Page 1 of 2 12 LastLast
Results 1 to 20 of 33

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Downgrade iphone 3GS without shsh on file , from 4.0 to 3.1.3 by modify firmware

  1. #1
    Default Downgrade iphone 3GS without shsh on file , from 4.0 to 3.1.3 by modify firmware
    Downgrade iphone 3GS ios4 to 3.1.3 - modified firmware ?

    I am one of thousands of iphone 3gs users who looking for downgrading from ios4 to 3.1.3, but no luck cos the phone have no shsh of older versions beside 4.0 stored in cydia.

    BUT i just figured out a silly idea (may be that ). if it is possible:

    - when restoring a firmware, iTune will send iphone ECID and restore file (.ipsw) information to its apple server whether the file is latest build.
    =>SO, my idea is, can we modify the information of restore file (.ipsw) of 3.1.3 that it can fake the apple server that it is its latest build of 4.0 to get permission to restore? as we already know that restoration is working offline by iTune, but permission is accessed by apple server.

    In short: fake the firmware version information of older restore file rather than shsh on file, Possible?

  2. #2
    If you ask apple for a 4.0 SHSH, then that's what they give you (assuming they still sign that release). The SHSH hash they send you is keyed to an official 4.0 build. If you try to install any other modified image on the phone, the SHSH almost certainly won't match, and the install will be rejected.

    So, unless you can come up with a mod for the 3.1.3 image that happens to hash to your 4.0 SHSH, then you are SOL.

    So, short answer is no.

  3. The Following User Says Thank You to mateo_au For This Useful Post:

    tangbunna (07-16-2010)

  4. #3
    Quote Originally Posted by mateo_au View Post
    If you ask apple for a 4.0 SHSH, then that's what they give you (assuming they still sign that release). The SHSH hash they send you is keyed to an official 4.0 build. If you try to install any other modified image on the phone, the SHSH almost certainly won't match, and the install will be rejected.

    So, unless you can come up with a mod for the 3.1.3 image that happens to hash to your 4.0 SHSH, then you are SOL.

    So, short answer is no.
    so still wondering if the shsh hash is generated by apple, why still pwners/dev-team not finding ways to create a keygen for generating shsh ? normally information sent to apple by itune is ECID or UDID. if they can generate that, it would be better than scaring about update new firmware by mistake.

  5. #4
    Yeah, these pwners/dev-team can't be too bright -- they just run around scaring people about upgrading instead of getting off their butts and writing a simple shsh generator. How hard can it be?

    Well, you see, there's this thing called public key encryption. You generate a pair of keys, one key you keep private, the other key you can make public. The keys have a special property such that if a message is encrypted with one key, the message can be decrypted with the other key. However, even if you know the public key, it is very difficult to work out what the other (private) key is.

    I don't know the specific implementation details of what Apple has done concerning SHSH hashes, but in principle it would work something like this:

    Apple encrypts a message with its private key, saying something like: "I hereby authorise phone with ECID ABC to be allowed to install a release whose bytes add up to a checksum of ABC". This is your SHSH blob. The
    phone then takes the encrypted message, and decrypts it using the public key. If anything other than Apple's private key was used to construct the blob, then decrypting with Apple's public key will just result in garbage. However, if Apple's private key was used, then the decrypted message magically reads "I hearby authorise..." etc.. The phone can then compare the checksum inside the message with the checksum of the image you provide. If they don't match, then the code phone's ROM tells you to bugger off. If they match, sweet, the phone's ROM lets you upgrade.

    Now it won't happen precisely like that, but this is the basic sort of principle.

    Now Dev-Team could analyse the bootroms and extract the public key the phone is using to decrypt the SHSH message. However, even if you know the public key, it is very difficult to work out what the private key is, which is what the Dev-Team would need in order to make an SHSH generator. This difficulty is the "trapdoor" nature of public key encryption.

