Page 1 of 3 123 LastLast
Results 1 to 20 of 44

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Iphone 3gS with ra1ny cert, 3.0 iBSS and iBEC Signed with my ECID

  1. #1
    Default Iphone 3gS with ra1ny cert, 3.0 iBSS and iBEC Signed with my ECID
    hi guys
    i got an iphone 3gs and i gone to 3.1 official in 10 september.

    is there a way to go back or to jb?

    i'm asking because i got the ra1ny cert, 3.0 iBSS and iBEC Signed with my ECID , i got it from ih8snow mail ....

    is there something i can do with these files in local?

    thanks

  2. #2
    AFAIK, if you don't have a 3.0 ECID hashed with Cydia already, there's no other method to downgrade at this moment.

  3. #3
    no, those files wont do anything. i'm in the same boat

    i didnt see the "make my life easier" **** in cydia otherwise i'd have had my 3.0 sigs on file. i'm in cydia a lot but missed it and there was no tweet or annoucement of it which im not happy about

  4. #4
    Theres got to be a way to make use of the iBEC/iBSS files somehow...

    When I open my 00.shsh file and look through it, it is essentially a list of every file that I have stored in the folders I saved from the iBEC/iBSS grabber:

    Per88E7.tmp\Firmware\all_flash\all_flash.n88ap.pro duction

    applelogo, batterycharging0, etc.

    The file seems to store something it calls 'Blob' which is evidently a Base64-encoded binary blob of the suffix of the respective file. (In other words, if I open my applelogo.###.img3 file, and I seek to the string 'DICE@' and copy from there to EOF, it almost exactly matches the blob which is Base64'd inside the SHSH file [Note: I am comparing my 3.1 SHSH file to my 3.0 files so I expect there to be a small difference, the files should differ])

    There is another very small Base64-encoded item which it terms a 'Partial Digest', which suggests it is a hash of the above blob. It is 28 bytes (224 bits) in length. I haven't been able to work out the hashing algorithm being used (maybe SHA-224?) or if it requires some kind of salt or something.

    Does anyone have any insight as to any other details about these files? At first glance it seems like it should be possible to construct a SHSH file from these files and some kind of hashing algorithm.

    (Note: I am only attempting this because the Dev-Team previously stated that the iBEC/iBSS files in question are already signed with your ECID, and so I am *crosses fingers* hoping that the steps to reconstruct a SHSH file from these is trivial, at least in terms of cryptography. [In other words, there is no missing information, it just needs to be transformed from one form to another])

  5. The Following User Says Thank You to TheHeadFL For This Useful Post:

    MegaGoo (2009-10-05)

  6. #5
    Sry to say but I dun think there's another way ard it. Just wait and see if 3.1 JB will be out.

  7. #6
    fine :-(
    thanks to all the answers....

  8. #7
    yes it's been said that these files are useful, except there is no tool to implement them yet. it'd be a pretty great thing if there was such a tool

    Quote Originally Posted by TheHeadFL View Post
    Theres got to be a way to make use of the iBEC/iBSS files somehow...

    When I open my 00.shsh file and look through it, it is essentially a list of every file that I have stored in the folders I saved from the iBEC/iBSS grabber:

    Per88E7.tmpFirmwareall_flashall_flash.n88ap.produc tion

    applelogo, batterycharging0, etc.

    The file seems to store something it calls 'Blob' which is evidently a Base64-encoded binary blob of the suffix of the respective file. (In other words, if I open my applelogo.###.img3 file, and I seek to the string 'DICE@' and copy from there to EOF, it almost exactly matches the blob which is Base64'd inside the SHSH file [Note: I am comparing my 3.1 SHSH file to my 3.0 files so I expect there to be a small difference, the files should differ])

    There is another very small Base64-encoded item which it terms a 'Partial Digest', which suggests it is a hash of the above blob. It is 28 bytes (224 bits) in length. I haven't been able to work out the hashing algorithm being used (maybe SHA-224?) or if it requires some kind of salt or something.

    Does anyone have any insight as to any other details about these files? At first glance it seems like it should be possible to construct a SHSH file from these files and some kind of hashing algorithm.

    (Note: I am only attempting this because the Dev-Team previously stated that the iBEC/iBSS files in question are already signed with your ECID, and so I am *crosses fingers* hoping that the steps to reconstruct a SHSH file from these is trivial, at least in terms of cryptography. [In other words, there is no missing information, it just needs to be transformed from one form to another])

  9. #8
    The point of my investigation is to try and write such a tool, if it is possible. I've made some progress:

    [ame]http://forums.macrumors.com/showthread.php?t=797530[/ame]

  10. #9
    keep up the good work... really....

