Skip to content


LukeeGD edited this page Mar 21, 2023 · 144 revisions

Common issues

  • If something in the process does not work for you: try unplugging/replugging the device, switching between different USB ports/cables, also try USB 2.0 or 3.0 ports
  • IPSW file integrity will be verified before restoring and/or creating custom IPSW (if custom IPSW is already created, this will be skipped) This is done to make sure that the IPSW is not corrupt or incomplete.
  • For users having issues with missing libraries/tools: re-install dependencies by deleting the firstrun file in resources, then run the script again.
  • If your device is not being detected in normal mode, make sure to also trust the computer by selecting "Trust" at the pop-up.
    • macOS/Windows: Double-check if the device is being detected by iTunes/Finder.
    • Linux: Run sudo systemctl restart usbmuxd then try to run the script again. This also helps with "restore mode" and USB SSH issues.
    • Linux: An alternative to restarting usbmuxd is to run these commands in another Terminal window:
    sudo systemctl stop usbmuxd
    sudo usbmuxd -p -f
  • 32-bit devices: If SSH fails for you, try these steps to make sure that SSH is successful
  • Exit DFU Mode: Hold the TOP and HOME buttons of your device for about 15 seconds.
  • Exit Recovery Mode: Run the script while the device is in recovery mode, select Downgrade Device, and select the option to exit recovery.
  • When opening an issue, send the FULL log. If you only send a partial log or not send a log at all, your issue will be dismissed and closed.
  • Using manually saved SHSH blobs
  • Clearing NVRAM

Script arguments

  • EntryDevice - If the script is reading the ECID of your device incorrectly, you may have to put it manually. To do this, run the script with --entry-device as an argument.
  • NoColor - If the text displayed by the script is unreadable because of the color, you can disable it. To do this, run the script with --no-color as an argument.
  • NoDevice - To perform operations without an iOS device connected, run the script with --no-device as an argument.
    • In NoDevice mode, your only options are to Save OTA Blobs, and Create Custom IPSW for 32-bit devices.
  • Example of usage with argument: ./ --no-color --entry-device
    • For Windows, edit restore.cmd and append the argument/s needed
    • The script accepts multiple arguments

Notes for iPhone4Down

  • If you want to go back and restore to iOS 7.1.2, you need to disable the exploit
  • This script uses powdersn0w and mostly automates the downgrade process for the iPhone 4
    • Windows users are recommended to create a Linux live USB (see Requirements)
    • macOS users should use cherryflowerJB or powdersn0w instead of iPhone4Down for better support
  • This supports iPhone 4 GSM only (iPhone3,1)
    • Restoring with blobs, restoring to 7.1.2, and entering kDFU mode supports all iPhone 4 models
  • The downgrades have the option to jailbreak
  • Take note that iPhone4Down downgrades are not compatible with all models
    • 8GB models may not work with downgrades below iOS 6
    • Newer models may not work with downgrades below iOS 5
    • If your device is not compatible as mentioned above, you will get the error could not retrieve device serial number
    • You can use sites like Reincubate to check whether your device is compatible or not
  • It is recommended to use an Intel PC/Mac as entering pwnDFU can be a lot more unreliable on devices running AMD CPUs (this includes encountering Segmentation fault errors with pwnedDFU)
  • You NEED a working Home and Top/Power button to enter proper DFU mode in order to use iPhone4Down. kDFU mode will NOT work!


  • macOS users have to install bash, libimobiledevice, and libirecovery from Homebrew or MacPorts. This is required.
    • For Homebrew: brew install bash libimobiledevice libirecovery
    • For MacPorts: sudo port install bash libimobiledevice libirecovery
  • If some tools are not working, you may try to git clone the repo: git clone then try again from there
    • You may also try this: cd to where the files are extracted, then run xattr -dr bin/macos
    • If nothing else works, you may have to try disabling Gatekeeper: sudo spctl --master-disable


  • ipwndfu is unfortunately very unreliable on Linux, you may have to try multiple times.
  • You may also try in a live USB
  • You may have to get a machine running macOS to get your device to enter pwnDFU mode, or use iPwnder Lite for iOS
  • For advanced users: Hackintosh and macOS KVM with USB passthrough should also work if set up properly


  • I highly recommend Windows users to use iOS-OTA-Downgrader on Linux or macOS instead. You may create a Linux live USB, and this can easily be done with tools like Ventoy.
  • Support for iPhone 4 and A7 devices is limited. More details below.
  • Windows users may encounter errors like Unable to send APTicket or Unable to send iBEC in the restore process.
    • Run the script again and let the device exit recovery mode when prompted.
    • Verify your iTunes version: Open iTunes -> Help -> About iTunes.
    • You should have iTunes version 12.6.5 or older. Downgrade your iTunes version first before attempting any other fixes.
    • To attempt to fix this, follow steps 1 to 5 here.
    • After downgrading iTunes and/or attempting the fix, follow the procedure again. This time, it should get past the previous errors mentioned.
    • If the troubleshooting steps still did not work, consider creating a Linux live USB (with persistent storage if applicable).
    • More troubleshooting steps here
  • If you want to restore your iPhone 4 or A7 device on Windows, you need to first put the device in pwnDFU mode with signature checks disabled. Since entering pwnDFU mode is not supported on Windows, you need to use a Mac/Linux machine or another iOS device to do so. If your device is not in pwnDFU mode, the restore will NOT proceed!
    • Windows users may create a Linux live USB.
    • For entering pwnDFU mode, use ipwndfu, iPwnder32, or iPwnder Lite

A7 devices

  • Do not use USB-C to lightning cables as this can prevent a successful restore
  • Entering pwnDFU mode can fail a lot on Linux especially for A7 devices.
  • Entering pwnDFU mode will likely fail on devices running AMD CPUs.
  • If the script cannot find your device in pwnREC mode or gets stuck, you may have to start over by force restarting and re-entering recovery/DFU mode
  • Use an Intel or Apple Silicon PC/Mac as entering pwnDFU (checkm8) may be a lot more unreliable on devices with AMD CPUs
  • You may have to get a machine running macOS to get your device to enter pwnDFU mode, or use iPwnder Lite for iOS

32-bit devices

  • To make sure that SSH is successful, try these steps
  • To devices with baseband, this script will restore your device with the latest baseband
  • This script can also be used to just enter kDFU mode for all supported devices
  • This script can work on virtual machines, but I will not provide support for them
  • If you get stuck in recovery mode after downgrading, or your device is unable to activate, try these steps:
  • There is an option to skip baseband update for downgrading. By default, this is enabled for iPad2,3; see here. This can be enabled for other devices by modifying (see the line with device_disable_bbupdate, replace iPad2,3 with your device)

Jailbreak Option for 32-bit devices

  • If you cannot open Cydia after restoring with Jailbreak Option enabled, unfortunately I cannot help much. It is something that I cannot figure out and fix, sorry.
    • I have tested the Jailbreak Option successfully on iPad3,3 8.4.1, iPhone4,1 6.1.3 and 8.4.1, and iPhone5,2 8.4.1. Even if I have tested successfully on these, others may have varying results for some reason.
    • You may have to restore back to latest, downgrade again with the Jailbreak Option disabled, then sideload/jailbreak manually.
  • If you have problems with Cydia, remove the ultrasn0w repo and close Cydia using the app switcher, then try opening Cydia again
  • If you cannot find Cydia in your home screen, try accessing Cydia through Safari with cydia:// and install "Jailbreak App Icons Fix" package from my Cydia repo:
  • p0sixspwn will be used for iOS 6.1.3, and EtasonJB or daibutsu for iOS 8.4.1
  • For some devices, EtasonJB untether is unstable and not working properly, so daibutsu jailbreak will be used on the following devices:
    • iPad 2 Rev A (iPad2,4)
    • iPad mini 1 (iPad2,5, iPad2,6, iPad2,7)
    • iPad 3 (iPad3,1, iPad3,2, iPad3,3)
    • iPhone 4S (iPhone4,1)
    • iPhone 5 (iPhone5,2)
    • iPod touch 5th gen (iPod5,1)
  • iPhone4,1 and iPhone5,2 users can choose between daibutsu and EtasonJB. If one does not work, you may try again with the other.
  • Custom IPSW files with daibutsu end with CustomJBD, and EtasonJB with CustomJBE. More details about custom IPSW names below.
  • For devices jailbroken with EtasonJB, there is no need to install "Stashing for #etasonJB" package from Karen's repo, as stashing is already enabled
  • For devices jailbroken with daibutsu, add the system repo for future updates to the untether package:
  • For devices jailbroken with daibutsu and want to use Coolbooter Untetherer, apply this fix/workaround using MTerminal:
    (enter password, default is 'alpine')
    mkdir /taig
    touch /taig/taig
  • You may also add OpenSSH to the custom IPSW with jailbreak option enabled, this could also be useful (see in resources). You will find 2 instances of these lines:
    #JBFiles+=("../resources/jailbreak/sshdeb.tar")                                       # uncomment to add openssh to custom ipsw
    #JailbreakFiles $JBURL/sshdeb.tar sshdeb.tar 0bffece0f8fd939c479159b57e923dd8c06191d3 # uncomment to add openssh to custom ipsw
  • For all instances of the given lines above, remove the # at the beginning of JBFiles and JailbreakFiles:
    JBFiles+=("../resources/jailbreak/sshdeb.tar")                                       # uncomment to add openssh to custom ipsw
    JailbreakFiles $JBURL/sshdeb.tar sshdeb.tar 0bffece0f8fd939c479159b57e923dd8c06191d3 # uncomment to add openssh to custom ipsw

