Posted in

The first iOS Downgrade Using BlackBird by Pangu was Achieved!

The first iOS Downgrade Using BlackBird by Pangu was Achieved!
The first iOS Downgrade Using BlackBird by Pangu was Achieved!

iOS downgrading was always a spicy topic, especially since Apple doesn’t provide an official way to downgrade iOS devices.

In fact, Apple goes out of its way to make it as hard as possible to keep downgrades from happening by limiting how long an iOS version stays signed. While the iOS build is signed by Apple, one can downgrade or upgrade to it easily through iTunes, Finder, or a number of third-party tools. Once Apple stops signing that iOS version, it’s no longer possible to downgrade to it.



What is the BlackBird SEP Exploit?

Back in 2020, the Pangu Jailbreak Team released their slides from a security conference where they talked about SEP (Secure Enclave Processor) and a vulnerability they found called BlackBird.

Using this vulnerability in combination with checkm8 which is an unpatchable SecureROM bug, one could theoretically load custom SEP firmware and downgrade the device, even without SHSH2 blobs saved.

Amazingly, even though Blackbird was released in 2020, aside from being used in CheckRa1n Jailbreak to enable the passcode after jailbreak, nobody used this bug for a proper downgrade until now.



The first iOS Downgrade Using BlackBird by Pangu was achieved!

Just a couple of days ago, developer @exploit3dguy posted on Twitter that they’ve successfully achieved an iOS Downgrade back to iOS 10.0.1 on their iPhone 6S which is vulnerable to both checkm8 and blackbird.

According to the developer, their downgrade was done without using any saved SHSH2 blobs, so it is a tethered downgrade, however, this is the very first successful downgrade using these vulnerabilities.

In the future, we might see tools capable of downgrading supported iOS devices without saved SHSH2 blobs.

It’s important to mention that this vulnerability only applies to some of the checkm8-compatible devices. As far as I am aware, only A8, A9, A10, and T2 series devices are supported.

This means quite a lot of devices, but iPhone 8, iPhone X, and all other A11 devices are sadly unsupported.



Check out the video below for more information about this downgrade and blackbird.

More iDevice Central guides

GeoSn0w is an iOS and Jailbreak enthusiast who has been around for quite some time in the community. He developed his own jailbreaks before and is currently maintaining iSecureOS, one of the first iOS Anti-Malware tools for jailbroken devices. He also runs the iDevice Central on YouTube with over 149.000 Subscribers!

With over a decade of iOS jailbreak experience and several jailbreak tools built by him, GeoSn0w knows the jailbreak scene quite well having been part of several releases over the years.

GeoSn0w is also a programmer focused primarily on iOS App Development and Embedded programming. He codes in Swift, Objective-C and C, but also does PHP on the side.

Leave a Reply