Do you know you can update to iOS 10.2 even after the signing window is closed? You just need to use hacker Tihmstar’s Prometheus utility and SHSH2 blobs. However, you need a tfp0 jailbreak to use this tool. Otherwise, Prometheus wouldn’t work at all.
Today we will learn how to enable tfp0 on iOS 9 jailbreak. We will make use of cl0ver tool developed by hacker Siguza that will enable tfp0 on your iOS device.
You need tfp0 to use Prometheus upgrade/downgrade tool.
Before you begin, remember the following points –
- Some jailbreak tools already have tfp0 enabled. If you have used Pangu jailbreak for iOS 9.1 or Luca Todesco’s JailbreakMe for iOS 9.3.x, you don’t need to follow this tutorial.
- To check if your jailbreak has tfp0 enabled, use iOS kern-utils tool by Siguza.
- This process may require a few tries before it finally works. If you device keeps crashing, just repeat the process and it will definitely work.
- If you reboot your iOS 9 device after following this tutorial, tfp0 will be disabled. You would then need to complete the entire process again to enable tfp0.
Here’s a list of devices supported by cl0ver. these devices –
Table of Contents
Devices Supported by cl0ver
Device | Firmware |
---|---|
iPhone 5s (N51AP, N53AP) | 9.0.2 |
iPhone 6 (N61AP) | 9.0.2, 9.3.3 |
iPhone 6+ (N56AP) | 9.0.2, 9.3.3 |
iPhone 6s (N71AP) | 9.0.2 |
iPhone 6s+ (N66AP) | 9.0.2 |
iPhone 6s (N71mAP) | 9.0, 9.0.1, 9.0.2 |
iPhone 6s+ (N66mAP) | 9.0, 9.0.1, 9.0.2 |
iPhone SE (N69AP) | 9.3.3 |
Requirements
Download these tools on your iOS device.
- OpenSSH
- WhiteTerminal
- Battery Memory System Status Monitor from App Store. We will use it for knowing the device’s model number.
Download the following utilities on your computer (PC/Mac).
- Download cl0ver version 1.1.1. Unzip it and extract cl0ver file present in the zip package on desktop.
- Download Cyberduck FTP client
Firstly, you need to find the offset of your device.
- Open Battery Memory System Status Monitor app.
- Navigate to System tab and find your Model number as shown below.
- Download the appropriate offset .dat file for your device using the links below.
Download Offsets for your device
Download offsets for your respective model number. If offsets for your device are not present here, don’t worry follow the next section of our tutorial.
Device | iOS | Offset |
---|---|---|
iPhone 5s (N51AP) iPhone 5s (N53AP) |
9.0.2 | N51AP_13A452 |
iPhone 6 (N61AP) iPhone 6+ (N56AP) |
9.0.2 | N61AP_13A452 |
9.3.3 | N61AP_13G34 | |
iPhone 6s (N71AP) iPhone 6s+ (N66AP) |
9.0.2 | N71AP_13A452 |
iPhone 6s (N71mAP) iPhone 6s+ (N66mAP) |
9.0 9.0.1 |
N71mAP_13A405 |
9.0.2 | N71mAP_13A452 | |
iPhone SE (N69AP) | 9.3.3 | N69AP_13G34 |
iPad Air (J71AP) iPad Air (J72AP) |
9.0.2 | J72AP_13A452 |
iPad Air 2 (J81AP) | 9.0.2 | J81AP_13A452 |
iPad mini 2 (J85AP) | 9.0.2 | J85AP_13A452 |
How to Enable tfp0 with cl0ver on supported devices
Step 1 Now we need to establish an SSH connection using Cyberduck utility. Start Cyberduck > Open Connection > SFTP.
Step 2 Go to Settings > Wi-Fi > tap “i” and note down your IP address.
Step 3 Enter the IP address of your device in Server.
- Port: 22
- Username: root
- Password: alpine (This is the default password. If you did change it, use the new one.)
Step 4 Select Connect. Select Always and then click Allow.
Step 5 You will now land on this path /private/var/root. If you are on a different path, remember it as you will need it in step 12.
Step 6 Drag cl0ver file from your desktop at this location.
Step 7 Go to /etc.
Step 8 Make a new folder called cl0ver at this destination (If your device’s offset was not present above, skip to the next section of this tutorial).
Step 9 Navigate to this folder and drag your offsets.dat file at this location.
Step 10 Select Disconnect and exit from Cyberduck FTP client.
Step 11 Turn on Airplane mode on your device.
