During a forensic examination, we recovered a seal containing an iPhone 5S to extract data useful for the investigation. Precautionary principle requires, before attempting crappy jailbrake on the seal, we preferred to acquire an equivalent model.
The problem: our witness phone was running IOS 12.3, while the seal was using IOS 12.2. And of course, jailbrake methods vary from one to another. Spoiler: luckily, IOS 12.2 is still signed by Apple and we can use iTunes to downgrade the phone.
Captain obvious, you first need to download iTunes, which can be obtained from Apple’s official site and install it.
Then comes the question of backing up data before downgrade. In our case, since it’s a test phone, it’s all empty, there’s no point in backing up our data. We will therefore start directly by downloading the firmware for our phone.
There are several sites listing the links to the firmware on the apple site. Among them are IPSW ME and IphoneAddict.
All you have to do is select the model of the phone (or tablet) you want to downgrade in their interface. Then you have to download the firmware of the version of IOS you want.
Personally, I needed an IOS 12.2 for Iphone 5S.
A quick glance, and we see that IOS 12.2 is still a version signed by Apple. !! This means that we can easily downgrade the smartphone.
If the version you want is in green, all the better. If it is in red, the version you want is no longer signed and you will not be able to use iTunes to downgrade your phone.
It is necessary to turn off the phone’s locate feature because if you don’t, iTunes will bitch on you. To do this, on the iPhone, click on the Settings icon.
- click on identifier (first tab) then choose iCloud,
- click on Localization of my iPhone, and deactivate the localization.
- then enter your Apple password.
The management of the telephone (backup, restoration, synchronization and for us, firmware) is done via iTunes, via a very discreet icon: at the top of the interface in the form of a smartphone, next to the Music menu.
To overwrite the firmware (and therefore downgrade), you need to hold down the shift key and click on the Restore iPhone button.
The next screen asks you to choose the firmware to install. Select it in Windows Explorer.
And once the choice is made, iTunes asks you to confirm; click on Restore.
The progress of the process is indicated in the progress bar (at the top of the interface) and shows you the percentage and the current step:
- Software extraction,
- IPhone software restore, during this step, the phone displays the Apple logo.
- Checking the restoration of the iPhone,
- Restart the iPhone, note that it is preceded by a pop-up that warns you with a countdown (rather short).
When restarting, the phone will show a final progress bar. iTunes, for its part, congratulates you and offers to restore data on the phone (the only possibility to continue with the phone).
For our first tests, we chose not to restore anything (Define as new iPhone). We could very well restore data from a backup made previously (Restore from this backup).
And because it’s never really over, iTunes will then offer to synchronize your media (photos, music, …).
There you go, your phone is downgraded.
If like me, you selected set as new iPhone, you will have to completely reconfigure it, like when you buy a new one.
And after ?
Now that your phone has an older version of iOS, you can perform any tests you want, such as installing a jailbreak.