  11. #10
    i'd be happy to help test. i have my itunes tmp folders from 3.0 install (ibss/ibec/lots of other files you mentioned), 3.0 purpleranyday file, and my 3.1 shsh

    trying to get a 3.0 shsh so that i can downgrade to 3.0 from my apple 3.1 firmware

  12. #11
    Quote Originally Posted by TheHeadFL View Post
    Theres got to be a way to make use of the iBEC/iBSS files somehow...

    When I open my 00.shsh file and look through it, it is essentially a list of every file that I have stored in the folders I saved from the iBEC/iBSS grabber:

    Per88E7.tmpFirmwareall_flashall_flash.n88ap.produc tion

    applelogo, batterycharging0, etc.

    The file seems to store something it calls 'Blob' which is evidently a Base64-encoded binary blob of the suffix of the respective file. (In other words, if I open my applelogo.###.img3 file, and I seek to the string 'DICE@' and copy from there to EOF, it almost exactly matches the blob which is Base64'd inside the SHSH file [Note: I am comparing my 3.1 SHSH file to my 3.0 files so I expect there to be a small difference, the files should differ])

    There is another very small Base64-encoded item which it terms a 'Partial Digest', which suggests it is a hash of the above blob. It is 28 bytes (224 bits) in length. I haven't been able to work out the hashing algorithm being used (maybe SHA-224?) or if it requires some kind of salt or something.

    Does anyone have any insight as to any other details about these files? At first glance it seems like it should be possible to construct a SHSH file from these files and some kind of hashing algorithm.

    (Note: I am only attempting this because the Dev-Team previously stated that the iBEC/iBSS files in question are already signed with your ECID, and so I am *crosses fingers* hoping that the steps to reconstruct a SHSH file from these is trivial, at least in terms of cryptography. [In other words, there is no missing information, it just needs to be transformed from one form to another])
    Hey, I read your thread on that other forum. I'm not gonna register over there, so I am responding to that thread here. If you need the partial digests for everything, just go into the ipsw and open BuildManifest.plist

  13. #12
    Quote Originally Posted by L00i3 View Post
    Hey, I read your thread on that other forum. I'm not gonna register over there, so I am responding to that thread here. If you need the partial digests for everything, just go into the ipsw and open BuildManifest.plist
    Thank you very much!

    Alright, lots of progress. Here is a repost from the other forum:

    OK, I have most of the code written and I think this is going to work.

    I've gotten all the Partial Digests from the Build Manifest, I've processed all that stuff and grabbed the certificate portion of each file specified by the manifest and Base64'd it.

    The only piece I am missing now is some confusion as to which file I want for the "RestoreRamDisk" key.... The SHSH files only contain one of them, but there are actually 2 referred to in the Build Manifest. I'm not sure how to tell which one to grab...

    I can tell for 3.1 because I have a 3.1 SHSH file, but I can't tell for 3.0 because I don't have a 3.0 SHSH.

    Therefore, Can someone please look at their 3.0 SHSH and tell me which file is referred to under the "RestoreRamDisk" key?

    For example, in 3.1, there is both:

    018-5349-086.dmg
    018-5352-086.dmg

    However, the SHSH file only contains:

    018-5352-086.dmg

    It could be something as stupid/simple as taking the higher numbered one or something, but I have no way to know and I just want confirmation...
    Last edited by TheHeadFL; 2009-10-04 at 09:18 PM. Reason: Automerged Doublepost

  14. #13
    I never noticed the 2 different paths for "RestoreRamDisk" inside BuildManifest.plist (maybe that's why it didn't end up working for me to incorporate the signatures into the .plist since I copied the signature to both places, and one was a different path)

    But here is what it says inside my 00.shsh for 3.0

    Code:
    <key>Path</key>
    		<string>018-5306-002.dmg</string>
    Last edited by L00i3; 2009-10-04 at 09:33 PM.

  15. The Following User Says Thank You to L00i3 For This Useful Post:

    TheHeadFL (2009-10-04)

  16. #14
    thehead i'm following you, and i'll test as soon as you finish

    thanks again for your work.

  17. #15
    Quote Originally Posted by L00i3 View Post
    I never noticed the 2 different paths for "RestoreRamDisk" inside BuildManifest.plist (maybe that's why it didn't end up working for me to incorporate the signatures into the .plist since I copied the signature to both places, and one was a different path)

    But here is what it says inside my 00.shsh for 3.0

    Code:
    <key>Path</key>
    		<string>018-5306-002.dmg</string>
    Appreciate the help.

    So you've tried this procedure before?

    Hmm... well, hopefully that was the difference. I should have a tool to test sometime later today.

  18. The Following User Says Thank You to TheHeadFL For This Useful Post:

    faremoney (2009-10-04)

  19. #16
    All I was trying to do was find a true OFFLINE restore method using the 3.0 signatures I already had cuz I couldn't do anything with iTunes without an internet connection, even with TinyTSS running and my hosts pointing iTunes to 127.0.0.1 instead of gs.apple.com

    So i thought, maybe if I figure out a way to incorporate the signatures into the ipsw, maybe iTunes wouldn't phone home. Kinda seemed to avoid the phoning home, but I kept getting "internal error" messages during the actual restore. So I gave up for now. I know nothing about what I was doing, just had an idea, and was willing to tinker with my phone.

  20. #17
    Alright, I finished writing the tool. It seems to generate a valid 00.SHSH file from my TMP folders...

    Since my 3GS is running fine, I'm not going to test a restore yet. (I dont want to screw it up)

    The file works with TinyTSS (although it really just does minimal checks) and I'm going to do a little bit more fooling around with it.

    If you want to try this, it is up to you, but I make *no guarantees* that this is going to work for you. I would only try this if you are on 3.1 already and want to go back to 3.0 and are not on-file with Cydia. (Because at that point it doesn't hurt to try)

    A few notes:

    - All this does is generate '00.SHSH'. This isn't going to magically fix any other problems.

    - This still relies on you using TinyTSS. Use TinyTSS with the file just as if you had gotten it from Umbrella.

    - If you are downgrading from 3.1, it is still going to throw the errors that it always does. (Please see the thread on downgrading, it is a pretty involved process)

    - Most importantly, you need to have ALL of the files in the Per####.tmp folders. If you don't have all of them, this won't work for you.

    If you want to try this, PM me and I will send you the source and/or a cmdline executable you can use.


    EDIT: Updated, see below.

    Alright, take back what I just said.

    I'm still having some problems with TinyTSS.

    I am trying to make Umbrella fetch an 00.SHSH from TinyTSS and its throwing me an error no matter what...

    Not just with files I generate, but also with 3.1 SHSH files I obtained from Apple and/or Saurik. Umbrella only generates 39KB when reading from TinyTSS, but the normal 64KB is fetched reading from Apple and/or Saurik.

    The error is this:

    Code:
    Oct 4, 2009 7:00:49 PM com.semaphore.TinyTSS run
    INFO: ***Request***
    java.lang.NullPointerException
            at com.semaphore.TinyTSS.parseRequest(TinyTSS.java:336)
            at com.semaphore.TinyTSS.run(TinyTSS.java:315)
    Oct 4, 2009 7:00:49 PM com.semaphore.TinyTSS run
    INFO: Successfully wrote blob response
    Anyone have any ideas? I'm not a Java guy so I'm not exactly sure what is going on here... all I can come up with is that the TinyTSS server is very very very dependent on the order in which iTunes asks for the various items, and Umbrella does not ask for them in that order...
    Last edited by TheHeadFL; 2009-10-05 at 01:07 AM. Reason: Automerged Doublepost

  21. #18
    Once you are using TinyTSS, umbrella should be totally out of the picture. If I am understanding right, you are running TinyTSS as the server that umbrella is querying for the SHSH blob? I'm not sure if the programs were designed to work in that order. TinyTSS is just supposed to masquerade as gs.apple.com in order to fool iTunes into thinking it is getting valid signatures from apple. It does that by serving iTunes the SHSH blob generated by umbrella (or generated by saurik, and downloaded by umbrella). If you are able to generate valid SHSH files for 3.0 with your tool, you should just be serving it with TinyTSS.

  22. #19
    Quote Originally Posted by L00i3 View Post
    Once you are using TinyTSS, umbrella should be totally out of the picture. If I am understanding right, you are running TinyTSS as the server that umbrella is querying for the SHSH blob? I'm not sure if the programs were designed to work in that order. TinyTSS is just supposed to masquerade as gs.apple.com in order to fool iTunes into thinking it is getting valid signatures from apple. It does that by serving iTunes the SHSH blob generated by umbrella (or generated by saurik, and downloaded by umbrella). If you are able to generate valid SHSH files for 3.0 with your tool, you should just be serving it with TinyTSS.
    Well, I know they aren't designed to work that way, but since the TinyTSS server is supposed to produce the same output as Apple's/Saurik's server, it stood to reason that I would be able to close the loop for testing purposes.

    That doesn't seem to be the case though. I've looked at the data with Wireshark and the request comes through correctly, I just think there is a problem where if the request is not formed precisely, it crashes.

  23. #20
    So is there any way I could help out to see if what you have come up with will work for a restore? I don't have ANY of those files from the .tmp folder tho. But Like I said earlier, I am willing to tinker with my phone a little bit since I know I can always get back to 3.0

    If there is anyway I could try and generate an SHSH with what you have come up with, I would be willing to try.

Page 1 of 3 123 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •