Every time you do a restore to install a firmware, your device checks if it is allowed to install that version by asking Apple (called "calling home"). Apple usually only allows installing the latest version of the firmware. So if you bought an iPhone with firmware 4.1 on it, you cannot reinstall firmware 4.1, because Apple doesn't allow you.
During this "calling home", iTunes asks an Apple server if it is allowed to install this firmware version on your phone. It sends the ECID (something like the serial number) and the firmware version to Apple. iTunes gets back a SHSH blob. That will be sent to your phone and your phone then checks if it is allowed to install this firmware.
The trick is now that you can backup the SHSH that you get from Apple. So if you want to install the firmware that Apple is signing today in a far future again, you just give iTunes (and your phone) the SHSH that you backed up.
There is NO WAY to generate SHSH blobs. If Apple doesn't issue them anymore, you cannot generate them.
Cydia server usually backs them up for you, but you can have them also additionally on your computer. In order to downgrade, you just have to change your hosts file so that when iTunes asks Apple for the SHSH, it points to some other computer, which provides the SHSH from the backup.
Many users have SHSH backups without knowing it. To find out for which firmware versions you have a backup, run the TinyUmbrella[1] tool. With TinyUmbrella[1] you can also backup your SHSH blobs, even without a jailbreak.
The old iPhone 3G doesn't have this check built-in, but since iOS 4.0 there's still a check if the SHSH is correct. This means that to downgrade an iPhone 3G to 4.1 you still need the SHSH backup. Or you have to use another tool to install the firmware (like redsn0w[2]).
Since iOS 5 and with all newer devices, Apple switched to AP-Tickets. You can't use AP-Tickets to replay them to downgrade again, so this method is now mainly useless and you can't downgrade any longer.
During this "calling home", iTunes asks an Apple server if it is allowed to install this firmware version on your phone. It sends the ECID (something like the serial number) and the firmware version to Apple. iTunes gets back a SHSH blob. That will be sent to your phone and your phone then checks if it is allowed to install this firmware.
The trick is now that you can backup the SHSH that you get from Apple. So if you want to install the firmware that Apple is signing today in a far future again, you just give iTunes (and your phone) the SHSH that you backed up.
There is NO WAY to generate SHSH blobs. If Apple doesn't issue them anymore, you cannot generate them.
Cydia server usually backs them up for you, but you can have them also additionally on your computer. In order to downgrade, you just have to change your hosts file so that when iTunes asks Apple for the SHSH, it points to some other computer, which provides the SHSH from the backup.
Many users have SHSH backups without knowing it. To find out for which firmware versions you have a backup, run the TinyUmbrella[1] tool. With TinyUmbrella[1] you can also backup your SHSH blobs, even without a jailbreak.
The old iPhone 3G doesn't have this check built-in, but since iOS 4.0 there's still a check if the SHSH is correct. This means that to downgrade an iPhone 3G to 4.1 you still need the SHSH backup. Or you have to use another tool to install the firmware (like redsn0w[2]).
Since iOS 5 and with all newer devices, Apple switched to AP-Tickets. You can't use AP-Tickets to replay them to downgrade again, so this method is now mainly useless and you can't downgrade any longer.
0 comments:
Post a Comment