    So, hopefully this explains why Dev-Team is maybe not so dumb and lazy after all, and why they run around warning people off upgrading.
    Last edited by mateo_au; 07-16-2010 at 11:58 AM.

  6. The Following 2 Users Say Thank You to mateo_au For This Useful Post:

    dhamien (07-22-2010), Europa (07-18-2010)

  7. #5
    it is possible i did when when i put your phone in dfu mode, then put the official 3.1.3 onto it, it will go into a recovery loop, then use blakRa1n to brute force it out of the loop and u will be on 3.1.3 it takes a while to do but it works. message back your results

  8. #6
    @neng212: Are you sure you did this on an iPhone 3GS, and not a 2G or 3G device?

  9. #7
    Quote Originally Posted by neng212 View Post
    it is possible i did when when i put your phone in dfu mode, then put the official 3.1.3 onto it, it will go into a recovery loop, then use blakRa1n to brute force it out of the loop and u will be on 3.1.3 it takes a while to do but it works. message back your results
    Could you please provide a little more info for the rest of us in case this is true and not a joke.

    Thanks
    In the absence of light, darkness prevails

  10. #8
    i have done this and it does work just dont have a compatable sim so cant jailbreak again, why was i so dump and updated

  11. #9
    What's Jailbreak?
    Join Date
    Apr 2010
    Location
    Houston, Tx
    Posts
    11
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by neng212 View Post
    it is possible i did when when i put your phone in dfu mode, then put the official 3.1.3 onto it, it will go into a recovery loop, then use blakRa1n to brute force it out of the loop and u will be on 3.1.3 it takes a while to do but it works. message back your results
    please let me know also!

  12. #10
    @neng212 I am also looking to downgrade please give me the results is it possible?

    or atleast use my iphone as ipod touch, the thing is i should get past the emergency screen even if there is no cydia also fine.

  13. #11
    i dont think neng212 is doing it with 3gs.

    i have done that with 3G and it was working with successful downgrade and give 1015 ( success sign - just use irecovery to kick out from the loop that's all).
    but i hadn't check whether the phone has shsh 3.1.3 or not. cos at that time i was too happy to see it was back to 3.1.3 and gave it to my friend's co-worker.

    now we have to get shsh blobs for 4.0.1 soon 4.1 is out we have to get that again too

    but my wondering is == why we our dev-team or TheFirmwareUmbrella made brute tool + TinyUmbrella to save our blobs ready ? like making a ready made shsh blobs by sending ECID fromm 00000000000001 to 9999999999999. so all people will never missed their shsh blobs for latest version that is about to out-of-date any time.

    Or apple may black list their IP of people running brute tool ??
    Last edited by tangbunna; 07-18-2010 at 09:13 AM. Reason: Automerged Doublepost

  14. #12
    Quote Originally Posted by neng212 View Post
    it is possible i did when when i put your phone in dfu mode, then put the official 3.1.3 onto it, it will go into a recovery loop, then use blakRa1n to brute force it out of the loop and u will be on 3.1.3 it takes a while to do but it works. message back your results
    Can someone please try it !
    I can't coz i have my works on My 3GS

  15. #13
    Quote Originally Posted by nuieskater View Post
    Can someone please try it !
    I can't coz i have my works on My 3GS
    I have and this does work on my 3gs

  16. The Following User Says Thank You to jacko91 For This Useful Post:

    nuieskater (07-19-2010)

  17. #14
    Quote Originally Posted by jacko91 View Post
    I have and this does work on my 3gs

    how do you put 3.1.3 offical on when Apple will not allow restore build of 3.1.3 signing.

    no way to get around it. unless you are lying

  18. #15
    @neng212; I tried your method but with no success. I need a little bit of clarification. I am using a 3GS, iOS 4.0, BL 3.59.3.

    In order to downgrade my firmware:
    (1) Added to the CWindows\System32\drivers\etc\hosts 74.208.10.249 gs.apple.com . This was done in order to try to trick the verification process
    (2)I downloaded the FW 3.1.3
    (3)Booted my iphone into DFU
    (4)In iTunes, did a shift-restore in order to specify FW 3.1.3
    RESULT: "iphone could not be restored error 3194"

    I repeated the whole process again but this time I removed 74.208.10.249 gs.apple.com from the host file. I received the same error 3194

    Quote Originally Posted by neng212 View Post
    it is possible i did when when i put your phone in dfu mode, then put the official 3.1.3 onto it, it will go into a recovery loop, then use blakRa1n to brute force it out of the loop and u will be on 3.1.3 it takes a while to do but it works. message back your results

  19. #16
    Kingaddi I'm with u in this one......
    I did the exact same thing as u and get the same error-3194
    Can someone please clear this up for me?????

  20. #17
    Guys, he has is SHSHs saved on the server! That recovery loop he is talking about always happened with me when I downgrade iPhones. You can use many tools to kick it out of recovery, black rain isnt the only one.

    There really isn't a way to downgrade if you are on 4.0 and have the NEW bootrom. However, it is possible if you have the OLD bootrom. If you have the old bootrom, you can even have 4.0 jailbroken & unlocked! I've done this numerous times. I repair many iPhones in a week and by now I have become quite experienced at doing all this.

    If you are really desperate for 3.1.3, you could try going to the apple store and telling them that you have a problem with your iphone and if they approve to swap yours then you might be in luck. Majority of the ones they swap are old bootroms and can easily be dealt with. Also, the one they were swaping until last week (here in canada) were 3.1.3. I dont know about now.
    EVEN if they give you a 4.0 with a new bootrom, no problem, sell it on Kijiji or Craigslist. You should be able to sell for about 420 CDN for a 16gb 3gs. Then go buy an iphone 3gs with 3.1.3 from kijiji or craigslist AND SAVE THE SHSHs

    Or just wait until someone releases a 4.0 or 4.0.1 jail break! that is if it will ever come out

  21. #18
    Quote Originally Posted by ssyed View Post
    Guys, he has is SHSHs saved on the server! That recovery loop he is talking about always happened with me when I downgrade iPhones. You can use many tools to kick it out of recovery, black rain isnt the only one.

    There really isn't a way to downgrade if you are on 4.0 and have the NEW bootrom. However, it is possible if you have the OLD bootrom. If you have the old bootrom, you can even have 4.0 jailbroken & unlocked! I've done this numerous times. I repair many iPhones in a week and by now I have become quite experienced at doing all this.

    If you are really desperate for 3.1.3, you could try going to the apple store and telling them that you have a problem with your iphone and if they approve to swap yours then you might be in luck. Majority of the ones they swap are old bootroms and can easily be dealt with. Also, the one they were swaping until last week (here in canada) were 3.1.3. I dont know about now.
    EVEN if they give you a 4.0 with a new bootrom, no problem, sell it on Kijiji or Craigslist. You should be able to sell for about 420 CDN for a 16gb 3gs. Then go buy an iphone 3gs with 3.1.3 from kijiji or craigslist AND SAVE THE SHSHs

    Or just wait until someone releases a 4.0 or 4.0.1 jail break! that is if it will ever come out
    Can u help me??
    i got an iphone 3gs 4.0 old bootrom, i want to jailbreak it...

  22. #19
    @rhober

    have you saved your SHSH blobs file ?
    you must downgrade first down to 3.1.2

  23. #20
    @ssyed: if you go and buy a 3GS with 3.1.3 from kijiji or craigslist, you won't be able to save the SHSHs because Apple isn't issuing them anymore for 3.1.3 (remember, SHSH blobs don't exist anywhere on the phone, they are certificates supplied from the Apple server on request).

    If neng212 has SHSH blobs on file, then he is an idiot: the original poster was asking specifically about the case of downgrading a 3GS from 4.0->3.1.3 WITHOUT SHSH BLOBS ON FILE!!.
    Last edited by mateo_au; 07-21-2010 at 08:05 AM. Reason: Automerged Doublepost

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •