Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
Thread: Redsn0w V. 0.9.15b questionis a discussion within the
redsn0wforums, a part of the
Jailbreak / Downgrading / Upgradingsection;
Hey guys How does Redsn0w identify the version of the IPSW you trying to use? I edited the .plist files in the IPSW and changed the name and it is...
03-14-2013, 08:43 AM #1Redsn0w V. 0.9.15b question
Hey guys How does Redsn0w identify the version of the IPSW you trying to use? I edited the .plist files in the IPSW and changed the name and it is still saying it is 4.8.2 when I changed everything I could find to 6.1.2. What am I missing? Thank you, WN
03-14-2013, 12:09 PM #2Issue solved!
OK, I found the issue, I forgot to edit the .plist manifest and the .plist restore files with the 10B146. I did a successful downgrade from 6.1.2 to 4.2.8 without any saved blobs.
03-18-2013, 12:41 PM #3
Just curious, why did you go back to 4.2.8???
03-18-2013, 12:46 PM #4
^agree, why? So many more features in the newer OS's
03-18-2013, 12:59 PM #5
Just editing a couple plist files isn't going to get you around the need for SHSH. If you did do what you claim you probably had SHSH on cydia without you realizing it. Cydia saves them automatically.
03-18-2013, 01:18 PM #6
Hey guys, I did it just to do it. I got thrown into a new position at work and I am diving in head first to learn all this stuff. I have learned so much just by doing (it also helps that I am able to experiment with iPhones that are not mine I started on my quest after a few iPhones at work had WiFi issues after certain updates and none of the blobs were saved. My company repairs and refurbishes iDevices and I come from a PC repair background and I got put into the role of lead tech/software guy about a month ago. Any victory right now is a big one
Last edited by Wicked Newbie; 03-18-2013 at 01:23 PM.
03-18-2013, 03:07 PM #7
The method you are describing is not something new. It is a method tried in the past by people and known to not work. If restoring to previous firmware were as easy as "tricking" iTunes into thinking it is the latest firmware then we would have no need for SHSH at all would we?
You also don't need to use tiny umbrella or redsnow to go back to 4.2.8. If you have ever at any point used tiny umbrella then your hosts file may have been changed to cydia's address instead of Apple's. That is one explanation into how this could have happened. The other is 4.2.8 is still being signed by Apple for whatever reason (4.1 is still signed for iPhone 3G/3GS).
Even if you were to "downgrade" to 4.2.8 by tricking iTunes into thinking you were using a 6.1.2 firmware you would get an error at the baseband part of the restore since they require their own set of SHSH and are randomly generated by Apple for each restore.
So basically what we have here is 2 real options if you received no baseband error:
1: You are mistaken and did not do what you said
2: Apple is still signing 4.2.8
One way I could check/confirm this is with your ecid.
03-18-2013, 05:18 PM #8
Well, here's what I'm thinking:
The baseband portion of the restore isn't as pertinent here, as the baseband can be set to not upgrade as part of a redsn0w or other custom ramdisk without causing any restore errors--or the baseband error can just be bypassed on the Verizon iPhone 4.
The limera1n exploit (what redsn0w and practically everything else uses as part of the jailbreaking process) will allow for any unsigned (or incorrectly signed, or mismatched) code to be written to the device at any level. Therefore, you could write a stock 4.2.8 IPSW to the device without the correct SHSH blobs inserted in the IMG3 files. However, past experiences taught us that such a device won't boot reliably or run stably, even with an untethered jailbreak.
Now here's where it gets interesting. Starting in iOS 6.x, Apple only signs the "important" or bootrom-facing portions of their IPSWs. In the normal bootchain, the only parts of the code that are SHSH signed are the LLB and the kernelcache. iBoot and all subsequent code (except the kernelcache) are verified through other means. Since iBoot and LLB are overwritten during the boot-up process, and the kernel cache and userspace are pwned by a jailbreak, it just might be possible... with an IPSW stitched together JUST SO and probably jailbroken, too.
I'd love to have a copy of the IPSW you used to do this, and a picture (or whatever is needed) of a root ssh session running the following commands:
# uname -a
# ps -awwx
# sha1sum /Applications/Mobile*/Mobile*
# sha1sum /System/Library/Caches/com.apple.kernelcaches/kernelcache
Since I don't have a N92 device, this may take some finagling to test, but sunshine is the best disinfectant--and dogfooding of new claims.
Last edited by Orby; 03-18-2013 at 05:21 PM.
03-18-2013, 05:24 PM #9
03-18-2013, 05:32 PM #10
03-19-2013, 07:59 AM #11Maybe, maybe not..
Good morning guys On the surface it appears I was successful in my endeavor, what do I need to check to see if it was truly done? The iPhone was at 6.1.2 with no saved blobs anywhere. I customized 4.2.8 so that when I fired up iTunes and did the shift key shuffle and chose the IPSW iTunes saw it as 6.1.2 and restored the iPhone. It has since been restored again to 6.1.2 and put back into stock to be sold. When I have time to do this again to another iPhone I will let you guys know. What do you need from me so we can cross reference what I am hoping to acheive here? I am almost 99% certain I have done what I set out to accomplish, but there is that nagging 1%.... I would love to have all of your input on this, knowledge is power and more is better