Page 5 of 6 FirstFirst ... 3456 LastLast
Results 81 to 100 of 108

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: [Howto] Create a 00.SHSH from your signed iBEC/iBSS files/folders

  1. #81
    Quote Originally Posted by AbrasBR View Post
    What he said is that it may be possible to generate the signature for 3.0 with IBBS and IBEC, required to restore your 3GS. Restore, downgrade, update, they are all the same. If you can restore to 3.0 being on 3.0, then you can downgrade to 3.0 being on 3.1. You only need the signature required, the SHSH blobs, that you manage to generate from all those files.

    Abras
    Look, I'm not going to debate this because it is a simple matter of fact. I can't stop you from continuing to believe that what you are proposing is possible.

    All I am telling you is that I have a fairly complete understanding of the code signing process (as evidenced by the fact that I was able to implement this tool and that it works) and based on how this process works, what you are hoping to achieve is not realistically possible.

    However, I urge to you to create an SHSH with just your iBSS and iBEC files and 'fake' hashes for the rest to prove to yourself what will happen. (It won't work, this has already been tried)

    As I've said before, the only avenue is creating a custom firmware with valid signed iBEC/iBSS files and probably 3.1 files for everything else and then exploiting the vulnerable iBSS in order to allow you to load a custom pre-jailbroken firmware. This is not going to get you back to 3.0.

  2. #82
    Quote Originally Posted by chinaa108 View Post
    hi a quick question i read somewhere that within one of these files you can find your ecid number, where is it and how can i get it?

    the errors i get are:

    C:UsersiphoneDesktopSHSH_Tool.Build3>shsh_tool.exe -tmpfiles c:/users/chint
    an/desktop/shsh.tmp/perbpf4.tmp -output c:/users/iphone/desktop/01.shsh
    Operating in 3.0 Mode
    Reading IPSW Manifest File...
    Found Manifest Files:
    - Key: AppleLogo [Digest: QAAAADgdAACl9/Hr04uQMR6Jr7pX8UInUnEoKA==]
    - Key: BatteryCharging [Digest: QAAAADhHAACqYV/La3TahgUWPEoriCD0ihj8cQ==]
    - Key: BatteryCharging0 [Digest: QAAAALhEAAD0jN9cTCXlGeLIHl9zoSujK6IReA==]
    - Key: BatteryCharging1 [Digest: QAAAAPhYAAADzc0E4UGku60PLueuWJuAavaj3Q==]
    - Key: BatteryFull [Digest: QAAAAPggAQDlTu4etE9Hyqd53SfUabSUMQKveg==]
    - Key: BatteryLow0 [Digest: QAAAAHjVAAB3neUXu+AZDukKBMXTWAe6Fp1xTA==]
    - Key: BatteryLow1 [Digest: QAAAAPj2AAAAhdT0Dah967fFlitKxFuG1UXcvw==]
    - Key: BatteryPlugin [Digest: QAAAADhDAAAjiTnnqWZwxykMPlXw4tnObaJ1CQ==]
    - Key: DeviceTree [Digest: QAAAAHinAAA7P+D5ybJAvPXdRtUobDSLgoIFxg==]
    - Key: KernelCache [Digest: QAAAAHidRwAltMOQ6wzPJKxGr/Dt0WimnI4Jkg==]
    - Key: LLB [Digest: QAAAAPgAAQDYvJMWj1lAnuV6KOWG2Pw3Gsc2EQ==]
    - Key: NeedService [Digest: QAAAALhHAAAs6oR8k6a1FrNLnQ4RGT3ztMyRKw==]
    - Key: RecoveryMode [Digest: QAAAALiyAAAVdGhCcgJizRvKkJLjXWbaaTx+Ig==]
    - Key: RestoreDeviceTree [Digest: QAAAAHinAAA7P+D5ybJAvPXdRtUobDSLgoIFxg==]
    - Key: RestoreKernelCache [Digest: QAAAAHidRwAltMOQ6wzPJKxGr/Dt0WimnI4Jkg==]
    - Key: RestoreLogo [Digest: QAAAADgdAACl9/Hr04uQMR6Jr7pX8UInUnEoKA==]
    - Key: RestoreRamDisk [Digest: QAAAAPjwwgBIAM3nYNCnt2z33+HaQIMJMp9ePw==]
    - Key: iBEC [Digest: QAAAAPiQAQC9Ty8vP15P2iU3qkF4b8wfSo18FA==]
    - Key: iBSS [Digest: QAAAAPiQAQCcdhu1hCyHWHAez39TmafGGpj00g==]
    - Key: iBoot [Digest: QAAAAPiwAgBzNM32ZeCYkQ+JfYMFXusQQo3TOQ==]
    - Key: RestoreRamDisk [Digest: QAAAAPjQwgCnlxrq+5w91+90VitZeWIoPtJj0A==]
    Processing TMP files...
    - Firmware/all_flash/all_flash.n88ap.production/applelogo.s5l8920x.img3
    - ERROR: Magic string not found! (DICE@)
    Verifying BLOB Data...
    - ERROR: Invalid signed data for Firmware/all_flash/all_flash.n88ap.production/
    applelogo.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/glyph
    charging.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/batte
    rycharging0.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/batte
    rycharging1.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/batte
    ryfull.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/batte
    rylow0.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/batte
    rylow1.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/glyph
    plugin.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/Devic
    eTree.n88ap.img3
    - ERROR: File not found for kernelcache.release.s5l8920x
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/LLB.n
    88ap.RELEASE.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/needs
    ervice.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/recov
    erymode.s5l8920x.img3
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/Devic
    eTree.n88ap.img3
    - ERROR: File not found for kernelcache.release.s5l8920x
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/apple
    logo.s5l8920x.img3
    - ERROR: File not found for 018-5306-002.dmg
    - ERROR: File not found for Firmware/dfu/iBEC.n88ap.RELEASE.dfu
    - ERROR: File not found for Firmware/dfu/iBSS.n88ap.RELEASE.dfu
    - ERROR: File not found for Firmware/all_flash/all_flash.n88ap.production/iBoot
    .n88ap.RELEASE.img3
    There were errors while trying to create SHSH file.
    Complete.