Custom IPSW names

  • The custom IPSWs generated may have letter/s at the end of the file name. Here is a list of what each letter means.
  • B - Baseband update is disabled for this custom IPSW
  • D - daibutsu is used for the jailbreak
  • E - EtasonJB is used for the jailbreak
  • JB - The custom IPSW is created with the jailbreak option enabled
  • V - The custom IPSW is created with the verbose option enabled

DFU Advanced Menu for 32-bit devices

DFU Advanced Menu (A5(X) pwnDFU mode with Arduino and USB Host Shield)

  • For A5(X) devices, "pwnDFU mode (A5)" option can be used, BUT ONLY IF the device is put in pwnDFU mode beforehand, with synackuk checkm8-a5 using an Arduino and USB Host Shield.
  • Proceed here for a video tutorial on how to install and use checkm8-a5:
  • If entering pwnDFU mode and/or sending pwned iBSS failed, the downgrade/restore will not work, and you need to force restart to try again.
  • When selecting the "pwnDFU mode (A5)" option, iBSS options will be asked. I would recommend for users to either:
    • Run checkm8-a5, send pwned iBSS manually (using ipwndfu or other methods), then select Y for "Pwned iBSS/kDFU mode", or
    • Run checkm8-a5, do not send pwned iBSS, select N for "Pwned iBSS/kDFU mode" for ipwndfu to send pwned iBSS. You need to have python2 installed beforehand, and this does not work on ARM Macs (do the above instead).
      • You may install python2 from pyenv: pyenv install 2.7.18. The script will detect this automatically

DFU Advanced Menu (kDFU mode)

  • Select the "kDFU mode" option if your device is already in kDFU mode.
  • Example of this is selecting "Put Device in kDFU Mode" from the main menu, or using kDFUApp by tihmstar.
  • kDFUApp can be installed from my repo:
  • For installation instructions, follow "All devices, jailbroken on iOS 9 or lower (alternative)"
  • Some devices are not supported by kDFUApp. To add support for more devices and iOS versions, make sure to also install "kDFUApp Bundles" from my repo
  • kDFUApp works on iOS versions 6.0 to 9.3.6. Other versions are not supported.

Using manually saved SHSH blobs

  • Restoring to other versions with saved SHSH blobs is done with the "Other" downgrade option. This will ask for the IPSW and SHSH files for the version that you want to downgrade to.
  • If you want to use other manually saved OTA blobs, create a folder named saved, then within it create another folder named shsh. You can then put your blob inside that folder.
    • The naming of the blob should be: (ECID in Decimal)_(ProductType)_(Version)-(BuildVer).shsh(2)
    • Example with path: saved/shsh/123456789012_iPad2,1_8.4.1-12H321.shsh
  • The BuildVer for 6.1.3 is 10B329, 8.4.1 is 12H321, and 10.3.3 is 14G60

Clearing NVRAM

  • For 32-bit devices, restore to the latest version first and jailbreak before proceeding.
  • For iPhone 4 devices stuck at the boot logo after downgrading, disable the exploit and restore to iOS 7.1.2 with the jailbreak option enabled first before proceeding.
  • This can also be done using SSH Ramdisk.
  1. Jailbreak your device.
  2. Install MTerminal or NewTerm from Cydia/Sileo
  3. Run these commands:
    (enter password, default is 'alpine')
    nvram -c
  4. Then you may try to downgrade/restore again