How-To Downgrade iPod Touch 3G on 3.1.3 firmware to 3.1.2

[MassModz Technology]

First off let me start off by saying hi, and that I am a well known hardware hacker/reverse engineer for cable modems, gaming consoles, dish hacking, and have coded some of the old firmwares used on the WiiKey, and written several hooks for online games such as COD, counter-strike, and other various hooks for online poker, etc etc. Some of you may have heard about me or have read on the news, for those of you who do not know me, you will like me for this.

If anyone plans on stealing my work for their own, or selling this content to make profit, I will take down the server and this method will not work anymore. Please make this fair for everyone, I don't care if you use this method to jailbreak your friends ipod touch or iphone but please do not rip me off, I worked hard on this.

The 3.1.3 firmware is bad, but since I came up with a solution, its really not all that bad anymore.... LOL@APPLE!! I did it ONLY FOR 3.1.2 and nothing earlier. This solution may work for the iPhone as well, but have not fully tested it, due to my lack of knowledge with baseband and bootroms for the phone. Since there are endless fools on YouTube claiming to have a fix for the 3.1.3 disaster, please make videos and give credit to me and GeoHot to draw more users to this awesome site.


Ok guys, here it is... So you let your iPod Touch/iPhone 3G/3GS update to 3.1.3 firmware and your feeling pretty damn unlucky. Thinking that your jailbreaking days are over. Well guess what, you are in luck, keep reading. Please bear in mind that this guide is only for the 3Gen Ipod Touch.

I called Apple support today to see if there was anything they could do to downgrade me, the initial support rep said sure, boy was I in for a surprise... So come to find out Apple does it on purpose (haha who would have thought) right? After being on hold etc, I then talked to a senior rep who told me that theres an encryption on the newer firmware (big mistake for sharing that with me ) This is how I came to learn that I would have to put some extra effort in to this.

Anyways, after hours of researching and tinkering around with hex editors and different iTunes SW versions, and encryption software, I had a revelation.. The iPod Touch 3G CAN BE DOWNGRADED TO 3.1.2!!! This is good news because jailbreaking just came back to life, follow my steps, as I have done for my iPod Touch 3G 64GB.

1. I believe you can use the newest version of iTunes but I am unsure, give it a shot - If you are using the newest version of iTunes (9.1 I think) uninstall it, and all registry values associated with it, also delete bonjour service, quicktunes, and whatever else bs software they install by default. Run a registry cleaner to ensure it is gone, go through program files and delete the old folder of iTunes. Restart PC.

2. Assuming that you have the iPod Touch 3GEN NOT 2GEN 3.1.2/7D11 firmware already on your PC, we can continue on to the next step. If not, you can figure out how to get it. NOTE: This is the exact name of the file you want: iPod3,1_3.1.2_7D11_Restore


3. Search for an available site for iTunes 9.0.0.70 or anything below 9.1, if you use an older iTunes firmware it will tell you that you need 9.0 or later.

4. Now that you have iTunes installed, and the firmware that you desire, we can proceed to an extremely crucial step to avoid being updated by Apple's evilness once and for all!

5. Open up iTunes, ensure that your iPod Touch is NOT CONNECTED! Go to the top bar, click edit, then go to preferences, make sure that Check for updates automatically is UNCHECKED!!

6. This next part is my own personal discovery which I will not expose here for obvious reasons, I will however explain what I learned through this process, Apple in all their glory decided that they would put an end to downgrading firmware in hopes to combat jailbreaking/unlocking, in doing so they force iTunes to check for the latest available update which currently is 3.1.3, so when a normal user tries to use the 3.1.2 file normally, they get a message saying that "iPod Touch could not be restored this device is not eligible for the requested build" So that got me worried, thinking, and quite pissed off that my jailbreaking days were done. So I then put my hacking skills to the test.

7. For PC users open up CWindows\System32\drivers\etc\hosts

8. Open the file in a text editor and add the following entry at the bottom of the file:

74.208.105.171 gs.apple.com

Here is what the file should look like:



Then save the file..

9. This ip address was created by myself to help others out since apple drove me to the edge with that message. It is completely safe to use, and I do NOT TRACK, but for precautions I recommend you use a proxy, if you are really that paranoid. Now to the next part.

10. Make sure you save all your music/movies/pics, etc using a separate program, I use Xilisoft iPod Rip, this will allow you to backup all your files to your computer.

11. Now that you have all your stuff saved to your desktop, we can continue to open up iTunes and leave 3.1.3 in the DUST!

12. With iTunes open, and your 3.1.2 file downloaded, attach your iPod Touch, click on your Devices tab and go to summary page for your device, where you will see Restore, DO NOT CLICK IT JUST YET! First, hold down the Shift Key on your keyboard, while holding the shift key, click Restore, you will see a box popup asking you to choose a file or firmware, choose the 3.1.2 file. It will go through its normal process, only this time, you will be allowed to because I SAID SO. Apple has failed yet again in their feat to take down jailbreaking.




