7. From Cryptic's CDN, click either x86_64 or arm64, based on your architecture, and download the macOS_arm64_Release_Latest.tar.zst file.

curl -C - -0 -o macOS_x86_64_Release_Latest.tar.zst ""

Step 8. Extract the macOS_arm64_Release_Latest.tar.zst file.

zstd -d macOS_arm64_Release_Latest.tar.zst

Step 9. Open the dep_root folder with the cd command.

cd dep_root

Step 10. Extract the macOS_arm64_Release_Latest.tar archive to the actual folder.

tar -xvf ../macOS_arm64_Release_Latest.tar

Step 11. Navigate up in the folder hierarchy to futurerestore.

cd ..

Step 12. Compile futurerestore dev or main branch. Modify -DARCH= when required.

./ -DARCH=x86_64 -DNO_PKGCFG=1

Step 13. Check that you have a futurerestore binary at cmake-build-release/src.

Available commands

Usage: futurerestore [OPTIONS] iPSW

General options:
  -h, --help				Shows this usage message
  -t, --apticket PATH		Signing tickets used for restoring
  -u, --update				Update instead of erase install (requires appropriate APTicket)
              				DO NOT use this parameter, if you update from jailbroken firmware!
  -w, --wait				Keep rebooting until ApNonce matches APTicket (ApNonce collision, unreliable)
  -d, --debug				Show all code, use to save a log for debug testing
  -e, --exit-recovery		Exit recovery mode and quit
  -z, --no-restore			Do not restore and end right before NOR data is sent
  -c, --custom-latest VERSION		Specify custom latest version to use for SEP, Baseband and other FirmwareUpdater components
  -g, --custom-latest-buildid BUILDID	Specify custom latest buildid to use for SEP, Baseband and other FirmwareUpdater components
  -i, --custom-latest-beta	Get custom url from list of beta firmwares
  -k, --custom-latest-ota	Get custom url from list of ota firmwares
Options for downgrading with Odysseus:
  -3, --use-pwndfu			Restoring devices with Odysseus method. Device needs to be in pwned DFU mode already
  -4, --no-ibss				Restoring devices with Odysseus method. For checkm8/iPwnder32 specifically, bootrom needs to be patched already with unless iPwnder.
  -5, --rdsk PATH			Set custom restore ramdisk for entering restoremode(requires use-pwndfu)
  -6, --rkrn PATH			Set custom restore kernelcache for entering restoremode(requires use-pwndfu)
  -7, --set-nonce			Set custom nonce from your blob then exit recovery(requires use-pwndfu)
  -7, --set-nonce=0xNONCE	Set custom nonce then exit recovery(requires use-pwndfu)
  -8, --serial				Enable serial during boot(requires serial cable and use-pwndfu)
  -9, --boot-args			Set custom restore boot-args(PROCEED WITH CAUTION)(requires use-pwndfu)
  -a, --no-cache			Disable cached patched iBSS/iBEC(requires use-pwndfu)
  -f, --skip-blob			Skip SHSH blob validation(PROCEED WITH CAUTION)(requires use-pwndfu)

Options for SEP:
  -0, --latest-sep			Use latest signed SEP instead of manually specifying one
  -j, --no-rsep				Choose not to send Restore Mode SEP firmware command

Options for baseband:
  -1, --latest-baseband		Use latest signed baseband instead of manually specifying one
  -2, --no-baseband			Skip checks and don't flash baseband
                   			Only use this for device without a baseband (eg. iPod touch or some Wi-Fi only iPads)

Sponsored links

Post a comment

Latest Posts




Semaphorin originated from johndoe123's iOS 7 Tethered Downgrade guide and has evolved into a solution for downgrading A7, A8, A8X, and A9 devices, including iPhone 5s, iPhone 6, iPhone 6s, and iPhone SE (2016) to versions ranging from iOS...

iCloud Bypass

HFZ Ramdisk Universal

HFZ Ramdisk Universal

Checkm8 exploit serves various functions, including jailbreaking, enabling dual OS, or bypassing the iCloud Activation screen. It achieves this by permitting code execution exclusively when you connect your iPhone in DFU mode to your PC via a USB...

iCloud Bypass

SkynetTool AIO

SkynetTool AIO

Discover a range of comprehensive All-In-One solutions designed to bypass iCloud and offer a variety of other features. One such recent release is SkynetTool AIO, a powerful tool that provides everything you need to manage your iPhone. This tool...