In addition, in all iOS 5.x firmware found a vulnerability that opens up additional opportunities for rollback firmware even on new Apple devices.
During the firmware of these devices, you can turn off random number generation and force iTunes to accept the old SHSH from the same device.
However, it is not.Īs it turned out, APTicket can also be bypassed, but only on devices with Apple A4 processors and weaker - on iPhone 3G, iPhone 3GS, iPhone 4, iPod touch 3G, iPod touch 4G, iPad 1G and Apple TV 2G.
It is almost impossible to decrypt an APTicket — for this, you need to crack the Apple security key, and this can only be done by brute force.Īccording to the idea of ​​Apple programmers, APTicket will make it impossible to restore any Apple devices to unsigned firmware. The next time you restart, the iOS gadget generates a new random number, and the old SHSH will no longer work for it. Starting with iOS 5.0, any SHSH is valid only once. Previously, SHSH had no shelf life and could be used an unlimited number of times. But then Apple significantly modified the firmware signing system.īut if before iTunes transferred only the device identifier and the firmware version to the Apple server, then before flashing the iOS device generates a random number, which also participates in the creation of SHSH. Up until the release of iOS 5.0 in the fall of 2011, the availability of SHSH provided a guaranteed opportunity to roll back any gadget to any old version of iOS. If you have saved the certificate for the firmware to which you want to recover, then you will always be able to do it without going through Apple's servers. If it does not, then iTunes will give an error and will abort the recovery process. The answer comes SHSH certificate is required for the load module (iBoot). When you try to downgrade (downgrade firmware), iTunes server communicates with the company Apple and sends him some of the data on your device, including the unique identifier of its chip. The operating principle of this limitation is simple. For iPhone 2G, iPod touch 1G, and Apple TV 1G SHSH is not used, so these devices can always flash at any available version of iOS. Starting with firmware 3.1.1, signing system was extended to the iPod touch 2G and 3G, and since the release of iOS 4.0 SHSH steel subscribe and iPhone 3G. signing system debuted in the summer of 2009, with the release of iPhone 3GS.
SHSH Apple issues a special server (gs.) in response to the identifier of the device sewn, sent him to iTunes.
(Click on the appropriate download link in the right sidebar under Downloads/Links on the download page).Ĭheck our TinyUmbrella category page for the latest coverage about the tool.SHSH certificate ( Shsh blobs ) - digital signature, unique to each iDevice, Which is signed by the firmware file before it is poured into the device. He has indicated that it maybe possible to downgrade to older iOS version using the SHSH blobs. Semaphone, developer of TinyUmbrella has recently released a new version of the tool that supports iOS 8.2 or lower.
So you cannot restore to 6.x using SHSH blobs except on iPhone 4, iPhone 3GS, and iPod touch 4G (and iPad 2 to iOS 5.x if you have iOS 4.x and iOS 5.x SHS blobs).ĭespite the lack of support for new iOS versions, it is considered a good practice to take a backup of the SHSH blobs, so if someone discovers a way to hack the restore process in the future to again using the custom IPSW firmware file, then the SHSH blobs would come in handy. Tools like TinyUmbrella have allowed you to save the SHSH blobs, so you can use it to create (stitch) a pre-signed IPSW file, which could then be used to restore your device with an iOS version that Apple was no longer signing.Īpple has closed the loophole that allowed users to use the SHSH blobs in newer devices (iPhone 4S and later) and also in iOS 7 or later.
For example: If Apple allowed users to downgrade their device, they could downgrade back to iOS 8.1.2, which was the last iOS software update that could be jailbroken using the TaiG and PPJailbreak.Īpple stops signing the firmware files (by not providing SHSH blobs) for older iOS versions to prevent users from downgrading. Apple allows you to restore to the latest iOS versions only to prevent users from downgrading to an older iOS version, which would have made it easier to jailbreak the iOS device.