• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • [HOW TO] Downgrade a 3G[S] From 3.1 and Jailbreak


    Jay Freeman (saurik) has been a busy man lately. for the past two years. for a while now. His latest project to come our way was just released less than an hour ago - a way to finally downgrade your iPhone 3G[S] from 3.1 (with a few "well, if"s in there) to something currently jailbreakable (like 3.0.1).

    saurik's got some crap to toss on Apple's wall, too, with this one. The guide article features not only an informative look into the methods of jailbreaking, and a history of Apple's push for individuality (and of course the instructions on how to downgrade your iPhone 3G[S}) - it goes so far as to offer up some tasty tidbits like "Congratualations, you just overthrew your orwellian overlord, and have taken back control of your device," and "Apple, as a company, has turned into a corporate hypocracy, embodying the very ideals that it claims to be rebelling against."

    It's a great read with some solid points - if you're at all interested in this stuff, you should read the whole thing.

    The gist of the situation is this - people can't downgrade their 3G[S]s from 3.1 (until now with this new method) because Apple has implemented a new security method. When you restore an iPhone 3G[S] in iTunes from 3.1, iTunes will show
    "Verifying restore with Apple...", during which time a challenge/response protocol is used between the iPhone and Apple: a "partial digest" of the firmware files being used is sent to a server, which can then decide to sign off on the result... or not.
    Saurik's solution was to build his own activation server which is checked instead of Apple's - verifying the [perfectly fine] firmware where iTunes wouldn't.

    A big, gaping stopping point, at the moment, is if you didn't press the "yes i like jailbreaking" or wtvr that link said in Cydia for the few days it was there (over 50,000 3G[S] users did), you don't have an ECID SHSH "on file" with Cydia's servers - meaning you can't downgrade. This will only work if you pressed that link in Cydia while it was there (before 3.1 came out). Read saurik's article for full reasoning behind it.

    An exploit is [supposedly] available for 3.1 though, so you will be able to jailbreak 3.1 anyway soon. However, this doesn't mean you don't need your ECID SHSH "on file" with Cydia - you still should (when the jailbreak comes up for 3.1 you'll be able to get it on file again). Because as of 3.1, you can NEVER downgrade without this method (yet) unless Apple specifically signs the firmware. Meaning - they decide what firmware you can use and can't use.

    The instructions in saurik's guide, while straight-forward, are a bit more complicated than "plug in, press the Easy button" - so be warned, it's a fun throwback to the earlier days of iPhone modding, when you had to actually DO something.

    Read the full guide and article here, and ask questions in the iPhone 3G[S] Downgrade forum.
    This article was originally published in forum thread: [HOW TO] Downgrade a 3G[S] From 3.1 and Jailbreak started by Kyle Matthews View original post
    Comments 103 Comments
    1. Cowboy's Avatar
      Cowboy -
      Yes finally
    1. criz3r's Avatar
      criz3r -
      I just got my 3Gs today, thank god it wasn't 3.1, but I don't have ECID SHSH.
    1. StealthBravo's Avatar
      StealthBravo -
      Nice
    1. sickchris714's Avatar
      sickchris714 -
      wooo this is the best news today
    1. NArush's Avatar
      NArush -
      Excellent article!
    1. exNavy's Avatar
      exNavy -
      Hopefully, for those of us who missed the boat with the Cydia ECID thing, Saurik will give us all more heads up notice about this the next time.

      Hopefully news sites will pick up on this and also push this as very important to do.

      I don't know about the rest of you, but I launch Cydia maybe once a week. News sites, on the other hand, I read every day.

      As others have stated, if you selected no on the Cydia ECID thing when it was availalbe the page went away and there was no apparent way to reload the option and select yes a second time. Hopefully this is made much more obvious as well.
    1. Chefanim's Avatar
      Chefanim -
      Saurik is a genius and we all owe so much to him. I've made my donation to him and hope others do as well.
    1. Kyle Matthews's Avatar
      Kyle Matthews -
      exNavy - the issue was a time crunch this time around. Jay was still ironing out some bugs, and Apple [slightly] unexpectedly closed the door on the process when 3.1 hit. Once 3.1 is jailbroken, it won't happen again.
    1. kissdaring's Avatar
      kissdaring -
      i have a question hope you all can help me out

      i have a 3gs on 3.0.1 not 3.1 that is unlocked and jailbroken.

