An iOS 10.3.3 jailbreak still seems quite far away but you can now set nonce using the v0rtex exploit. Download v0rtexNonce below to kickstart the downgrade process.
Table of Contents
What is v0rtexNonce?
v0rtexNonce is a nonce-setter utility for devices that are compatible with the v0rtex exploit. It is developed by ARX8X using Siguza’s exploit.
It utilizes v0rtex kernel exploit to set the nonce in NVRAM, that, in turn, lets you downgrade to a jailbreak-able firmware. So it uses an exploit that indirectly allows you jailbreak.
Here’s a brief description of how this tool works –
- Run v0rtex exploit.
- Attempt to patch “nvpatch” variable in iOS kernel.
- Set nonce if the patch is successful.
How is it useful?
Setting nonce will allow you to downgrade your device without having a jailbreak.
Although it works with a plethora of devices, this tool is useful only for devices that use Apple A7 processor – iPhone 5s, iPad Air, and iPad Mini 2.
The reason behind this is that Apple is still signing iOS 10.3.3 via OTA for A7 devices. As far as A8, A9, and A10 devices go, they no longer have the luxury to use iOS 10.3.3’s SEP to downgrade.
iPhone 5s is compatible right now and support for iPad Air and iPad Mini 2 is due to arrive very soon.
This tool is compatible only with following device and firmware range only.
- iPhone 5s (10.3.1-10.3.3)
- iPhone 6 (10.3.1-10.3.3)
- iPhone 6s (10.3.2-10.3.3)
- iPhone SE (10.3.2)
- iPhone 7 (10.3.1-10.3.3)
- iPhone 7 Plus (10.3.1-10.3.3)
- A 64-bit iPhone, iPad, or iPod touch
- SHSH Blobs
- Cydia Impactor
- Internet connection
How to set nonce in NVRAM using v0rtexNonce
Step 1 Open Cydia Impactor tool.
Step 2 Download the IPA file using the link above. The original file is available for download on developer’s Github repository. But since it was not in IPA format, I created one and uploaded it to Mega.
Step 3 Sideload it to your device by dragging it over to Impactor’s window. Enter your Apple ID details and wait for the installation process to finish.
Step 4 Open your SHSH Blob file and look for a hexadecimal string starting from “0X” at the end.
Step 5 Set that string as your nonce generator using the app. The exploit might not succeed on the very first try. If this happens, reboot your device and retry.
Update – Here’s an in-depth tutorial on how to update from iOS 10 to iOS 11.
Now that the nonce is set, you must now move onto the downgrade part.
- Download the BuildManifest file here for your model and rename it to BuildManifest.plist.
- Follow this tutorial to downgrade to iOS 10.2 or 10.2.1 using Future Restore. Remember, your target firmware will be iOS 10.2 and your SEP firmware will be iOS 10.3.3.
- Once you downgrade, use yalu102 for iOS 10.2 or Saigon jailbreak for iOS 10.2.1.
That’s pretty much it! If you run into issues whilst restoring or downgrading, simply drop a comment below.
For more exploits and hacking updates, give us a thumbs up on Twitter and Facebook pages.
I am on ios 12.0.1 iPhone 5s is there a way to downgrade to ios 10.3.3
No, downgrades are no longer possible.
so this doesnt work on 6s plus 10.3.3? what are we supposed to use instead
You can use Meridian and then set nonce manually.
Hi. I Got error plist.hpp:201. How can i fix it?
Can you post a screenshot?
does it work on iphone 7 10.3.3?
Yes, it does.
Should I give this a shot? I have my 10.3.3 blobs saved. iPhone 7+
Currently on iOS 11.2.1
It won’t work.
im on 6s 10.2 jailbroken & saved shsh2 blobs via tss server . how can i update to 10.3 with shsh2 blobs ?
Thanks in Advance
That’s not possible anymore.
Hello dude, I have a iPhone6P running 10.3.3 , after using Cydia Impactor,v0rtexNonce appeared but with a blank icon,and when i open it ,it just quited in a flash ,pls give me a hand,thanks!
The developer is going to release an update for it soon.
Does it work on iOS 10.3.1 with iPhone 6+?
Yes, you can try but the exploit takes a lot of tries to get working.
Hi, ive narrowed done my issue (i think) to this error when intially side loading.
hope this helps.
Try this – https://yalujailbreak.net/plist-hpp-500-error/
OKay, thanks for the help, any idea on ETA for an update?
Appreicate the work and help, Joe
Whenever I sideload the app i get an error on my PC, and then after i verify the app it jsut reboots my phone everytime i open it, is there a fix for this?
The developer is working on an update.
Its kind of been months now and still no update or another working way? i tried like 50 times now.
Is this tool not working for you?
I’m on iphone 6 on 10.3.3 and I tried to open it the first time and it just said “v0rtex exploit failed” and reboots my phone when I exit, and I try again and same thing happens. I’d really appreciate if you guys responded to this. Thanks
I’ve also retried almost 7 times
Which device are you on?
You will need to keep at it and try it a lot of times. The exploit is flaky and may take a lot of tries to get working.
Does this work for a 6s+?
When i open the app on my iphone 7 + it just reboots my phone
I tried more than 20 times
It’s useless for your device.
So why is it that the 7 and 7+ 10.3.1 – 10.3.3 are listed as compatible devices?
I don’t want to downgrade, but upgrade from 10.3.1 to 11.1.2. So just setting nonce would be fine as I intend to use a futurerestore fork to update
This compatibility list is provided by the developer. Yes, that sounds just about right.
have you sorted this yet? getting the same issue
What’s not working?
I have the app sideloaded, but it jsut reboots my phone everytime i launch the app, im on iPhone 7 10.3.1
The exploit is not working in your case. I suggest waiting for an update, for now.
The app wont open once sideloaded, just reboots my phone or doesnt open at all.
Thanks in advance, Joe
Does this method work on 6s (ios 10.3.2) and whether the stored shsh?
No, it won’t work on your device.
I did not understand the 4 step, where to download the nonce generator in NVRAM
You need to get the IPA that’s given above.