Apple To End SHSH Blobs Saving Ability Used To Downgrade iOS


by casey on June 27, 2011

Apple is putting more obstacles for jailbreakers.The company will end the SHSH blobs saving ability which will prevent you from downgrading your iOS to previous versions. iPhone Dev Team key member MuscleNerd has confirmed that Apple is looking to prevent you from restoring your firmware to previous version using saved SHSH blobs. Apparently this prevention will be implemented in iOS 5 Golden Master version followed by the final version.

musclenerd ios 5 shsh blobs

What are SHSH blobs and why saving them is important:

For the people who are not familiar, SHSH Blob is a signature verification file against Apple Server. It verifies that the iDevice is running the latest version of iOS. Saving SHSH blobs will allow you to restore to previous version. While doing so Apple will stop you doing the restore process. To make this happen you have send a request to different servers which forwards SHSH blobs to iTunes by just showing it that its a new version of iOS. This is how TinyUmbrella or iSHSHIT works to help you save SHSH blobs.

4.3.3 downgrade

Tools used to save SHSH blobs:

Remember that saving SHSH blobs is one of the most important things in jailbreaking. TinyUmbrella is a famous tool to save SHSH blobs. Although you can do the same thing with other tools like the Cydia itself or iSHSHit can also email it to you after saving SHSH hashes.


iPhone Dev Team’s post:

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used. The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number). This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket). geohot’s limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible for devices where limera1n applies. Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters’s the boot sequence on the device starting with the LLB.

Note: although there may still be ways to combat this, a beta period is really not the time or place to discuss them. We’re just letting you know what Apple has already done in their exisiting beta releases — they’ve stepped up their game!

Your opinion is important to us. Share your thoughts by commenting below.

UPDATE: Save SHSH Blobs iOS 5 or Downgrade to iOS 5 Not Possible Anymore

We cover all jailbreak and unlock news. Proof is our homepage Make sure you follow us.

Follow us on TWITTER or Like Facebook Page to stay connected to get daily Internet News.

We Write Very Rite

Previous post:

Next post: