An iOS 10.3.3 jailbreak still seems quite far away but you can now set nonce using the v0rtex exploit. Download v0rtexNonce below to kickstart the downgrade process.
Table of Contents
What is v0rtexNonce?
v0rtexNonce is a nonce-setter utility for devices that are compatible with the v0rtex exploit. It is developed by ARX8X using Siguza’s exploit.
It utilizes v0rtex kernel exploit to set the nonce in NVRAM, that, in turn, lets you downgrade to a jailbreak-able firmware. So it uses an exploit that indirectly allows you jailbreak.
Here’s a brief description of how this tool works –
- Run v0rtex exploit.
- Attempt to patch “nvpatch” variable in iOS kernel.
- Set nonce if the patch is successful.
How is it useful?
Setting nonce will allow you to downgrade your device without having a jailbreak.
Although it works with a plethora of devices, this tool is useful only for devices that use Apple A7 processor – iPhone 5s, iPad Air, and iPad Mini 2.
The reason behind this is that Apple is still signing iOS 10.3.3 via OTA for A7 devices. As far as A8, A9, and A10 devices go, they no longer have the luxury to use iOS 10.3.3’s SEP to downgrade.
iPhone 5s is compatible right now and support for iPad Air and iPad Mini 2 is due to arrive very soon.
This tool is compatible only with following device and firmware range only.
- iPhone 5s (10.3.1-10.3.3)
- iPhone 6 (10.3.1-10.3.3)
- iPhone 6s (10.3.2-10.3.3)
- iPhone SE (10.3.2)
- iPhone 7 (10.3.1-10.3.3)
- iPhone 7 Plus (10.3.1-10.3.3)
- A 64-bit iPhone, iPad, or iPod touch
- SHSH Blobs
- Cydia Impactor
- Internet connection
How to set nonce in NVRAM using v0rtexNonce
Step 1 Open Cydia Impactor tool.
Step 2 Download the IPA file using the link above. The original file is available for download on developer’s Github repository. But since it was not in IPA format, I created one and uploaded it to Mega.
Step 3 Sideload it to your device by dragging it over to Impactor’s window. Enter your Apple ID details and wait for the installation process to finish.
Step 4 Open your SHSH Blob file and look for a hexadecimal string starting from “0X” at the end.
Step 5 Set that string as your nonce generator using the app. The exploit might not succeed on the very first try. If this happens, reboot your device and retry.
Update – Here’s an in-depth tutorial on how to update from iOS 10 to iOS 11.
Now that the nonce is set, you must now move onto the downgrade part.
- Download the BuildManifest file here for your model and rename it to BuildManifest.plist.
- Follow this tutorial to downgrade to iOS 10.2 or 10.2.1 using Future Restore. Remember, your target firmware will be iOS 10.2 and your SEP firmware will be iOS 10.3.3.
- Once you downgrade, use yalu102 for iOS 10.2 or Saigon jailbreak for iOS 10.2.1.
That’s pretty much it! If you run into issues whilst restoring or downgrading, simply drop a comment below.
For more exploits and hacking updates, give us a thumbs up on Twitter and Facebook pages.