Step 12 Open WhiteTerminal and type the following commands –
login root
alpine
cd /private/var/root (if you got a different path on step 9, type it)
chmod +x cl0ver
./cl0ver slide
Step 13 You will now get a line of code that will start with [*] Kernel slide. If you get Unhandled error: Unsupported device error, your device is not supported. Wait for the developer to release a future version of cl0ver.
Step 14 Enter this command –
./cl0ver.
Step 15 If you get a line that goes something like this – [*] Successfully installed patch, then you are all set.
You have successfully enbled tfp0 patch on your device. You can now move onto Prometheus tool to upgrade to iOS 10.2 firmware if you saved your SHSH2 blobs.
How to Enable tfp0 with cl0ver on unsupported devices
Before you begin, make sure you have successfully finished the above tutorial till step 11.
Step 1 Put your device in Airplane mode.
Step 2 Open WhiteTerminal on your iOS device and enter the following commands.
login root
alpine
cd /private/var/root (if you got a different path on step A9, type it).
chmod +x cl0ver
./cl0ver slide
Step 3 If you get this – [*] Kernel slide, you are all set. If you are getting Unhandled error: Unsupported device error, this means your device is not supported yet.
Step 4 Enter the following command –
./cl0ver dump
Step 5 cl0ver will now dump a kernel.bin file in root.
Step 6 Start Cyberduck FTP client.
Step 7 Establish SSH connection with your device as given in the above section.
Step 8 Go to this path – /private/var/root.
Step 9 Move kernel.bin present here to this location /etc/cl0ver/.
Step 10 Enter the following command in WhiteTerminal
./cl0ver
Step 11 If you get a message that says this – [*] Successfully installed patch, you are all set.
You have now successfully installed tfp0 patch on your device.
If you liked this tutorial, please share it on Twitter and Facebook.
Hallo i have Unsupported device: iPad Air 2 (J82AP) / iOS 9.0.2 (13A452) I have Jailbreak, I want to use Prometheus And upgrade to ios 10 or 11, I have a problem with no danger Enable tfp0 on iOS 9 Jailbreak. Where to profit offset for the Ipad Air 2 cellular. iPad Air 2 (J82AP)
thank you veru much for help me. sorry my english
Unfortunately, it won’t work for you then. You must have a supported version.
do I have the option to switch to 9.3.3 which is currently in Jailbreak? SHSH2 has been stored for all iOS since ios 9th
Can i go to some other iOs when I do not have ftOp?
No, updating to another iOS 9 version is no longer possible.
and I can get to iOs 10 or iOs 11 mam JB and save SHSh but a hev not fr0o
Thank you
You can do that via iTunes but you will lose your jailbreak, of course.
This is a little late maybe, but I came across this blog because I really wish to update my factory default ios 9.3.2 (jailbroken) on my Iphone SE. Unfortunately I als o get the “unsupported device” message. Is there anyway if you could help me out so I can still tfp0 my device?
It would be highly appreciated! Thank you!
You are not late at all, Rob. iOS 9 is still a great firmware to use. I believe the tool doesn’t have the offsets for your device, you are out of luck. Why don’t you use Cydia Eraser?
Thank you for the quick reply!
Im sorry, I wasnt stating in the post that my goal is to update to 11.1.2 (which is the latest jailbroken IOS). I have saved my BLOBs (only > 11)… So cant upgrade to 9.3.3/9.3.4. which is of course unsigned and I dont have the blobs.
I tried also the jailbreak through https://jbme.qwertyoruiop.com/ which supposedly should have tfp0 enabled and jailbreak works, but tfp0 -no luck with that. I use nonceset to set the nonce, but it wont change.
Is there any solution?
Without blobs, nothing will work even if you set the nonce.
Hello, Embok. Which jailbreak are you using?
Pangu https://uploads.disquscdn.com/images/3d43df7386dc61f77ad3cc344ebb64dc4a9313ab5c9008ae346453c2a70d636b.png
It’s all good then. You already have tfp0 enabled.
iOS 9.0.1
I’ve explained about it in the previous comments.
Unfortunately, this tool doesn’t support all devices on all firmware versions. I’m sure you are having an incompatible combination.
I know it’s probably late but I can’t get cl0ver to dump the bin file, always “[!] Unhandled error: Unsupported device/OS combination”. I’m following the second part ’cause I’m using 5S on 9.0.1. Any fix?
Hello, Embok. Why are you trying to enable tfp0? If possible, send me a screenshot as well.
Oughtta fix “tpf0” -> “tfp0” in the title.
TFP0 stands for “task_for_pid(0)” which means that you get full access [a TASK handle] to the kernel [a “process” with PID=0].
Thanks for the heads up, Domo. Fixed!