iOS downgrading was always a spicy topic, especially since Apple doesn’t provide an official way to downgrade iOS devices.

In fact, Apple goes out of its way to make it as hard as possible to keep downgrades from happening by limiting how long an iOS version stays signed. While the iOS build is signed by Apple, one can downgrade or upgrade to it easily through iTunes, Finder, or a number of third-party tools. Once Apple stops signing that iOS version, it’s no longer possible to downgrade to it.

What is the BlackBird SEP Exploit?

Back in 2020, the Pangu Jailbreak Team released their slides from a security conference where they talked about SEP (Secure Enclave Processor) and a vulnerability they found called BlackBird.

Using this vulnerability in combination with checkm8 which is an unpatchable SecureROM bug, one could theoretically load custom SEP firmware and downgrade the device, even without SHSH2 blobs saved.

Amazingly, even though Blackbird was released in 2020, aside from being used in CheckRa1n Jailbreak to enable the passcode after jailbreak, nobody used this bug for a proper downgrade until now.

The first iOS Downgrade Using BlackBird by Pangu was achieved!

Just a couple of days ago, developer @exploit3dguy posted on Twitter that they’ve successfully achieved an iOS Downgrade back to iOS 10.0.1 on their iPhone 6S which is vulnerable to both checkm8 and blackbird.

According to the developer, their downgrade was done without using any saved SHSH2 blobs, so it is a tethered downgrade, however, this is the very first successful downgrade using these vulnerabilities.

Impossible has been done.

First successful blackbird downgrade on iPhone 6s to iOS 10.0.1 tethered without SHSH blobs. It was painful but it was worth it at the end :))

W/ passcode fully working. pic.twitter.com/i0imlDzsiF

— md (@exploit3dguy) July 30, 2023

In the future, we might see tools capable of downgrading supported iOS devices without saved SHSH2 blobs.

It’s important to mention that this vulnerability only applies to some of the checkm8-compatible devices. As far as I am aware, only A8, A9, A10, and T2 series devices are supported.

This means quite a lot of devices, but iPhone 8, iPhone X, and all other A11 devices are sadly unsupported.

Check out the video below for more information about this downgrade and blackbird.

More iDevice Central guides

• iOS 17 Jailbreak RELEASED! How to Jailbreak iOS 17 with PaleRa1n
• How to Jailbreak iOS 18.0 – iOS 18.2.1 / iOS 18.3 With Tweaks
• Download iRemovalRa1n Jailbreak (CheckRa1n for Windows)
• Dopamine Jailbreak (Fugu15 Max) Release Is Coming Soon for iOS 15.0 – 15.4.1 A12+
• Cowabunga Lite For iOS 16.2 – 16.4 Released in Beta! Install Tweaks and Themes Without Jailbreak
• Fugu15 Max Jailbreak: All Confirmed Working Rootless Tweaks List
• iOS 14.0 – 16.1.2 – All MacDirtyCow Tools IPAs
• iOS Jailbreak Tools for All iOS Versions