| The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. | 
Difference between revisions of "Bluefreeze"
| m | m | ||
| (25 intermediate revisions by 11 users not shown) | |||
| Line 1: | Line 1: | ||
| + | [[iFaith]] has a protection that you don't use it on the wrong firmware to protect you. '''Bluefreeze''', a tool written by a group called The Private Dev Team, modifies the firmware version (and firmware checksum) in the iFaith certificate file, so that this check gets disabled. By doing so, you can install any firmware version on your device, even without having saved the [[SHSH]] files. The problem by doing so is that you actually install a firmware without signatures, with all consequences. This is what is known as a [[Tethered Downgrade]]. | ||
| − | '''Bluefreeze''' is a tethered downgrade solution by a group called the Private Dev Team. It claims to allow the downgrade of a device to [[iOS]] 4.3, 4.3.5, or 5.0 from 5.0.1 without [[SHSH]] blobs saved via [[TinyUmbrella]] or [[iFaith]]. iDevices that are supported are iPhone 3GS, iPod touch 3G, and all [[S5L8930|A4]] devices. | ||
| + | Bluefreeze asks you to build and browse to two ipsw's one signed properly and one not signed. Then Bluefreeze swaps the properly signed img3 files in the properly signed firmware file with the incorrectly signed img3 files in the unsigned ipsw thus resulting in an ipsw file with properly signed img3 files. This firmware file is used for the downgrade. | ||
| − | == Download == | ||
| − | * [http://www.mediafire.com/?02y3bl3by41aaa3 Windows] | ||
| + | Having an incorrectly signed firmware installed won't let you boot of course. But because the limera1n exploit ignores incorrect signatures we can use the limera1n exploit (DFU mode, then using redsn0w) to boot up your device. The problem is only that you have to repeat this every time (similar to a tethered jailbreak), so it's not a downgrade you would want. This should be your last resort, and only if you absolutely need a downgrade. | ||
| − | == Usage == | ||
| + | |||
| − | * Step 1: Use [[iFaith]] to get an iOS 5.0.1 [[SHSH]] blob | ||
| + | This way a downgrade to [[iOS]] 4.3, 4.3.5, or 5.0 from 5.0.1 is possible. Supported devices are iPhone 3GS, iPod touch (3rd generation), and all [[S5L8930|A4]] devices. | ||
| − | * Step 2: Open the [[iFaith]] SHSH file. Bluefreeze will change md5 and iOS version. For example, if downgrading to iOS 5.0 on an iPod touch 3G from iOS 5.0.1: | ||
| − |  <ios>5.0.1 (9A405)</ios> -> <ios>5.0 (9A433)</ios> | ||
| − |  <ipsw_md5>c13c14abcde18bbdb7d70c8563f56ac1</ipsw_md5> -> <ipsw_md5>989b8327acab76e7632443a0e179250c</ipsw_md5> | ||
| − | * Step 3: Save the modified file, and use it to build an iOS 5.0 custom firmware. Even though the firmware has fake shsh blobs on it, iTunes will still accept it. (iREB will be used to bypass error 16XX) | ||
| − | * Step 4: Since there are no shsh blobs present the device will boot up into DFU mode. A bootrom exploit, known as Limera1n, will be used to bypass Apple's blob checker per se. (Tool used: redsn0w) | ||
| − | * Step 5: Device will boot up, and one will have a tethered downgrade. | ||
| + | Installing a firmware version using this method (without valid SHSH blobs) is incompatible with an untethered jailbreak. Each time the device boots, the bootrom validates the SHSH blobs for LLB, LLB for iBoot, and so on. Therefore, the image validation function must be patched or bypassed with an appropriate bootrom exploit payload on every boot or the device will be forced into DFU mode. | ||
| − | == Warning == | ||
| + | |||
| − | It is highly suggested that you jailbreak your device after you accomplish this process and install a Cydia tweak known as Prevent Sleep. If you do not do so you run the risk of having your device randomly go into DFU mode. (if this tweak is installed this issue will go away). | ||
| + | == Purpose == | ||
| + | With this method you can install a firmware for which you don't have [[SHSH]] saved for some tests, for example if you're a software developer and need to do some tests on a specific version. | ||
| + | |||
| + | == Related == | ||
| + | * [[Firmware downgrading]] | ||
| + | * [[Tethered Downgrade]] | ||
| + | |||
| + | == Download == | ||
| + | * [http://www.mediafire.com/?9olh9qd8v1q4xm7 Windows] | ||
| == External Links == | == External Links == | ||
| * [https://github.com/ThePrivateDevTeam/Bluefreeze GitHub] | * [https://github.com/ThePrivateDevTeam/Bluefreeze GitHub] | ||
| − | * [http:// | + | * [http://www.youtube.com/watch?v=UpZKxqLqK7A Guide] | 
| + | * [http://bluefreeze.weebly.com/index.html Home Page] | ||
| [[Category:GUI Tools]] | [[Category:GUI Tools]] | ||
Latest revision as of 10:03, 26 March 2017
iFaith has a protection that you don't use it on the wrong firmware to protect you. Bluefreeze, a tool written by a group called The Private Dev Team, modifies the firmware version (and firmware checksum) in the iFaith certificate file, so that this check gets disabled. By doing so, you can install any firmware version on your device, even without having saved the SHSH files. The problem by doing so is that you actually install a firmware without signatures, with all consequences. This is what is known as a Tethered Downgrade.
Bluefreeze asks you to build and browse to two ipsw's one signed properly and one not signed. Then Bluefreeze swaps the properly signed img3 files in the properly signed firmware file with the incorrectly signed img3 files in the unsigned ipsw thus resulting in an ipsw file with properly signed img3 files. This firmware file is used for the downgrade.
Having an incorrectly signed firmware installed won't let you boot of course. But because the limera1n exploit ignores incorrect signatures we can use the limera1n exploit (DFU mode, then using redsn0w) to boot up your device. The problem is only that you have to repeat this every time (similar to a tethered jailbreak), so it's not a downgrade you would want. This should be your last resort, and only if you absolutely need a downgrade.
This way a downgrade to iOS 4.3, 4.3.5, or 5.0 from 5.0.1 is possible. Supported devices are iPhone 3GS, iPod touch (3rd generation), and all A4 devices.
Installing a firmware version using this method (without valid SHSH blobs) is incompatible with an untethered jailbreak. Each time the device boots, the bootrom validates the SHSH blobs for LLB, LLB for iBoot, and so on. Therefore, the image validation function must be patched or bypassed with an appropriate bootrom exploit payload on every boot or the device will be forced into DFU mode.
Contents
Purpose
With this method you can install a firmware for which you don't have SHSH saved for some tests, for example if you're a software developer and need to do some tests on a specific version.
