IDeviceReRestore

iDeviceReRestore is a tool based off of idevicerestore that can be used to downgrade 32-bit devices to any iOS 9 version, provided the user has SHSH blobs for the version. It uses a bug discovered in 32-bit versions of iOS 9.x iBoot's APTicket verification routines which allows valid cached tickets with a missing APNonce, regardless of the current nonce.

The bug only exists in iOS 9, but it does not require you to currently run iOS 9 to use it. The reasoning being, due to the fact that all 32-bit bootroms (other than Apple Watch) verify the next bootloader, iBSS, based on SHSH when in DFU Mode rather than with APTicket, with no enforcement of APNonce, you can always boot into your iBSS you have cached blobs for, via DFU mode, regardless of your current APNonce. Furthermore, 9.x iBSS has the same bug as all other 9.x 32-bit iBoot, and so you can continue a restore straight from there. On a firmware without the bug, or when using an iOS 9.x APTicket with an APNonce, iBSS will not accept your APTicket, and will not continue into the rest of the restore chain.