    C:UsersiphoneDesktopSHSH_Tool.Build3>
    Quote Originally Posted by TheHeadFL View Post
    That means that file you have there isn't signed. Where did you get it from?
    i got these files from my external HD, please tell me which files are wrong and i have four different manifest files if the one im using is wrong. also is it possible to get my ecid number from one of these files just the number not the hash file

  3. #83
    Quote Originally Posted by chinaa108 View Post
    i got these files from my external HD, please tell me which files are wrong and i have four different manifest files if the one im using is wrong. also is it possible to get my ecid number from one of these files just the number not the hash file
    It tells you right there what file is wrong... your applelogo file is missing a signature.

    Also, you should be pointing the tool one directory higher than the Per####.tmp files...

    Your command line should be:

    shsh_tool.exe -tmpfiles c:/users/chintan/desktop/shsh.tmp -output c:/users/iphone/desktop/01.shsh

  4. #84
    Ok I changed the Applelogo file to another I have now all files read as file not found and I went up one directory should I just give up or try another manifest file

    NOTE: when i delete applelogo and not replace it and start program it shows another file as invalid and the rest as not found, if i delete that and not replace it, program shows another file as invalid and other not found, Repeat as you carry on deleting, is that a programmed output or are all the files invalid?
    sorry but im learning here as well. Thanks
    Last edited by chinaa108; 2009-10-07 at 10:00 PM.

  5. #85
    when you first got your ibec+ibss.
    there are 2 PER**.tmp directories created one for each (restore and dfu)
    You need both for it to work and both has to be correct.
    Otherwise it will not work.
    Last edited by dtube; 2009-10-07 at 10:57 PM.

  6. #86
    Quote Originally Posted by chinaa108 View Post
    Ok I changed the Applelogo file to another I have now all files read as file not found and I went up one directory should I just give up or try another manifest file

    NOTE: when i delete applelogo and not replace it and start program it shows another file as invalid and the rest as not found, if i delete that and not replace it, program shows another file as invalid and other not found, Repeat as you carry on deleting, is that a programmed output or are all the files invalid?
    sorry but im learning here as well. Thanks
    Once the tool finds an invalid file (as in, the file exists, but does not contain a certificate... meaning the 'DICE@' error) it quits looking for other files.