      i want to do a restore, back to 3.0.1 i have the firmware 3.0 and 3.0.1 stored in my hard drive is this possible for me or not. the reason why i ask is because alot of ppl seem to talk about it not being possible?

      im still on itunes 8.2 is that helps.
      and have my Ecid files on cydia

      thank you
      Kissdaring.
    1. GmAz's Avatar
      GmAz -
      I got my purplerain file. Is this the same thing? I'm on 3.0.1 still. I'm smart enough to not upgrade when it comes out. But since I don't check cydia every day, I missed this ECIS SHSH thing will my purplerain file work?
    1. blkcadi's Avatar
      blkcadi -
      Awesome, this is what many have been waiting for. Props to saurik and others who have helped.
    1. Melech518's Avatar
      Melech518 -
      I am assuming this method will work for us on 3.0.1 or 3.0 who simply need to restore
    1. Raptors's Avatar
      Raptors -
      Wohho!! :d:d
    1. A Retired Mod's Avatar
      A Retired Mod -
      Quote Originally Posted by GmAz View Post
      I got my purplerain file. Is this the same thing? I'm on 3.0.1 still. I'm smart enough to not upgrade when it comes out. But since I don't check cydia every day, I missed this ECIS SHSH thing will my purplerain file work?
      Read here...
      For a Purple Ra1ny Day
      Apple's 3G[S] security mechanism, however, fails this test. Rather than even using a simple random number, they use a hardcoded challenge per device. The specific number they have chosen is the device's ECID, or "unique-chip-id", a number that all devices have so far had, although we haven't seen any previous use for it.
      This means that, given an ECID, one can ask Apple's signature server to sign any firmware that they currently consider "OK" (which returns a blob that includes the critical SHSH, which is the signature hash) and then store the result forever.
      In practice, there is only one critical file that we need signed: the one with the bug. ;P This is the iBSS, which is one of the modes of iBoot. Given that ECID/iBSS signature, one can load the buggy code and then continue with the jailbreak.
      This is, in fact, what purplera1n.com was doing: it returned to you a file that contained just the signature hash for the iBSS file, as that is "sufficient". Eventually someone may write a tool to use this file.
    1. JedixJarf's Avatar
      JedixJarf -
      Ahh, the early days....mostly all cli
    1. slorg's Avatar
      slorg -
      Here, everything ok. 3.0 and jailbroken again.
      Thanks Saurik.
    1. keysloser's Avatar
      keysloser -
      Excellent work by Saurik!

      I couldn't agree more with his article on Apple, since I go way back with Apple computers.

      People who got to know Apple through iPhone/iPod should know there used to be a "think different" ideology behind the apple logo.

      Now the company (with 1,21 billion $ profit in the first three months of 2009) has become the "true enemy", the Big Brother it was set up to fight against.

      Again great job @Saurik!
    1. davenb2's Avatar
      davenb2 -
      Quote Originally Posted by exNavy View Post
      Hopefully, for those of us who missed the boat with the Cydia ECID thing, Saurik will give us all more heads up notice about this the next time.

      Hopefully news sites will pick up on this and also push this as very important to do.

      I don't know about the rest of you, but I launch Cydia maybe once a week. News sites, on the other hand, I read every day.

      As others have stated, if you selected no on the Cydia ECID thing when it was availalbe the page went away and there was no apparent way to reload the option and select yes a second time. Hopefully this is made much more obvious as well.
      Not to be rude but it was at the top of the page and never went away...Just bad luck
    1. linuxnoob's Avatar
      linuxnoob -
      amazing work that jay is doing, in conjunction with the dev team, geohot, etc...these guys are undoing what (i assume) the best corporate programmers are putting in to prevent unlocking (i have to believe that is the motivation, more than jailbreaking)...and they are doing it in a matter of hours or at most days.

      worthy of your support and contributions, those of you that can. im personally amazed that he got 50K ECID on file. Thats in like 7 days worth of time?
    1. Knique's Avatar
      Knique -
      No go for me. I did not back anything up to Cydia's server. I'm stuck until the 3.1 jailbreak is released.