The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "SHSH"
m (→Timeline: Being consistent.) |
m (→Timeline) |
||
Line 446: | Line 446: | ||
|} |
|} |
||
− | Note: iPhone 2G |
+ | Note: iPhone 2G and iPod touch 1G don't use SHSH Blobs |
== Protocol == |
== Protocol == |
Revision as of 11:33, 24 July 2013
0x80 byte RSA signature of a firmware image.
This often also refers to the backup file with the signature ("SHSH blobs"). This signature is needed to restore a specific iOS version; it is generated by Apple based on hardware keys of the device and the hash of the firmware. Apple only issues signatures for the currently-available iOS version, which disallows installing older iOS versions. But if you have saved signatures for an older iOS version, you can use a replay attack to restore that version. Therefore it is recommended to save the signature for your device as long as Apple issues it.
With the tools mentioned below it is possible to backup the signature. It is not necessary that the device is jailbroken to do the backup. Usually the SHSH signature file is stored on Saurik's server. If it is stored there, then you can see in the top of Cydia (on jailbroken devices) for which version a backup exists.
Users often misunderstand this system and think that the SHSH firmware version they back up depends on the firmware version they have installed on their device. This is the case for iFaith, but not for TinyUmbrella. iFaith dumps the SHSHs from your device's storage (whatever's installed on your device, e.g. 4.3.3), while TinyUmbrella gets SHSHs from Apple's servers (whatever firmwares Apple is currently signing).
Using SHSH
Older devices allow installation of any correctly signed firmware, so no backup of the certificate is necessary. Devices that need Apple signatures are: iPhone 3GS New Bootrom, iPhone 4, iPod touch 3G, iPad, iPad 2, iPod touch 4G, Apple TV 2G and all newer devices. The iPhone 3G, iPhone 3GS Old Bootrom and iPod touch 2G bootroms do not require these SHSHs; however, newer versions of iOS require them (unless the chain of trust is broken and custom firmwares are installed). To restore to arbitrary versions of iOS 4.0, the SHSH is also needed for the iPod touch 2G and iPhone 3G. not only does DFU Mode require the iBSS/iBEC files to be signed with an SHSH that includes the device's ECID, but the normal boot-chain requires the LLB to be fully signed with an ECID+SHSH, so a downgrade IPSW is not possible without a bootrom exploit of normal boot-chain (e.g. 0x24000 Segment Overflow). See also the Dev Team Blog post about this.
To restore to iOS 3.x or 4.x, change your hosts file to map any request to an Apple server to point to Saurik's server instead, if your device's signatures are hosted there. If you have the signature file on your computer, run TinyUmbrella's TSS Server on your local machine.
Since the limera1n Exploit is fixed in the bootrom since version Bootrom 838.3 and because iOS since 5.0 includes a nonce in their SHSH hashes, downgrading newer devices (iPhone 4S, iPad 2, iPad 3, Apple TV 3G) to earlier 5.x firmwares is not as simple. To restore to iOS 5.x on older devices, stitch iOS 5.x blobs into custom firmware (using redsn0w for example) and restore with that firmware. To restore to iOS 5.x on newer devices, use redsn0w's restore method. See the JailbreakQA guide to restoring to iOS 5.x using SHSH blobs (for all devices that can run iOS 5.x except Apple TV 3G).