    Just rename the invalid file and see if it proceeds.

    It is possible that none of your files are signed. If that is the case, I don't know why. That is what the 'DICE@' error means though.

  7. #87
    Quote Originally Posted by TheHeadFL View Post
    Look, I'm not going to debate this because it is a simple matter of fact. I can't stop you from continuing to believe that what you are proposing is possible.

    All I am telling you is that I have a fairly complete understanding of the code signing process (as evidenced by the fact that I was able to implement this tool and that it works) and based on how this process works, what you are hoping to achieve is not realistically possible.

    However, I urge to you to create an SHSH with just your iBSS and iBEC files and 'fake' hashes for the rest to prove to yourself what will happen. (It won't work, this has already been tried)

    As I've said before, the only avenue is creating a custom firmware with valid signed iBEC/iBSS files and probably 3.1 files for everything else and then exploiting the vulnerable iBSS in order to allow you to load a custom pre-jailbroken firmware. This is not going to get you back to 3.0.
    Im not trying to prove anything here. You created the tool, thats why Im asking you, not other guy. The only reason I asked you all those question, is because id like to fully understand the process. But as you said, we dont need to debate here anymore. Its impossible, then its impossible, was just trying to see if I could find something.
    Thanks a lot anyway,
    Abras

  8. #88
    UPDATE: Bug fix

    Alright everyone, I think I fixed a bug. If you were getting 'DICE@' errors, this was because I incorrectly assumed that the start of the certificate was marked by the token 'DICE@'.

    It turns out that this was incorrect. I've just seen a valid certificate which begins with just 'DICE'. Therefore I have updated the tool to look for the correct token. Sorry for the inconvenience.

    This means that if you were seeing 'DICE@' errors, please re-run with the latest version of the tool. (Refer to main post)

    (Technical note: I should have known anyway. To get to the ECID from the beginning of the certificate you have to skip 12 bytes. Previously when I assumed it was 'DICE@' that meant read 5, skip 7, then read the ECID. 5 and 7 are 'odd' numbers in terms of file offsets. Using 'DICE' instead means that the 8 bytes following the token are most likely 2 32-bit integers or 1 64-bit integer. The ECID is stored as a 64-bit integer across 8 bytes.)

  9. The Following User Says Thank You to TheHeadFL For This Useful Post:

    chinaa108 (2009-10-08)

  10. #89
    I can confirm that new build (bug fix) in post above is working correctly.
    Thank you for taking the time to sort it out. Greatly appreciated.
    And thanks for the technical note, it makes sense.
    Last edited by dtube; 2009-10-08 at 05:51 AM.

  11. #90
    I have a crazy problem with this prog......ok let me list my folders and sub folders. See if this is right. This came from IBEC grabber and im on a 3GS with factory 3.0....=-)

    PerCA3.tmp (the ONLY .tmp folder is have)
    Firmware (folder) and Restore.plist (both of thse inside PerCA3.tmp)

    Inside Firmware i have
    all_flash and dfu (both of these are folders)

    Inside all_flash i have
    all_flash.n88ap.production...inside this folder i have a file named manifest

    Inside the DFU folder i have my IBEC and IBSS files

    Can anyone confirm this to be right......Sorry but this is exactly how IBEC grabber gave it to me....Thanks

    I am getting the same errors as Chinaa108.

  12. #91
    Quote Originally Posted by l0k0 View Post
    I have a crazy problem with this prog......ok let me list my folders and sub folders. See if this is right. This came from IBEC grabber and im on a 3GS with factory 3.0....=-)

    PerCA3.tmp (the ONLY .tmp folder is have)
    Firmware (folder) and Restore.plist (both of thse inside PerCA3.tmp)

    Inside Firmware i have
    all_flash and dfu (both of these are folders)

    Inside all_flash i have
    all_flash.n88ap.production...inside this folder i have a file named manifest

    Inside the DFU folder i have my IBEC and IBSS files

    Can anyone confirm this to be right......Sorry but this is exactly how IBEC grabber gave it to me....Thanks

    I am getting the same errors as Chinaa108.
    I have the same problem only two folders but only a few files and that just doesn't work so to be honest I don't think it will work for you. Sorry but just wait for geo hot or geenpoison in the mean time whatever you don't update or mess with your phone cause 3.1.2 is out and you'll be screwed. Call it a day use 3.1 for now and don't go anywhere near iTunes. Than you to the theheadfl for a great tool too bad it didn't work for me!

  13. #92
    Quote Originally Posted by sw1tch View Post
    I'm also awaiting this iBSS-only method. Currently i'm stuck with official 3.1 and all i have is iBSS and iBEC from 3.0. All i need is JB 3.1, dont care for 3.0 so i guess this might save me

    Did Dev Team actually say capture entire folder and not only iBEC iBSS back then?
    They said to just get iBEC and iBSS. I made a detailed tutorial on how to do this so people could get those files. It would be nice if we could make use of them.

  14. #93
    Quote Originally Posted by chinaa108 View Post
    I have the same problem only two folders but only a few files and that just doesn't work so to be honest I don't think it will work for you. Sorry but just wait for geo hot or geenpoison in the mean time whatever you don't update or mess with your phone cause 3.1.2 is out and you'll be screwed. Call it a day use 3.1 for now and don't go anywhere near iTunes. Than you to the theheadfl for a great tool too bad it didn't work for me!

    I'm still on my JB 3.0, so trust me i dont plan on going anywhere near the itunes.exe, LMAO. I was just trying some new things, and figured i'd give it a shot. I see it didnt work on me, so for now imma play safe and stay with my 3.0

  15. #94
    Is it not pssible to make the hash files with some files missing and also does your ecid number change with every update, if not how does umbrella know that I'm 3.1 and not 3.0 where does it get it's info and can we not cheat it
    also I have other files with the same names from different dates can I not use those files, when I try it says invalid signed files us there any way to copy the apple signatures from applelogo( which works) for example and copy it to batteryfull which gives me and invalid error
    Last edited by chinaa108; 2009-10-09 at 08:56 AM.

  16. #95
    The ECID is the same. It is an identifier for your specific phone. Kinda like a serial number. Umbrella gets the signatures from apple. Can't cheat it cuz it can only request a signature based on ECID, and apple responds with a signature for what they consider "valid" firmware. If you had someone else's ECID, you can use umbrella to generate blobs based on that ECID, but you can't use those blobs to restore your phone, as the signatures are based off the ECID.

    Easy way to say it. ECID = locked to specific phone. signatures = locked to ECID = locked to specific phone for specific firmware

  17. #96
    Quote Originally Posted by TheHeadFL View Post
    Unfortunately, when you saved those files you were unable to capture the iBSS file, which is the most 'elusive' one.

    You can only get that file during a DFU restore.

    The fact that you are on file with Cydia doesn't have anything to do with whether your iBSS file was generated. If you were on file with Cydia, however, it is possible to reconstruct your iBSS file from the SHSH file. It would be pointless for you, though, since you already have an SHSH.

    Well, as I mentioned in my earlier post, I have multiple 3GS.
    Ok, the white 3GS I have, comes with the following files (as per the attached pic).
    Why and what do you mean I do NOT have the iBSS file, while in
    my subdirectory here you can see the iBss file is there?
    THx.
    Buang
    Attached Thumbnails Attached Thumbnails -ibec-ibss-white-3gs.png  

  18. #97
    first want to give an immense Thanks to HeadFL for this tool. I was about to give up hope that a tool would be coming out for those that saved our tmp files but weren't in cydia.

    I ran the tool and it said it successfully created my SHSH file. I'm currently on 3.0. I've been having terrible battery life on my phone(I can't even make it through a day, 4-5 hours tops, i'll lose several % just writing an email while on wifi) so I wanted to restore it back to stock 3.0 to see if my battery life is a software or hardware issue.
    My question is if I start this restore process using Tiny and itunes with the 00.SHSH file, if it fails will I be forced to restore to 3.1 to get a working phone again or will I be able to just reboot and the phone will be back like nothing had happen?
    or perhaps I can use a pwnage created 3.1 ipsw file to put on my phone as a worst case scenario?

    Thanks for this tool, as it looks to be a life saver for me as this battery problem is killing me. I've looked at previous post and most always say "restore and see if that fixes it" but I've been stuck in this limbo of not being able to restore until the 3.1 pwnagetool came out but I'm not seeing any reason to upgrade to 3.1.

  19. #98
    Quote Originally Posted by tentacle View Post
    first want to give an immense Thanks to HeadFL for this tool. I was about to give up hope that a tool would be coming out for those that saved our tmp files but weren't in cydia.

    I ran the tool and it said it successfully created my SHSH file. I'm currently on 3.0. I've been having terrible battery life on my phone(I can't even make it through a day, 4-5 hours tops, i'll lose several % just writing an email while on wifi) so I wanted to restore it back to stock 3.0 to see if my battery life is a software or hardware issue.
    My question is if I start this restore process using Tiny and itunes with the 00.SHSH file, if it fails will I be forced to restore to 3.1 to get a working phone again or will I be able to just reboot and the phone will be back like nothing had happen?
    or perhaps I can use a pwnage created 3.1 ipsw file to put on my phone as a worst case scenario?

    Thanks for this tool, as it looks to be a life saver for me as this battery problem is killing me. I've looked at previous post and most always say "restore and see if that fixes it" but I've been stuck in this limbo of not being able to restore until the 3.1 pwnagetool came out but I'm not seeing any reason to upgrade to 3.1.
    If it fails, you probably won't lose anything at all. It will reject the restore operation, error out, and the phone should reboot back normally.

    Worst case, yes, you can restore to a custom PwnageTool IPSW.

    Quote Originally Posted by buangsampah2003 View Post
    Well, as I mentioned in my earlier post, I have multiple 3GS.
    Ok, the white 3GS I have, comes with the following files (as per the attached pic).
    Why and what do you mean I do NOT have the iBSS file, while in
    my subdirectory here you can see the iBss file is there?
    THx.
    Buang
    It only looks in folders that begin with Per and end with .tmp.

    Your folder there is renamed Per###.tmp(First folder that comes up)

    It won't search that folder. Remove the text from the end.
    Last edited by TheHeadFL; 2009-10-10 at 05:32 AM. Reason: Automerged Doublepost

  20. #99
    [QUOTE MegaGoo]good catch. i modified my post. i did not realize these files were only generated when apple was signing 3.0. i figured they could be obtained at any time during a 3.0 restore[/QUOTE]


    Today I read a comment in a RECENT jb tutorial, in which it was advised "you can do a 3.0.1 restore when JB get stuck, itunes doesnt have problems with restoring."
    Since I am currently still using the fw3.0.1, this means that I can still restore my device and remain at 3.0.1. The advice is correct?? But considering the above-stated comment by MegaGoo and TheHeadFL, my initial understanding was Itunes stopped signing the IBEC/IBSS files, and that means I cannot remain at 3.0.1 when I do a restore.

    But now I reckon I dont quite understand the difference between a restore before and after 9/9/09. I am guessing, has itunes hidden the IBEC/IBSS files from us to copy when doing a restore after 9/9 or what?

    Just a question from a curious noob. Although I have done my re-readings I am a bit confused. Thank you for making things clear!

  21. #100
    Quote Originally Posted by chiron View Post
    Today I read a comment in a RECENT jb tutorial, in which it was advised "you can do a 3.0.1 restore when JB get stuck, itunes doesnt have problems with restoring."
    Since I am currently still using the fw3.0.1, this means that I can still restore my device and remain at 3.0.1. The advice is correct?? But considering the above-stated comment by MegaGoo and TheHeadFL, my initial understanding was Itunes stopped signing the IBEC/IBSS files, and that means I cannot remain at 3.0.1 when I do a restore.

    But now I reckon I dont quite understand the difference between a restore before and after 9/9/09. I am guessing, has itunes hidden the IBEC/IBSS files from us to copy when doing a restore after 9/9 or what?

    Just a question from a curious noob. Although I have done my re-readings I am a bit confused. Thank you for making things clear!
    The only thing that makes sense to me is that the comment you are referring to has to be referring to a 3G. You cannot restore a 3G[S] to 3.0/3.0.1 in iTunes without having 3.0/3.0.1 ECID SHSH blobs.

Page 5 of 6 FirstFirst ... 3456 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •