How to Downgrade to Unsigned iOS

To deter jailbreaks, Apple usually stops signing older iOS firmware versions in two weeks. As a further deterrent, Apple regularly releases software updates which fix the exploits used in jailbreaks and the no longer signed older iOS firmware file means users are stuck on the new iOS and can’t revert to an older iOS with jailbreak exploits.

This makes the ability to downgrade to an unsigned iOS version very appealing to users who want to run a jailbreak on their iOS devices. With the method outlined in the following guide, it is possible to restore your iOS device to iOS 11.1.2 which has jailbreak vulnerabilities that can be exploited with popular jailbreak options such as Electra Jailbreak.

Also Read: Is it safe to jailbreak?

NOTE that this is a high-risk procedure, and the possibility that you might fail and be forced to revert to the latest iOS is real. So, proceed with caution and implement at your liability.

Upgrading or downgrading to an unsigned iOS can only be done when you’ve acquired the correct SHSH blobs for your target iOS version and the signing window for the public beta iOS is still open, regardless of the current signed available iOS version, for example, if you wish to downgrade to iOS 11.1.2, then you will need the iOS11.1.2 SHSH2 blob.

Should you find more than one .shsh2 file, then you should pick one in a folder named “noapnonce” and named somewhat similar to this; 1234567890123_iPhone10,6_n51ap_11.1.2-15A432_a1bcdef234abc567d8e9f012345a6789b01234c5.shsh2

How to save iPhone SHSH Blobs

To save your iOS device’s SHSH blobs, you can follow these steps:

  • Connect your iOS device to your PC and launch iTunes
  • Click on ‘Summary’ on the left-hand pane.
  • Click on the ‘Serial Number’ field in the Summary Tab until you see the ECID
  • Copy the ECID, open a new notepad and paste the ECID.
  • Just like with the ECID, click on the ‘Serial Number’ field in the Summary tab until you see the Device Identifier. For example, iPhone 10,6 is the device identifier for iPhone X. Copy and paste onto a notepad.
  • Copy the following link and paste it onto your web browser’s URL field;
  • Copy and paste the ECID you obtained above.
  • Next, select your device type; an iPhone, an iPad or an iPod Touch.
  • Enter your iOS device’s identifier and click on Submit.

That’s it! You will be directed to the result’s page where you’ll be given a link to your saved .shsh2 blobs. You should carefully note down the link or save it somewhere safe. It is only possible to save these SHSH blobs for a particular iOS version if Apple is still signing the firmware. The good news is that using this method; the .shsh2 blobs will be automatically saved for any new iOS version that Apple may release in the future, saving you the inconvenience of manually saving every time Apple drops an update.

If you lose the link to your saved .shsh2 blobs, you can recover them again. Just visit the following address; <insert decimal ECID here> you can convert a HEX ECID to decimal simply by visiting this site.

To best set yourself up for success, it is advisable to use a device already jailbroken and have at least 10GB of free hard disk space. Also, backup your iOS device as this procedure will factory reset your device.


Assuming by this point that you have your .shsh2 blobs secured, your iOS device backed up and the determination to see this through. Proceed to check the following steps:

iPhone iOS firmware file (Source:

iPad iOS firmware file (Source:

iPod Touch iOS firmware file (Source:

Alright, now with that housekeeping out of the way, you can proceed with attempting a downgrade to an unsigned iOS version.

How to revert to an unsigned iOS Firmware.

To revert to an unsigned iOS firmware version, follow the steps outlined below keenly:

Step 1:

Unzip the downloaded futurerestore zip file into a folder on your PC named futurerestore. The path to the folder should look something like C:\futurerestore\. Then copy both .ipsw firmware files into this folder along with the target iOS .shsh2 blob.

To tidy up the command line later, you may want to rename the .shsh2 blob to ‘my.shsh2’, the .ipsw file of the iOS being reverted to as ‘restore.ipsw’ and the signed .ipsw file to ‘signed.ipsw’ or whatever naming system works for you. These are the just the names we’re going to adopt for this guide.

Step 2:

Click on your .shsh2 file and choose to open it with Notepad. You will need to find your generator key string which will look something like 0xab12c34d5ef6ab7d and type this string into the PhoenixNonce or the NonceSet1112 app sideloaded on your phone and hit Enter or Set. At this point, the device might restart which is no call for panic; it is perfectly normal. Restart your iOS device and open the app again to ensure that the value is correctly entered.

If the value is not yet entered or has been incorrectly entered, repeat the process above. At other times, the value may be correctly entered, but the app shows nothing, in which case, you may repeat the process before proceeding with the next steps.

Step 3:

Take your lightning cable and connect your iOS device to your PC. Ensure that iTunes is NOT running in the background and that you have a good internet connection.

Launch Command Prompt as an Admin and navigate to ‘C:\futurerestore\,’ assuming you followed this guide to the letter and placed all the relevant files in this folder, type the following command:

futurerestore -t my.shsh2 -i signed.ipsw restoreto.ipsw

After hitting ‘Enter,’ you will see a long message. Do not interrupt this process until it’s completely done. Sometimes, futurerestore may not put your device into its recovery state. If this happens, you will have to put the device into recovery on your own. You can check out our guide on how to put any iOS device into recovery mode if this task becomes daunting for you.

NOTE: Every time the device comes out of Recovery Mode before the process is complete, the generator key will be reset needing you to repeat steps 1 to 3 again. You can, however, exit Recovery Mode right in Command Prompt by running the following command:

futurerestore.exe –exit-recovery 

Hopefully, everything should run just fine, and nothing interrupts the process, successfully reverting to an unsigned iOS firmware; perfect for jailbreaks. You can then restore your data from the backup during the setup process. If this guide on how to downgrade to an unsigned iOS version has been helpful to you, consider checking out our other guides, tips, and tricks relating to all things iOS and more.