Now that you have the desired firmware, we can now run blackra1n and install Cydia, Winterboard, etc.

NOTE: In Cydia, it will tell you at the top that "This device has SHSHs on file for iPhone OS: 3.1.2, 3.1.3 Which leads me to believe that this method will work for the iPhone 3GS as well.

I take full credit for this guide, I developed this method on my own with no help from anyone. Credit is given to GeoHot for blackra1n software, credit also given to Jay Freeman for similar methods here---> http://www.saurik.com/id/8.

I take and assume full responsibility for this post.

If you guys have any questions, or would like to donate for my efforts/work for creating a fake apple verification server, please email me [email protected]

Thank You and enjoy your jailbreak! Please be sure to give thanks where its due.

[mattau]

Wow. Just wow.

[cpjr]

Nice tutorial, but isnt this basically the same method that has been out for a while...just redirecting to another set of verification servers instead of Apples own? Saurik came up with this a while back.

[MassModz Technology]

I am not sure if there was a similar method out or not. As I was more focused on the programming side of the firmware and setting up an auth server.

If there was a similar method, why has it not been utilized in the guides/tutorials anywhere on the net, seems to me like people are deathly afraid of 3.1.3 now for no reason lol.

If he did develop a similar method I will surely give credit to him as well..

[cpjr]

Yeah, you can read about it here:

Bypassing iPhone Code Signatures - Jay Freeman (saurik)

[mattau]

74.208.105.171 is Saurik's server I think

[MassModz Technology]

I'll be damned cpjr, I will be sure to add that to the guide.

[rukqoa]

Did not work with iPod Touch 3G 3.1.3. Could be the fact that it came in the 3.1.3 firmware out of the box. Can anyone confirm that this works with older devices that came with 3.1.2 or older?

The auth server did not help. Pinging gs.apple.com did give me your IP, but I still get the "This device isn't eligible for the requested build" message.

[MassModz Technology]

Hmm, maybe you arent selecting the right firmware/same firmware that I am using, but I assure you it does work, try making certain that you are choosing the correct firmware.

[rukqoa]

Doesn't work. I used the iPod Touch 3G 3.1.2 firmware. 7D11. I even tried on a Mac and still doesn't work.

[confucious]

All this is, is a pure rip off of Saurik's work.
It doesn't work unless Saurik has your 3.12 SHSH stored on cydia.

[mattau]

Hey guys, I invented a media viewer and mobile computing platform. I've decided to call it the 'ipod'

[cris11368]

If someone could implement a way to completely bypass the verification that would work better.

[rukqoa]

Maybe if we could reverse engineer iTunes or modify incoming packets to tell iTunes what it wants to know. Or if it's possible to "restore" an iPod with a third-party software.

I don't have my iPod atm, but can someone try to wireshark what a valid response from gs.apple.com would be?

[confucious]

The response is an encrypted key based on your individual device - it is not crackable. This is the SHSH that Saurik grabs and stores when you click 'Make my life easier' in Cydia.

[ctn222]

Same here, did not work... followed instructions exactly on a clean PC.
This was with a new ipod touch 32GB purchased today w/ 3.1.3 firmware on it.

-itunes 9.0.0.70
-downloaded 3.1.2 ipod touch firmware
-I used tcpview to watch the connections and saw that it did go out to 74.208.105.171, but still came back with "The iPod "ipod" could not be restored. The device isn't eligible for the requested build.

[mattau]

You didn't save your SHSH's with Cydia, so you're out of luck.

[MassModz Technology]

But you see, I didn't save the SHSH either with my iPod, I believe people are downloading the wrong gen firmware thinking its the right one.

Make sure you download the iPod Touch 3Gen, NOT 2Gen! 3.1.2/7D11 firmware, if you get an error saying the firmware is not compatible, then that is your issue right there. SHSH has nothing to do with this method since I did it to mine and never saved my SHSH. If for whatever reason it doesn't work, then you are doing something wrong.

[Punisherrrrrr]

But you see, I didn't save the SHSH either with my iPod, I believe people are downloading the wrong gen firmware thinking its the right one.

Make sure you download the iPod Touch 3Gen, NOT 2Gen! 3.1.2/7D11 firmware, if you get an error saying the firmware is not compatible, then that is your issue right there. SHSH has nothing to do with this method since I did it to mine and never saved my SHSH. If for whatever reason it doesn't work, then you are doing something wrong.

But you've had 3.1.2 on your device at one time. Some people (like me) got an ipt that came with 3.1.3. That's probably why it won't work for alot of people.

[Kevintroy]

Doesn't work, i was on 3.1.2 and accidently updated to 3.1.3 and now cant get back, tried this method but i still get 'not eligible' error tried everything, guess ill just have to wait until 3.1.3 is jailbroken!