Timeline
iOS | For Device(s) | From | Until | Status |
---|---|---|---|---|
3.0 | iPhone 3GS | 19 June 2009 | 09 September 2009 | Closed |
3.0.1 | 31 July 2009 | 09 September 2009 | Closed | |
3.1 | 09 September 2009 | 08 October 2009 | Closed | |
3.1.1 | iPod touch 2G | 09 September 2009 | 21 June 2010 | Closed |
iPod touch 3G | 09 September 2009 | 08 October 2009 | Closed | |
3.1.2 | iPod touch 2G | 08 October 2009 | 21 June 2010 | Closed |
iPhone 3GS, iPod touch 3G | 08 October 2009 | 02 February 2010 | Closed | |
3.1.3 | iPod touch 2G | 02 February 2010 | 21 June 2010 | Closed |
iPhone 3GS, iPod touch 3G | 02 February 2010 | 21 June 2010 | Closed | |
3.2 | iPad | 03 April 2010 | 15 July 2010 | Closed |
3.2.1 | 15 July 2010 | 19 August 2010 | Closed | |
3.2.2 | 11 August 2010 | 02 December 2010 (?) | Closed | |
4.0 | iPod touch 2G | 21 June 2010 | 09 September 2010 | Closed |
iPod touch 3G | 21 June 2010 | 19 August 2010 | Closed | |
iPhone 3G, iPhone 3GS | 21 June 2010 | 15 July 2010 | Closed | |
iPhone 4 GSM | 24 June 2010 | 15 July 2010 | Closed | |
4.0.1 | iPhone 3G | 15 July 2010 | 09 September 2010 | Closed |
iPhone 3GS, iPhone 4 GSM | 15 July 2010 | 19 August 2010 | Closed | |
4.0.2 | iPhone 3G, iPod touch 2G | 11 August 2010 | 18 September 2010 | Closed |
iPhone 3GS, iPhone 4 GSM, iPod touch 3G | 11 August 2010 | 09 September 2010 | Closed | |
4.1 | iPhone 3G, iPhone 3GS, iPod touch 2G, iPod touch 3G | 08 September 2010 | - | Open |
iPhone 4 GSM, iPod touch 4G | 08 September 2010 | 02 December 2010 (?) | Closed | |
Template:Nowrap | Apple TV 2G | 29 September 2010 | 02 December 2010 (?) | Closed |
Template:Nowrap | 22 November 2010 | 14 December 2010 | Closed | |
4.2.1 | iPad, iPhone 3GS, iPhone 4 GSM, iPod touch 3G, iPod touch 4G | 22 November 2010 | 11 March 2011 | Closed |
iPhone 3G, iPod touch 2G | 22 November 2010 | - | Open | |
Template:Nowrap | Apple TV 2G | 14 December 2010 | 28 May 2011 (?) | Closed |
4.2.5 | iPhone 4 CDMA | 11 January 2011 | closed before product release | Closed |
4.2.6 | 01 February 2011 | 19 April 2011 (?) | Closed | |
4.2.7 | 14 April 2011 | 6 May 2011 | Closed | |
4.2.8 | 4 May 2011 | 18 July 2011 | Closed | |
4.2.9 | 15 July 2011 | 27 July 2011 | Closed | |
4.2.10 | 25 July 2011 | 18 October 2011 | Closed | |
4.3 | iPad, iPad 2, iPhone 3GS, iPhone 4 GSM, iPod touch 3G, iPod touch 4G | 09 March 2011 | 27 March 2011 (?) | Closed |
Template:Nowrap | Apple TV 2G | 09 March 2011 | 22 March 2011 (?) | Closed |
Template:Nowrap | 22 March 2011 | 28 May 2011 (?) | Closed | |
Template:Nowrap | 11 May 2011 | 18 October 2011 (?) | Closed | |
4.3 | 01 August 2011 | ? | Closed | |
4.3.1 | iPad, iPad 2, iPhone 3GS, iPhone 4 GSM, iPod touch 3G, iPod touch 4G | 25 March 2011 | 19 April 2011 (?) | Closed |
4.3.2 | 14 April 2011 | 06 May 2011 | Closed | |
4.3.3 | 04 May 2011 | 18 July 2011 | Closed | |
4.3.4 | 15 July 2011 | 27 July 2011 | Closed | |
4.3.5 | 25 July 2011 | 18 October 2011 | Closed | |
4.4 | Apple TV 2G | 04 October 2011 | ? | Closed |
4.4.1 | 17 October 2011 | ? | Closed | |
4.4.2 | 24 October 2011 | 11 January 2012(?) | Closed | |
4.4.3 | 17 November 2011 | 11 January 2012(?) | Closed | |
4.4.4 | 15 December 2011 | 08 March 2012 | Closed | |
5.0 | iPad, iPad 2, iPhone 3GS, iPhone 4, iPod touch 3G, iPod touch 4G | 04 October 2011 | 10 November 2011(?) | Closed |
iPhone 4S | 14 October 2011 | 10 November 2011(?) | Closed | |
5.0 | Apple TV 2G, Apple TV 3G | 07 March 2012 | 14 May 2012 | Closed |
5.0.1 | iPad, iPad 2, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3G, iPod touch 4G | 09 November 2011 | 08 March 2012 | Closed |
5.1 | iPad, iPad 2, iPad 3, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3G, iPod touch 4G | 07 March 2012 | 14 May 2012 | Closed |
5.1.1 | iPad 2, iPad 3, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 4G | 07 May 2012 | 21 Sep 2012 | Closed |
iPad, iPod touch 3G | 07 May 2012 | - | Open | |
5.0.1 | Apple TV 2G, Apple TV 3G | 10 May 2012 | ?? June 2012 | Closed |
5.0.2 | 05 June 2012 | 20 March 2013 | Closed | |
6.0 | iPad 2, iPad 3, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G, iPod touch 5G | 19 September 2012 | 01 November 2012 | Closed |
5.1 | Apple TV 2G, Apple TV 3G | 24 September 2012 | 20 March 2013 | Closed |
6.0 | iPad 4 (Wi-Fi model), iPad mini 1G (Wi-Fi model) | 30 October 2012 | 01 November 2012 | Closed |
6.0.1 | iPad 2, iPad 3, iPad 4 (Wi-Fi model), iPad mini 1G (Wi-Fi model), iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 4G | 01 November 2012 | 28 January 2013 | Closed |
iPod touch 5G | 01 November 2012 | 29 January 2013 | Closed | |
iPad 4 (GSM model), iPad 4 (Global model), iPad mini 1G (GSM model), iPad mini 1G (Global model) | 09 November 2012 | 28 January 2013 | Closed | |
iPad mini 1G, iPhone 5 | 01 November 2012 | 08 January 2013 | Closed | |
5.1.1 | Apple TV 2G, Apple TV 3G | 26 November 2012 | 20 March 2013 | Closed |
6.0.2 | iPad mini 1G, iPhone 5 | 18 December 2012 | 28 January 2013 | Closed |
6.1 | iPad 2, iPad 3, iPad 4, iPad mini 1G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 5G | 28 January 2013 | 19 February 2013 | Closed |
iPad mini 1G GSM, iPod touch 4G | 28 January 2013 | 20 March 2013 | Closed | |
5.2 | Apple TV 2G, Apple TV 3G | 28 January 2013 | 20 March 2013 | Closed |
6.1.1 | iPhone 4S | 11 February 2013 | 19 February 2013 | Closed |
6.1.2 | iPad 2, iPad 3, iPad 4, iPad mini 1G iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPod touch 4G | 19 February 2013 | 19 March 2013 | Closed |
iPod touch 5G | 19 February 2013 | 20 March 2013 | Closed | |
6.1.3 | iPad 2, iPad 3, iPad 4, iPad mini 1G, iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 4G, iPod touch 5G | 19 March 2013 | - | Open |
5.2.1 | Apple TV 2G, Apple TV 3G | 19 March 2013 | 20 June 2013 | Closed |
6.1.3 | iPhone 5 | 19 March 2013 | 02 May 2013 | Closed |
6.1.4 | 02 May 2013 | - | Open | |
5.3 | Apple TV 2G, Apple TV 3G | 19 June 2013 | - | Open |
Note: iPhone 2G and iPod touch 1G don't use SHSH Blobs
Protocol
To request a SHSH blob from Apple, a simple HTTP request can be made. For a full description, please see the separate article SHSH Protocol and Baseband SHSH Protocol.
Links and Tools
- Redsn0w
- TinyUmbrella (Java needed)
- Detailed background info from Saurik