Jase Winter
Distinguished Member
****** IMPORTANT UPDATE BELOW REGARDING 4S/IPAD 2/3*******
Providing you have SHSH blobs saved you can now downgrade iPhone 4S, iPad 2 and the new iPad (3rd gen) using the latest version of Redsn0w available here.
The process for downgrading these devices is different to the methods described in the guide below as a different hack is used, the dev team also state that apple is aware of this method and it could be patched at some point as it's not the same kind of exploit that made downgrading possible on the older devices. For this reason and also that these are the devices most people are using now i'll put the guide for 4S/iPad2/3 here at the top.
For all other devices, a brief explanation of what SHSH blobs are and for how to save SHSH blobs for all devices including the newer ones skip ahead.
***********************
**********Downgrade iPhone 4S, iPad2 and iPad 3rd gen with Redsn0w**********
For now until I have more time to experiment i'm just going to link to the iClarified tutorial. Hopefully when I get more time I can make my own guide here but for now check out the tutorial here for mac and here for windows. The guide states iPhone 4S but the process is the same for iPad.
*****************************
I see the question pop up over and over again on here, what are shsh blobs and why do I need them? So, I thought i'd put together a guide that people can point newbies too and save everyone having to explain it over and over.
What are SHSH blobs?
I don't pretend to know exactly what they are but I can at least describe the idea behind them.
When the iPhone 3GS was introduced, Apple also introduced a new security procedure, presumably to help in their fight against jailbreaking. The system they put in place was one that requires a firmware to be 'signed' by apples servers. This means that they can control which firmwares they will support and effectively force an end user to upgrade to the latest version should they be trying to restore their iPhone for whatever reason. They force you onto the latest by no longer signing the older version which, should you try with an older version, will simply fail and throw up errors at you. SHSH blobs are unique to your iPhone and are the files used in the signing process.
The above is why you will find people asking have you backed up your SHSH blobs, should you be enquiring about downgrading/restoring to an older firmware.
How do you back up SHSH blobs?
Their are several user friendly ways to back up your SHSH blobs:
SHSH Backup Method 1:
You can use Jay Freeman's (otherwise known as Saurik, the creator of Cydia) SHSH server. This is done on an already jailbroken device, the first time you open cydia it will prompt you to 'make my life easier'. Agree to this and the SHSH blobs for whatever firmware version you are running will be saved to sauriks server. From then on Cydia will back up every SHSH blob for every new version of the firmware.
Eventually you will see the text at the top of the cydia homepage informing you of which firmware versions are backed up, be patient though as this can take several days, it will usually say 'this device has a pending TSS request' until it's been saved:
SHSH Backup Method 2:
Use firmware umbrella! Created by the hacker 'notcom' firmware umbrella allows you to back up your SHSH blobs both locally and on sauriks server. The beauty of firmware umbrella is that you don't need to be jailbroken to use it, it also gives you a copy of your SHSH blobs locally. The program can also creat a TSS server for use when restoring (more on this later). Simply launch the app, connect your device and click the save shsh button.
The latest version of Tiny Umbrella is available at the developers website here
SHSH Backup Method 3:
Use iSHSHit - I'm going to link to another blog for this as I have no personal experience of using it, the article explains how to use the jailbreak app to backup and even email yourself all of your SHSH blobs, what it doesn't tell you is how you then go about using those files to do a restore. Anyway, here's the link and thanks to Strawbs for pointing this new method out.
Use iSHSHit to Easily Backup Your SHSH Blobs Directly on Your iPhone
Now you have them backed up, what next?
Well, now you can rest assured you can always downgrade to any of the firmwares you have backed up. In theory as long as you are careful not to update your firmware to a non jailbreakable one you should never really have to use them, when they come in to their own is when one of the following happens:
1. You accidently update to a non jailbroken firmware.
2. You want to try out a new firmware but would like the option to go back.
3. You want to restore the phone because you are having problems but still want to be able to jailbreak.
4. You want to sell your phone, remove all your data but retain the ability to jailbreak for the buyer.
(there's probably more but these are the obvious ones)
So how do you use them?
To restore to a firmware no longer being signed by apple, you will need to use one of the following methods:
Firmware Restore Method 1:
You are best grabbing firmware umbrella as you will need it later but here are the steps if you used cydia to back up:
You need to locate and edit your host file, browse to the directory C:/windows/system32/drivers/etc (windows) private/etc/hosts (OS X) you should see the 'hosts' file there, you will need to open this in notepad/TextEdit (you may need to run as administrator in windows or change the folder read/write permissions in OS X) and add the following to the very bottom of the file:
74.208.10.249 gs.apple.com
Save the file back where you found it and open up iTunes.
This process redirects the request for the SHSH blobs to sauriks servers!
Now you will need the firmware file for the version you want to restore to, these can be found on the iClarified website here as well as many other places on the net.
Some other guides i've skimmed through suggest putting your phone into DFU mode, I however successfully downgraded my mates iPhone 4 from 4.0.2 to 4.0.1 without putting the phone into DFU mode so the choice is up to you. To put your phone in DFU mode connect to iTunes then press and hold both the home and sleep/wake buttons at the same time, after ten seconds release the sleep/wake button and continue to hold the home button until iTunes prompts you to tell you it has detected a phone in recovery mode.
In iTunes with your phone connected, select the iPhone in the left column which should display the main settings page and give you the option to update or restore, while holding down the option button (OS X) or shift button (Windows) on your keyboard hit restore and a window will pop up, navigate to the firmware file you require and press ok.
The iPhone will now restore, it may give you errors allong the way and it will almost certainly end with a message in iTunes telling you the iPhone could not be restored. At this point, don't panic! Simply open up tiny umbrella, let it detect your phone then click the 'kick device out of recovery' button.
Thats it you are done!
Firmware Restore Method 2:
The second method is to use tiny umbrella as the TSS server, for this I believe you need to have your SHSH's saved locally although I could be wrong.
Make sure iTunes in closed down, run firmware umbrella and click the 'start TSS server' button. Now open up iTunes and follow the process of restoring the iPhone as described above. Thats it done!
Tinyumbrella FAQ from the developers website can be found here
This was just a quick guide I put together myself, hopefully with more input it can be improved. Hope this helps some of the noobs out there!
Other things to consider:
If you are trying to upgrade from a 4.x firmware to 5.0.1 without SHSH blobs for 5.0.1 you WILL NOT BE ABLE TO UPGRADE once the very short shsh signing window has closed for 5.0.1, you will go straight to 5.1 and bang out of luck for an untethered jailbreak (4S and iPad 2 have no Jailbreak for 5.1 at all!) until the 5.1 firmware has an untethered jailbreak.
If you rely on your backups you may find them unusable after downgrading. I'm not sure if this is a new thing or limited to newer devices but I was unable to use a backup after returning to a stock firmware from using both the 5.0.1 and 5.1 developer betas on my iPhone 4S. For me thats never usually a major issue, at the most I lose is game saves and texts as I use iCloud for contacts, copy off any photo's before I do anything like this and generally have a set up that allows me to get back to how I was pretty quickly but for others this could be a major problem if they have no other way of recovering the vital information.
The methods above are not 100% consistent or reliable. The guide shows you how it should all work but trust me, over the years i've had hours of painful experiences trying to restore iPhones to firmwares that apple really don't want us to use anymore with no luck. I do everything right but somewhere along the process it just doesn't work. On the other hand of course I've had times where it's worked perfectly first time. I don't think this stuff is for beginners so be prepared for some frustration!
If something goes wrong, which at some point it will, it happens to us all, don't panic! 9 times out of 10 an iPhone can be restored at least to a working condition, even if that means it's on the latest non jailbreakable firmware. In the case that it can't be, as long as you are in warranty you will most likely be able to get the phone replaced by apple, if a phone is stuck in recovery mode or is just completely dead apple genius's have no way of knowing if it was previously jailbroken, so just play dumb and they will sort you out!
Last edited: