Save SHSH Blobs iOS 5 Or Downgrade To iOS 5 Not Possible Anymore


by casey on October 13, 2011

After the arrival of new firmware, we normally post an article telling our users to save SHSH blobs but this time we have a different situation. Saving SHSH blobs of iOS 5 is not possible for now that means when a new firmware will arrive, say iOS 5.1, you will not be able to downgrade from iOS 5.1 to iOS 5 public version.

Back in June, we told you that Apple is about to end SHSH blobs saving ability to downgrade iOS 5 firmware and today is the day its confirmed.

Apple has changed the APTickets role on your iOS device that means restring your iPhone, iPad or iPod Touch to lower firmware is not possible anymore.

ios 5 shsh blobs

iPhone Dev Team has confirmed this news. This is what MuscleNerd has tweeted:

save shsh blobs ios 5

Most famous of these tools used to save SHSH blobs is TinyUmbrella by Notcom. This is what the developer of Tiny Umbrella says:

tiny umbrella ios 5

What are SHSH blobs and why saving them is important:

For the people who are not familiar, SHSH Blob is a signature verification file against Apple Server. It verifies that the iDevice is running the latest version of iOS. Saving SHSH blobs will allow you to restore to previous version. While doing so Apple will stop you doing the restore process. To make this happen you have send a request to different servers which forwards SHSH blobs to iTunes by just showing it that its a new version of iOS. This is how TinyUmbrella or iSHSHIT works to help you save SHSH blobs.

iPhone Dev Team note:

It looks like Apple is about to aggressively combat the “replay attacks” that have until now allowed users to use iTunes to restore to previous firmware versions using saved SHSH blobs.

Those of you who have been jailbreaking for a while have probably heard us periodically warn you to “save your blobs” for each firmware using either Cydia or TinyUmbrella (or even the “copy from /tmp during restore” method for advanced users).  Saving your blobs for a given firmware on your specific device allows you to restore *that* device to *that* firmware even after Apple has stopped signing it.  That’s all about to change.

Starting with the iOS5 beta, the role of the “APTicket” is changing — it’s being used much like the “BBTicket” has always been used.  The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version…it changes every time you restore, based partly on a random number).  This APTicket authentication will happen at every boot, not just at restore time.  Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless.

This will only affect restores starting at iOS5 and onward, and Apple will be able to flip that switch off and on at will (by opening or closing the APTicket signing window for that firmware, like they do for the BBTicket).  geohot’s limera1n exploit occurs before any of this new checking is done, so tethered jailbreaks will still always be possible for devices where limera1n applies.  Also, restoring to pre-5.0 firmwares with saved blobs will still be possible (but you’ll soon start to need to use older iTunes versions for that). Note that iTunes ultimately is *not* the component that matters’s the boot sequence on the device starting with the LLB.

Although it’s always been just “a matter of time” before Apple started doing this (they’ve always done this with the BBTicket), it’s still a significant move on Apple’s part (and it also dovetails with certain technical requirements of their upcoming OTA “delta” updates). via iPhone Dev Team

Your opinion is important to us. Share your thoughts by commenting below.

We cover all jailbreak and unlock news. Proof is our homepage Make sure you follow us.

Follow us on TWITTER or Like Facebook Page to stay connected to get daily Internet News.

We Write Very Rite

Previous post:

Next post: